| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cast t to unsigned long and use the %lu format specifier instead of %zd.
This is more portable to 32-bit arches, avoiding the following compiler
error:
snippets/time.c:2:31: error: format ‘%zd’ expects argument of type ‘signed size_t’, but argument 3 has type ‘time_t’ {aka ‘long int’} [-Werror=format=]
2 | printf("[%s] time() yielded %zd\n", where, t);
| ~~^ ~
| | |
| int time_t {aka long int}
| %ld
cc1: all warnings being treated as errors
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a long-running program that we want to run under sanitizers for
extra error checking and under faketime to speed up the clock. This
program hangs after a while. Backtraces suggest that the hangs occur
because of recursion in the memory allocator, which apparently locks a
non-recursive mutex.
Specifically, what we see is that due to our use of FAKETIME_NO_CACHE=1,
libfaketime wants to reload the config file inside a (random) call to
clock_gettime(). libfaketime then uses fopen() / fclose() for reading
the config files. These function allocate / free a buffer for reading
data and specifically the call to free() that happens inside fclose()
ends up calling clock_gettime() again. At this point, libfaketime locks
up because it has a time_mutex that is locked and none-recursive.
Sadly, I did not manage to come up with a stand-alone reproducer for
this problem. Also, the above description is from memory after half a
week of vacation, so it might be (partially) wrong.
More information can be found here:
- https://github.com/wolfcw/libfaketime/issues/365#issuecomment-1115802530
- https://github.com/wolfcw/libfaketime/issues/365#issuecomment-1116178907
This commit first adds a test case. This new test uses the already
existing libmallocintercept.so to cause calls to clock_gettime() during
memory allocation routines. The difference to the already existing
version is that additionally FAKETIME_NO_CACHE and
FAKETIME_TIMESTAMP_FILE are set. This new test hung with its last output
suggesting a recursive call to malloc:
Called malloc() from libmallocintercept...successfully
Called free() on from libmallocintercept...successfully
Called malloc() from libmallocintercept...Called malloc() from libmallocintercept...
Sadly, gdb was unable to provide a meaningful backtrace for this hang.
Next, I replaced the use of fopen()/fgets()/fgets() with
open()/read()/close(). This code no longer reads the config file
line-by-line, but instead it reads all of it at once and then "filters
out" the result (ignores comment lines, removes end of line markers).
I tried to keep the behaviour of the code the same, but I know at least
one difference: Previously, the config file was read line-by-line and
lines that began with a comment character were immediately ignored. The
new code only reads the config once and then removes comment lines.
Since the buffer that is used contains only 256 characters, it is
possible that config files that were previously parsed correctly now
longer parse. A specific example: if a file begins with 500 '#'
characters in its first line and then a timestamp in the second line,
the old code was able to parse this file while the new code would only
see an empty file.
After this change, the new test no longer hangs. Sadly, I do not
actually know its effect on the "actual bug" that I wanted to fix, but
since there are no longer any calls to fclose(), there cannot be any
hangs inside fclose().
Signed-off-by: Uli Schlachter <psychon@znc.in>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Uli Schlachter <psychon@znc.in>
|
| |
|
|
| |
Signed-off-by: Uli Schlachter <psychon@znc.in>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Backtraces suggest that AddressSanitizer replaces malloc() with a
function that
- locks a mutex and
- calls clock_gettime() while the mutex is held
This commit adds a test that implements a trivial malloc() that behaves
similarly. Currently, this test hangs.
Signed-off-by: Uli Schlachter <psychon@znc.in>
|
| |\
| |
| | |
test: remember to clean up repeat_random
|
| | | |
|
| | |
| |
| |
| | |
See https://bugs.debian.org/1007828
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
The test suite should not succeed if INTERCEPT_SYSCALL is defined but
the variadic argument promotion test fails.
OTOH, if we're not asking for INTERCEPT_SYSCALL, we don't care about
the results of that test.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This test uses the same style of re-packing variadic arguments through
two layers of variadic calls, and compares that call chain against one
direct variadic call.
The outer function uses the same kind of re-packing used in
src/libfaketime.c's syscall (leading to real_syscall), but the inner
functions use different assumptions about the types of each argument.
This is not an entirely comprehensive test, because we only define two
different inner function signatures. If some particular syscall is
breaking when intercepted, consider adding something like its expected
function signature in test/variadic/inner.c, and invoke it in
test/variadic/main.c.
Note that we don't test any floating point types (those types are
typically passed in registers in x86-64, not on the stack, and are
also not used for any syscall that i'm aware of).
|
| |
|
|
| |
This makes the test build process use the same sort of CFLAGS as the rest of the code.
|
| |
|
|
|
| |
We want to be able to conditionally add tests. This sets up to be
able to do that cleanly.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This invokes clock_gettime, but uses a timespec from the heap instead
of the stack.
It appears to be successful for me on x86-64 GNU/Linux.
This rules out one possible cause of the error reported in #310: I was
worried that an address from the range occupied by the heap might
somehow be corrupted by the syscall variadic argument de-mangling, but
that looks like it is not the case.
|
| |
|
|
|
| |
This invokes clock_gettime, but uses a timespec from the heap instead
of the stack.
|
| | |
|
| | |
|
| |
|
|
|
| |
Hopefully this makes it easier for future development work to augment
the snippet-based testing.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Earlier, this code was conceived of to test a "function" specifically,
but some future snippet could test multiple function calls, or a
subset of a function call (e.g. snippets/syscall_clock_gettime.c
already only tests one particular syscall diversion number).
Normalizing on the name "snippet" should make it easier to understand
the code going forward.
|
| |
|
|
| |
Closes: #176
|
| |
|
|
|
| |
This snippet applies to both the library constructors and variable
data test frameworks.
|
| | |
|
| |
|
|
|
| |
Now that we have the snippet-driven test_variable_data suite, most of
the other longer hand-written tests are duplicative.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of these snippets are likely to have some env var that causes the
data to hold constant, while the data will otherwise be likely to vary
over time.
This framework offers a way to test those snippets, by dropping the
variable and an example value in the test/snippets/FOO.variable
one-line file.
Note that the test/snippets/syscall.c snippet is *not* expected to
vary over time (or to differ when any given variable is set), so we
simply don't add any test/snippets/syscall.variable file to avoid it
being tested in this way.
|
| | |
|
| |
|
|
|
| |
These tests are already taken care of with the snippet-driven library
constructor tests.
|
| |
|
|
|
|
|
|
| |
We want to make it easier to test a bunch of different functions that
might be invoked in constructors of other libraries.
It seems conceivable that with these snippets, we could design other
tests that also work across a wide range of intercepted functions.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
debian autopkgtest instances (and maybe other test systems) will
report a failure if messages are sent to stderr.
Since these messages are diagnostic messages for the test suite, and
not indicators of actual failure, they should go to stdout, not
stderr.
|
| |\
| |
| | |
better testing for interception of randomness from the kernel, including getentropy()
|
| | |
| |
| |
| |
| | |
We want to ensure that tools that call getentropy() are also
controlled appropriately.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
A single program that invokes getrandom() repeatedly should end up
with the same stream of bytes, regardless of how it chunks up the
reading from the entropy source.
This test already passses. I'm including it because it seems
like a useful confirmation.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an attempt at an implementation to address #301.
Some things worth noting:
- I am not particularly confident in my reverse of the variadic C
ABI. While the code appears to work for me on x86_64, I could
imagine some variations between platforms that I'm not
understanding.
- This works to intercept the invocation of syscall as seen in
test/syscalltest.sh, as long as it was compiled with -DFAKE_RANDOM
- defining -DINTERCEPT_SYSCALL on non-Linux platforms should result
in a compile-time error.
- This does *not* work to intercept the syscall sent by `openssl
rand`, for some reason I don't yet understand. Perhaps openssl has
some platform-specific syscall mechanism that doesn't route them
through libc's syscall() shim?
|
| |
|
|
|
|
| |
This is an attempt to ensure that an external library invocation of
getpid doesn't trigger a crash (e.g. #295) or an infinite loop
(e.g. #297).
|
| |
|
|
|
| |
This paves the way for testing other interceptions like getpid() with
shared objects that do devious things in their consturctors.
|
| |
|
|
|
|
|
| |
In some configurations, GNU make might treat librandom.so as an
ephemeral/intermediate build artifact and destroy it before
randomtest.sh is run. This ensures the shared object is present when
needed.
|
| |
|
|
|
|
|
| |
I went with the runtime environment variable being FAKETIME_FAKEPID
since it seems less likely to collide with anything else.
Closes: #297
|
| |
|
|
|
| |
Running "make randomtest" should demonstrates the segfault described
in https://github.com/wolfcw/libfaketime/issues/295
|
| |
|
|
|
|
|
|
| |
Previously, we had failed to test code with getrandom() against
LD_PRELOAD when FAKERANDOM_SEED was unset.
We also want to try calling getrandom twice in a single process to
make sure that works OK.
|
| | |
|
| | |
|
