1 /* Test cancellation of getpwuid_r.
2    Copyright (C) 2016-2022 Free Software Foundation, Inc.
3    This file is part of the GNU C Library.
4 
5    The GNU C Library is free software; you can redistribute it and/or
6    modify it under the terms of the GNU Lesser General Public
7    License as published by the Free Software Foundation; either
8    version 2.1 of the License, or (at your option) any later version.
9 
10    The GNU C Library is distributed in the hope that it will be useful,
11    but WITHOUT ANY WARRANTY; without even the implied warranty of
12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13    Lesser General Public License for more details.
14 
15    You should have received a copy of the GNU Lesser General Public
16    License along with the GNU C Library; if not, see
17    <https://www.gnu.org/licenses/>.  */
18 
19 /* Test if cancellation of getpwuid_r incorrectly leaves internal
20    function state locked resulting in hang of subsequent calls to
21    getpwuid_r.  The main thread creates a second thread which will do
22    the calls to getpwuid_r.  A semaphore is used by the second thread to
23    signal to the main thread that it is as close as it can be to the
24    call site of getpwuid_r.  The goal of the semaphore is to avoid any
25    cancellable function calls between the sem_post and the call to
26    getpwuid_r.  The main thread then attempts to cancel the second
27    thread.  Without the fixes the cancellation happens at any number of
28    calls to cancellable functions in getpuid_r, but with the fix the
29    cancellation either does not happen or happens only at expected
30    points where the internal state is consistent.  We use an explicit
31    pthread_testcancel call to terminate the loop in a timely fashion
32    if the implementation does not have a cancellation point.  */
33 
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <pthread.h>
37 #include <pwd.h>
38 #include <nss.h>
39 #include <sys/types.h>
40 #include <unistd.h>
41 #include <semaphore.h>
42 #include <errno.h>
43 #include <support/support.h>
44 
45 sem_t started;
46 char *wbuf;
47 long wbufsz;
48 
49 void
worker_free(void * arg)50 worker_free (void *arg)
51 {
52   free (arg);
53 }
54 
55 static void *
worker(void * arg)56 worker (void *arg)
57 {
58   int ret;
59   unsigned int iter = 0;
60   struct passwd pwbuf, *pw;
61   uid_t uid;
62 
63   uid = geteuid ();
64 
65   /* Use a reasonable sized buffer.  Note that _SC_GETPW_R_SIZE_MAX is
66      just a hint and not any kind of maximum value.  */
67   wbufsz = sysconf (_SC_GETPW_R_SIZE_MAX);
68   if (wbufsz == -1)
69     wbufsz = 1024;
70   wbuf = xmalloc (wbufsz);
71 
72   pthread_cleanup_push (worker_free, wbuf);
73   sem_post (&started);
74   while (1)
75     {
76       iter++;
77 
78       ret = getpwuid_r (uid, &pwbuf, wbuf, wbufsz, &pw);
79 
80       /* The call to getpwuid_r may not cancel so we need to test
81 	 for cancellation after some number of iterations of the
82 	 function.  Choose an arbitrary 100,000 iterations of running
83 	 getpwuid_r in a tight cancellation loop before testing for
84 	 cancellation.  */
85       if (iter > 100000)
86 	pthread_testcancel ();
87 
88       if (ret == ERANGE)
89 	{
90 	  /* Increase the buffer size.  */
91 	  free (wbuf);
92 	  wbufsz = wbufsz * 2;
93 	  wbuf = xmalloc (wbufsz);
94 	}
95 
96     }
97   pthread_cleanup_pop (1);
98 
99   return NULL;
100 }
101 
102 static int
do_test(void)103 do_test (void)
104 {
105   int ret;
106   char *buf;
107   long bufsz;
108   void *retval;
109   struct passwd pwbuf, *pw;
110   pthread_t thread;
111 
112   /* Configure the test to only use files. We control the files plugin
113      as part of glibc so we assert that it should be deferred
114      cancellation safe.  */
115   __nss_configure_lookup ("passwd", "files");
116 
117   /* Use a reasonable sized buffer.  Note that  _SC_GETPW_R_SIZE_MAX is
118      just a hint and not any kind of maximum value.  */
119   bufsz = sysconf (_SC_GETPW_R_SIZE_MAX);
120   if (bufsz == -1)
121     bufsz = 1024;
122   buf = xmalloc (bufsz);
123 
124   sem_init (&started, 0, 0);
125 
126   pthread_create (&thread, NULL, worker, NULL);
127 
128   do
129   {
130     ret = sem_wait (&started);
131     if (ret == -1 && errno != EINTR)
132       {
133         printf ("FAIL: Failed to wait for second thread to start.\n");
134 	exit (EXIT_FAILURE);
135       }
136   }
137   while (ret != 0);
138 
139   printf ("INFO: Cancelling thread\n");
140   if ((ret = pthread_cancel (thread)) != 0)
141     {
142       printf ("FAIL: Failed to cancel thread. Returned %d\n", ret);
143       exit (EXIT_FAILURE);
144     }
145 
146   printf ("INFO: Joining...\n");
147   pthread_join (thread, &retval);
148   if (retval != PTHREAD_CANCELED)
149     {
150       printf ("FAIL: Thread was not cancelled.\n");
151       exit (EXIT_FAILURE);
152     }
153   printf ("INFO: Joined, trying getpwuid_r call\n");
154 
155   /* Before the fix in 312be3f9f5eab1643d7dcc7728c76d413d4f2640 for this
156      issue the cancellation point could happen in any number of internal
157      calls, and therefore locks would be left held and the following
158      call to getpwuid_r would block and the test would time out.  */
159   do
160     {
161       ret = getpwuid_r (geteuid (), &pwbuf, buf, bufsz, &pw);
162       if (ret == ERANGE)
163 	{
164 	  /* Increase the buffer size.  */
165 	  free (buf);
166 	  bufsz = bufsz * 2;
167 	  buf = xmalloc (bufsz);
168 	}
169     }
170   while (ret == ERANGE);
171 
172   free (buf);
173 
174   /* Before the fix we would never get here.  */
175   printf ("PASS: Canceled getpwuid_r successfully"
176 	  " and called it again without blocking.\n");
177 
178   return 0;
179 }
180 
181 #define TIMEOUT 900
182 #include <support/test-driver.c>
183