[valgrind] [Bug 377698] Missing memory check for futex() uaddr arg for FUTEX_WAKE and FUTEX_WAKE_BITSET, check only 4 args for FUTEX_WAKE_BITSET, and 2 args for FUTEX_TRYLOCK_PI

Diane M Tue, 21 Mar 2017 08:47:52 -0700

https://bugs.kde.org/show_bug.cgi?id=377698


--- Comment #2 from Diane M <diane.meirow...@oracle.com> ---
Here is the final updated patch.

Problems:

1. Memcheck does not do a memory check on the uaddr argument for futex for
FUTEX_WAKE and FUTEX_WAKE_BITSET cases.

2. FUTEX_WAKE_BITSET should not do scalar read check on all 6 arguments;
   it should check uaddr, op, val, and val3 only.

3. FUTEX_TRYLOCK_PI should check only uaddr and op


diff -r 231368959406 coregrind/m_syswrap/syswrap-linux.c
--- a/coregrind/m_syswrap/syswrap-linux.c       Tue Mar 14 09:47:29 2017 -0700
+++ b/coregrind/m_syswrap/syswrap-linux.c       Tue Mar 21 08:11:21 2017 -0700
@@ -1633,9 +1633,11 @@
       }
       break;
    case VKI_FUTEX_WAKE_BITSET:
-      PRE_REG_READ6(long, "futex",
-                    vki_u32 *, futex, int, op, int, val,
-                    int, dummy, int, dummy2, int, val3);
+      PRE_REG_READ3(long, "futex",
+                    vki_u32 *, futex, int, op, int, val);
+      if (VG_(tdict).track_pre_reg_read) {
+         PRA6("futex", int, val3);
+      }
       break;
    case VKI_FUTEX_WAIT:
    case VKI_FUTEX_LOCK_PI:
@@ -1645,11 +1647,11 @@
       break;
    case VKI_FUTEX_WAKE:
    case VKI_FUTEX_FD:
-   case VKI_FUTEX_TRYLOCK_PI:
       PRE_REG_READ3(long, "futex",
                     vki_u32 *, futex, int, op, int, val);
       break;
    case VKI_FUTEX_UNLOCK_PI:
+   case VKI_FUTEX_TRYLOCK_PI:
    default:
       PRE_REG_READ2(long, "futex", vki_u32 *, futex, int, op);
       break;
@@ -1678,14 +1680,11 @@
    case VKI_FUTEX_FD:
    case VKI_FUTEX_TRYLOCK_PI:
    case VKI_FUTEX_UNLOCK_PI:
+   case VKI_FUTEX_WAKE:
+   case VKI_FUTEX_WAKE_BITSET:
       PRE_MEM_READ( "futex(futex)", ARG1, sizeof(Int) );
      break;

-   case VKI_FUTEX_WAKE:
-   case VKI_FUTEX_WAKE_BITSET:
-      /* no additional pointers */
-      break;
-
    default:
       SET_STATUS_Failure( VKI_ENOSYS );   // some futex function we don't
understand
       break;
diff -r 231368959406 memcheck/tests/arm64-linux/scalar.c
--- a/memcheck/tests/arm64-linux/scalar.c       Tue Mar 14 09:47:29 2017 -0700
+++ b/memcheck/tests/arm64-linux/scalar.c       Tue Mar 21 08:11:21 2017 -0700
@@ -1067,9 +1067,8 @@
    #ifndef FUTEX_WAIT
    #define FUTEX_WAIT   0
    #endif
-   // XXX: again, glibc not doing 6th arg means we have only 5s errors
-   GO(__NR_futex, "5s 2m");
-   SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1, x0, x0); FAIL;
+   GO(__NR_futex, "4s 2m");
+   SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1); FAIL;

    // __NR_sched_setaffinity 241
    GO(__NR_sched_setaffinity, "3s 1m");
diff -r 231368959406 memcheck/tests/arm64-linux/scalar.stderr.exp
--- a/memcheck/tests/arm64-linux/scalar.stderr.exp      Tue Mar 14 09:47:29
2017 -0700
+++ b/memcheck/tests/arm64-linux/scalar.stderr.exp      Tue Mar 21 08:11:21
2017 -0700
@@ -1958,7 +1958,7 @@
 130:          __NR_tkill n/a
 -----------------------------------------------------
 -----------------------------------------------------
- 98:          __NR_futex 5s 2m
+ 98:          __NR_futex 4s 2m
 -----------------------------------------------------
 Syscall param futex(futex) contains uninitialised byte(s)
    ...
diff -r 231368959406 memcheck/tests/darwin/scalar.c
--- a/memcheck/tests/darwin/scalar.c    Tue Mar 14 09:47:29 2017 -0700
+++ b/memcheck/tests/darwin/scalar.c    Tue Mar 21 08:11:21 2017 -0700
@@ -1653,9 +1653,8 @@
    #ifndef FUTEX_WAIT
    #define FUTEX_WAIT   0
    #endif
-   // XXX: again, glibc not doing 6th arg means we have only 5s errors
-   GO(__NR_futex, "5s 2m");
-   SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1, x0, x0); FAIL;
+   GO(__NR_futex, "4s 2m");
+   SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1); FAIL;

    // __NR_sched_setaffinity 241
    GO(__NR_sched_setaffinity, "3s 1m");
diff -r 231368959406 memcheck/tests/x86-linux/scalar.c
--- a/memcheck/tests/x86-linux/scalar.c Tue Mar 14 09:47:29 2017 -0700
+++ b/memcheck/tests/x86-linux/scalar.c Tue Mar 21 08:11:21 2017 -0700
@@ -1067,9 +1067,8 @@
    #ifndef FUTEX_WAIT
    #define FUTEX_WAIT   0
    #endif
-   // XXX: again, glibc not doing 6th arg means we have only 5s errors
-   GO(__NR_futex, "5s 2m");
-   SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1, x0, x0); FAIL;
+   GO(__NR_futex, "4s 2m");
+   SY(__NR_futex, x0+FUTEX_WAIT, x0, x0, x0+1); FAIL;

    // __NR_sched_setaffinity 241
    GO(__NR_sched_setaffinity, "3s 1m");
diff -r 231368959406 memcheck/tests/x86-linux/scalar.stderr.exp
--- a/memcheck/tests/x86-linux/scalar.stderr.exp        Tue Mar 14 09:47:29
2017 -0700
+++ b/memcheck/tests/x86-linux/scalar.stderr.exp        Tue Mar 21 08:11:21
2017 -0700
@@ -3300,7 +3300,7 @@
  Address 0x........ is not stack'd, malloc'd or (recently) free'd

 -----------------------------------------------------
-240:          __NR_futex 5s 2m
+240:          __NR_futex 4s 2m
 -----------------------------------------------------
 Syscall param futex(futex) contains uninitialised byte(s)
    ...

-- 
You are receiving this mail because:
You are watching all bug changes.

[valgrind] [Bug 377698] Missing memory check for futex() uaddr arg for FUTEX_WAKE and FUTEX_WAKE_BITSET, check only 4 args for FUTEX_WAKE_BITSET, and 2 args for FUTEX_TRYLOCK_PI

Reply via email to