memtrap: add new logic to trap and handle SIGBUS

5 files changed, 374 insertions, 2 deletions

diff --git a/src/.gitignore b/src/.gitignore
index 85370444..82331524 100644
--- a/src/.gitignore
+++ b/src/.gitignore
@@ -1,3 +1,4 @@
+sigbus-test
 TAGS
 alsa-time-test
 gtk-test
diff --git a/src/Makefile.am b/src/Makefile.am
index 716d8653..ec56c3d4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -259,7 +259,8 @@ TESTS = \
 		envelope-test \
 		proplist-test \
 		lock-autospawn-test \
-		prioq-test
+		prioq-test \
+		sigbus-test
 
 TESTS_BINARIES = \
 		mainloop-test \
@@ -296,7 +297,8 @@ TESTS_BINARIES = \
 		rtstutter \
 		stripnul \
 		lock-autospawn-test \
-		prioq-test
+		prioq-test \
+		sigbus-test
 
 if HAVE_SIGXCPU
 #TESTS += \
@@ -520,6 +522,11 @@ prioq_test_LDADD = $(AM_LDADD) libpulsecore-@PA_MAJORMINORMICRO@.la libpulsecomm
 prioq_test_CFLAGS = $(AM_CFLAGS) $(LIBOIL_CFLAGS)
 prioq_test_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(LIBOIL_LIBS)
 
+sigbus_test_SOURCES = tests/sigbus-test.c
+sigbus_test_LDADD = $(AM_LDADD) libpulsecore-@PA_MAJORMINORMICRO@.la libpulsecommon-@PA_MAJORMINORMICRO@.la
+sigbus_test_CFLAGS = $(AM_CFLAGS) $(LIBOIL_CFLAGS)
+sigbus_test_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(LIBOIL_LIBS)
+
 gtk_test_SOURCES = tests/gtk-test.c
 gtk_test_LDADD = $(AM_LDADD) libpulse.la libpulse-mainloop-glib.la
 gtk_test_CFLAGS = $(AM_CFLAGS) $(GTK20_CFLAGS)
@@ -797,6 +804,7 @@ libpulsecore_@PA_MAJORMINORMICRO@_la_SOURCES = \
 		pulsecore/sconv-s16le.c pulsecore/sconv-s16le.h \
 		pulsecore/sconv.c pulsecore/sconv.h \
 		pulsecore/shared.c pulsecore/shared.h \
+		pulsecore/memtrap.c pulsecore/memtrap.h \
 		pulsecore/shm.c pulsecore/shm.h \
 		pulsecore/sink-input.c pulsecore/sink-input.h \
 		pulsecore/sink.c pulsecore/sink.h \
diff --git a/src/pulsecore/memtrap.c b/src/pulsecore/memtrap.c
new file mode 100644
index 00000000..ec9b137c
--- /dev/null
+++ b/src/pulsecore/memtrap.c
@@ -0,0 +1,256 @@
+/***
+  This file is part of PulseAudio.
+
+  Copyright 2009 Lennart Poettering
+
+  PulseAudio is free software; you can redistribute it and/or modify
+  it under the terms of the GNU Lesser General Public License as
+  published by the Free Software Foundation; either version 2.1 of the
+  License, or (at your option) any later version.
+
+  PulseAudio is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public
+  License along with PulseAudio; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+  USA.
+***/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <signal.h>
+#include <sys/mman.h>
+
+#include <pulse/xmalloc.h>
+
+#include <pulsecore/semaphore.h>
+#include <pulsecore/macro.h>
+#include <pulsecore/mutex.h>
+#include <pulsecore/core-util.h>
+
+#include "memtrap.h"
+
+struct pa_memtrap {
+    void *start;
+    size_t size;
+    pa_atomic_t bad;
+    pa_memtrap *next[2], *prev[2];
+};
+
+static pa_memtrap *memtraps[2] = { NULL, NULL };
+static pa_atomic_t read_lock = PA_ATOMIC_INIT(0);
+static pa_static_semaphore semaphore = PA_STATIC_SEMAPHORE_INIT;
+static pa_static_mutex write_lock = PA_STATIC_MUTEX_INIT;
+
+#define MSB (1U << (sizeof(unsigned)*8U-1))
+#define WHICH(n) (!!((n) & MSB))
+#define COUNTER(n) ((n) & ~MSB)
+
+pa_bool_t pa_memtrap_is_good(pa_memtrap *m) {
+    pa_assert(m);
+
+    return !pa_atomic_load(&m->bad);
+}
+
+static void sigsafe_error(const char *s) {
+    write(STDERR_FILENO, s, strlen(s));
+}
+
+static void signal_handler(int sig, siginfo_t* si, void *data) {
+    unsigned n, j;
+    pa_memtrap *m;
+    void *r;
+
+    /* Increase the lock counter */
+    n = (unsigned) pa_atomic_inc(&read_lock);
+
+    /* The uppermost bit tells us which list to look at */
+    j = WHICH(n);
+
+    /* When n is 0 we have about 2^31 threads running that
+     * all got a sigbus at the same time, oh my! */
+    pa_assert(COUNTER(n)+1 > 0);
+
+    for (m = memtraps[j]; m; m = m->next[j])
+        if (si->si_addr >= m->start &&
+            (uint8_t*) si->si_addr < (uint8_t*) m->start + m->size)
+            break;
+
+    if (!m)
+        goto fail;
+
+    pa_atomic_store(&m->bad, 1);
+
+    /* Remap anonymous memory into the bad segment */
+    if ((r = mmap(m->start, m->size, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_FIXED|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
+        sigsafe_error("mmap() failed.\n");
+        goto fail;
+    }
+
+    pa_assert(r == m->start);
+
+    pa_atomic_dec(&read_lock);
+
+    /* Post the semaphore */
+    pa_semaphore_post(pa_static_semaphore_get(&semaphore, 0));
+
+    return;
+
+fail:
+    pa_atomic_dec(&read_lock);
+    abort();
+}
+
+static void memtrap_swap(unsigned n) {
+
+    for (;;) {
+
+        /* If the read counter is > 0 wait; if it is 0 try to swap the lists */
+        if (COUNTER(n) > 0)
+            pa_semaphore_wait(pa_static_semaphore_get(&semaphore, 0));
+        else if (pa_atomic_cmpxchg(&read_lock, (int) n, (int) (n ^ MSB)))
+            break;
+
+        n = (unsigned) pa_atomic_load(&read_lock);
+    }
+}
+
+static void memtrap_link(pa_memtrap *m, unsigned j) {
+    pa_assert(m);
+
+    m->prev[j] = NULL;
+    m->next[j] = memtraps[j];
+    memtraps[j] = m;
+}
+
+static void memtrap_unlink(pa_memtrap *m, int j) {
+    pa_assert(m);
+
+    if (m->next[j])
+        m->next[j]->prev[j] = m->prev[j];
+
+    if (m->prev[j])
+        m->prev[j]->next[j] = m->next[j];
+    else
+        memtraps[j] = m->next[j];
+}
+
+pa_memtrap* pa_memtrap_add(const void *start, size_t size) {
+    pa_memtrap *m = NULL;
+    pa_mutex *lock;
+    unsigned n, j;
+
+    pa_assert(start);
+    pa_assert(size > 0);
+    pa_assert(PA_PAGE_ALIGN_PTR(start) == start);
+    pa_assert(PA_PAGE_ALIGN(size) == size);
+
+    lock = pa_static_mutex_get(&write_lock, FALSE, FALSE);
+    pa_mutex_lock(lock);
+
+    if (!memtraps[0]) {
+        struct sigaction sa;
+
+        /* Before we install the signal handler, make sure the
+         * semaphore is valid so that the initialization of the
+         * semaphore doesn't have to happen from the signal handler */
+        pa_static_semaphore_get(&semaphore, 0);
+
+        memset(&sa, 0, sizeof(sa));
+        sa.sa_sigaction = signal_handler;
+        sa.sa_flags = SA_RESTART|SA_SIGINFO;
+
+        pa_assert_se(sigaction(SIGBUS, &sa, NULL) == 0);
+    }
+
+    n = (unsigned) pa_atomic_load(&read_lock);
+    j = WHICH(n);
+
+    m = pa_xnew(pa_memtrap, 1);
+    m->start = (void*) start;
+    m->size = size;
+    pa_atomic_store(&m->bad, 0);
+
+    memtrap_link(m, !j);
+    memtrap_swap(n);
+    memtrap_link(m, j);
+
+    pa_mutex_unlock(lock);
+
+    return m;
+}
+
+void pa_memtrap_remove(pa_memtrap *m) {
+    unsigned n, j;
+    pa_mutex *lock;
+
+    pa_assert(m);
+
+    lock = pa_static_mutex_get(&write_lock, FALSE, FALSE);
+    pa_mutex_lock(lock);
+
+    n = (unsigned) pa_atomic_load(&read_lock);
+    j = WHICH(n);
+
+    memtrap_unlink(m, !j);
+    memtrap_swap(n);
+    memtrap_unlink(m, j);
+
+    pa_xfree(m);
+
+    if (!memtraps[0]) {
+        struct sigaction sa;
+
+        memset(&sa, 0, sizeof(sa));
+        sa.sa_handler = SIG_DFL;
+        pa_assert_se(sigaction(SIGBUS, &sa, NULL) == 0);
+    }
+
+    pa_mutex_unlock(lock);
+}
+
+pa_memtrap *pa_memtrap_update(pa_memtrap *m, const void *start, size_t size) {
+    unsigned n, j;
+    pa_mutex *lock;
+
+    pa_assert(m);
+
+    pa_assert(start);
+    pa_assert(size > 0);
+    pa_assert(PA_PAGE_ALIGN_PTR(start) == start);
+    pa_assert(PA_PAGE_ALIGN(size) == size);
+
+    lock = pa_static_mutex_get(&write_lock, FALSE, FALSE);
+    pa_mutex_lock(lock);
+
+    if (m->start == start && m->size == size)
+        goto unlock;
+
+    n = (unsigned) pa_atomic_load(&read_lock);
+    j = WHICH(n);
+
+    memtrap_unlink(m, !j);
+    memtrap_swap(n);
+    memtrap_unlink(m, j);
+
+    m->start = (void*) start;
+    m->size = size;
+    pa_atomic_store(&m->bad, 0);
+
+    n = (unsigned) pa_atomic_load(&read_lock);
+    j = WHICH(n);
+
+    memtrap_link(m, !j);
+    memtrap_swap(n);
+    memtrap_link(m, j);
+
+unlock:
+    pa_mutex_unlock(lock);
+
+    return m;
+}
diff --git a/src/pulsecore/memtrap.h b/src/pulsecore/memtrap.h
new file mode 100644
index 00000000..d93d6720
--- /dev/null
+++ b/src/pulsecore/memtrap.h
@@ -0,0 +1,38 @@
+#ifndef foopulsecorememtraphfoo
+#define foopulsecorememtraphfoo
+
+/***
+  This file is part of PulseAudio.
+
+  Copyright 2009 Lennart Poettering
+
+  PulseAudio is free software; you can redistribute it and/or modify
+  it under the terms of the GNU Lesser General Public License as
+  published by the Free Software Foundation; either version 2.1 of the
+  License, or (at your option) any later version.
+
+  PulseAudio is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public
+  License along with PulseAudio; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+  USA.
+***/
+
+#include <sys/types.h>
+
+#include <pulsecore/macro.h>
+
+typedef struct pa_memtrap pa_memtrap;
+
+pa_memtrap* pa_memtrap_add(const void *start, size_t size);
+pa_memtrap *pa_memtrap_update(pa_memtrap *m, const void *start, size_t size);
+
+void pa_memtrap_remove(pa_memtrap *m);
+
+pa_bool_t pa_memtrap_is_good(pa_memtrap *m);
+
+#endif
diff --git a/src/tests/sigbus-test.c b/src/tests/sigbus-test.c
new file mode 100644
index 00000000..dec4f0f2
--- /dev/null
+++ b/src/tests/sigbus-test.c
@@ -0,0 +1,69 @@
+/***
+  This file is part of PulseAudio.
+
+  Copyright 2009 Lennart Poettering
+
+  PulseAudio is free software; you can redistribute it and/or modify
+  it under the terms of the GNU Lesser General Public License as
+  published by the Free Software Foundation; either version 2.1 of the
+  License, or (at your option) any later version.
+
+  PulseAudio is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public
+  License along with PulseAudio; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+  USA.
+***/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <fcntl.h>
+#include <sys/mman.h>
+
+#include <pulsecore/memtrap.h>
+#include <pulsecore/core-util.h>
+
+int main(int argc, char *argv[]) {
+    void *p;
+    int fd;
+    pa_memtrap *m;
+
+    pa_log_set_level(PA_LOG_DEBUG);
+
+    /* Create the memory map */
+    pa_assert_se((fd = open("sigbus-test-map", O_RDWR|O_TRUNC|O_CREAT, 0660)) >= 0);
+    pa_assert_se(unlink("sigbus-test-map") == 0);
+    pa_assert_se(ftruncate(fd, PA_PAGE_SIZE) >= 0);
+    pa_assert_se((p = mmap(NULL, PA_PAGE_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0)) != MAP_FAILED);
+
+    /* Register memory map */
+    m = pa_memtrap_add(p, PA_PAGE_SIZE);
+
+    /* Use memory map */
+    pa_snprintf(p, PA_PAGE_SIZE, "This is a test that should work fine.");
+
+    /* Verify memory map */
+    pa_log("Let's see if this worked: %s", (char*) p);
+    pa_log("And memtrap says it is good: %s", pa_yes_no(pa_memtrap_is_good(m)));
+
+    /* Invalidate mapping */
+    pa_assert_se(ftruncate(fd, 0) >= 0);
+
+    /* Use memory map */
+    pa_snprintf(p, PA_PAGE_SIZE, "This is a test that should fail but get caught.");
+
+    /* Verify memory map */
+    pa_log("Let's see if this worked: %s", (char*) p);
+    pa_log("And memtrap says it is good: %s", pa_yes_no(pa_memtrap_is_good(m)));
+
+    pa_memtrap_remove(m);
+    munmap(p, PA_PAGE_SIZE);
+
+    return 0;
+}