From 6224fac9210bd95d79685d5421eb5dac2da8a29d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 21 Apr 2009 21:33:32 +0200 Subject: memtrap: add new logic to trap and handle SIGBUS --- src/.gitignore | 1 + src/Makefile.am | 12 ++- src/pulsecore/memtrap.c | 256 ++++++++++++++++++++++++++++++++++++++++++++++++ src/pulsecore/memtrap.h | 38 +++++++ src/tests/sigbus-test.c | 69 +++++++++++++ 5 files changed, 374 insertions(+), 2 deletions(-) create mode 100644 src/pulsecore/memtrap.c create mode 100644 src/pulsecore/memtrap.h create mode 100644 src/tests/sigbus-test.c (limited to 'src') diff --git a/src/.gitignore b/src/.gitignore index 85370444..82331524 100644 --- a/src/.gitignore +++ b/src/.gitignore @@ -1,3 +1,4 @@ +sigbus-test TAGS alsa-time-test gtk-test diff --git a/src/Makefile.am b/src/Makefile.am index 716d8653..ec56c3d4 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -259,7 +259,8 @@ TESTS = \ envelope-test \ proplist-test \ lock-autospawn-test \ - prioq-test + prioq-test \ + sigbus-test TESTS_BINARIES = \ mainloop-test \ @@ -296,7 +297,8 @@ TESTS_BINARIES = \ rtstutter \ stripnul \ lock-autospawn-test \ - prioq-test + prioq-test \ + sigbus-test if HAVE_SIGXCPU #TESTS += \ @@ -520,6 +522,11 @@ prioq_test_LDADD = $(AM_LDADD) libpulsecore-@PA_MAJORMINORMICRO@.la libpulsecomm prioq_test_CFLAGS = $(AM_CFLAGS) $(LIBOIL_CFLAGS) prioq_test_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(LIBOIL_LIBS) +sigbus_test_SOURCES = tests/sigbus-test.c +sigbus_test_LDADD = $(AM_LDADD) libpulsecore-@PA_MAJORMINORMICRO@.la libpulsecommon-@PA_MAJORMINORMICRO@.la +sigbus_test_CFLAGS = $(AM_CFLAGS) $(LIBOIL_CFLAGS) +sigbus_test_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(LIBOIL_LIBS) + gtk_test_SOURCES = tests/gtk-test.c gtk_test_LDADD = $(AM_LDADD) libpulse.la libpulse-mainloop-glib.la gtk_test_CFLAGS = $(AM_CFLAGS) $(GTK20_CFLAGS) @@ -797,6 +804,7 @@ libpulsecore_@PA_MAJORMINORMICRO@_la_SOURCES = \ pulsecore/sconv-s16le.c pulsecore/sconv-s16le.h \ pulsecore/sconv.c pulsecore/sconv.h \ pulsecore/shared.c pulsecore/shared.h \ + pulsecore/memtrap.c pulsecore/memtrap.h \ pulsecore/shm.c pulsecore/shm.h \ pulsecore/sink-input.c pulsecore/sink-input.h \ pulsecore/sink.c pulsecore/sink.h \ diff --git a/src/pulsecore/memtrap.c b/src/pulsecore/memtrap.c new file mode 100644 index 00000000..ec9b137c --- /dev/null +++ b/src/pulsecore/memtrap.c @@ -0,0 +1,256 @@ +/*** + This file is part of PulseAudio. + + Copyright 2009 Lennart Poettering + + PulseAudio is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + PulseAudio is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with PulseAudio; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + USA. +***/ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include + +#include +#include +#include +#include + +#include "memtrap.h" + +struct pa_memtrap { + void *start; + size_t size; + pa_atomic_t bad; + pa_memtrap *next[2], *prev[2]; +}; + +static pa_memtrap *memtraps[2] = { NULL, NULL }; +static pa_atomic_t read_lock = PA_ATOMIC_INIT(0); +static pa_static_semaphore semaphore = PA_STATIC_SEMAPHORE_INIT; +static pa_static_mutex write_lock = PA_STATIC_MUTEX_INIT; + +#define MSB (1U << (sizeof(unsigned)*8U-1)) +#define WHICH(n) (!!((n) & MSB)) +#define COUNTER(n) ((n) & ~MSB) + +pa_bool_t pa_memtrap_is_good(pa_memtrap *m) { + pa_assert(m); + + return !pa_atomic_load(&m->bad); +} + +static void sigsafe_error(const char *s) { + write(STDERR_FILENO, s, strlen(s)); +} + +static void signal_handler(int sig, siginfo_t* si, void *data) { + unsigned n, j; + pa_memtrap *m; + void *r; + + /* Increase the lock counter */ + n = (unsigned) pa_atomic_inc(&read_lock); + + /* The uppermost bit tells us which list to look at */ + j = WHICH(n); + + /* When n is 0 we have about 2^31 threads running that + * all got a sigbus at the same time, oh my! */ + pa_assert(COUNTER(n)+1 > 0); + + for (m = memtraps[j]; m; m = m->next[j]) + if (si->si_addr >= m->start && + (uint8_t*) si->si_addr < (uint8_t*) m->start + m->size) + break; + + if (!m) + goto fail; + + pa_atomic_store(&m->bad, 1); + + /* Remap anonymous memory into the bad segment */ + if ((r = mmap(m->start, m->size, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_FIXED|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + sigsafe_error("mmap() failed.\n"); + goto fail; + } + + pa_assert(r == m->start); + + pa_atomic_dec(&read_lock); + + /* Post the semaphore */ + pa_semaphore_post(pa_static_semaphore_get(&semaphore, 0)); + + return; + +fail: + pa_atomic_dec(&read_lock); + abort(); +} + +static void memtrap_swap(unsigned n) { + + for (;;) { + + /* If the read counter is > 0 wait; if it is 0 try to swap the lists */ + if (COUNTER(n) > 0) + pa_semaphore_wait(pa_static_semaphore_get(&semaphore, 0)); + else if (pa_atomic_cmpxchg(&read_lock, (int) n, (int) (n ^ MSB))) + break; + + n = (unsigned) pa_atomic_load(&read_lock); + } +} + +static void memtrap_link(pa_memtrap *m, unsigned j) { + pa_assert(m); + + m->prev[j] = NULL; + m->next[j] = memtraps[j]; + memtraps[j] = m; +} + +static void memtrap_unlink(pa_memtrap *m, int j) { + pa_assert(m); + + if (m->next[j]) + m->next[j]->prev[j] = m->prev[j]; + + if (m->prev[j]) + m->prev[j]->next[j] = m->next[j]; + else + memtraps[j] = m->next[j]; +} + +pa_memtrap* pa_memtrap_add(const void *start, size_t size) { + pa_memtrap *m = NULL; + pa_mutex *lock; + unsigned n, j; + + pa_assert(start); + pa_assert(size > 0); + pa_assert(PA_PAGE_ALIGN_PTR(start) == start); + pa_assert(PA_PAGE_ALIGN(size) == size); + + lock = pa_static_mutex_get(&write_lock, FALSE, FALSE); + pa_mutex_lock(lock); + + if (!memtraps[0]) { + struct sigaction sa; + + /* Before we install the signal handler, make sure the + * semaphore is valid so that the initialization of the + * semaphore doesn't have to happen from the signal handler */ + pa_static_semaphore_get(&semaphore, 0); + + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction = signal_handler; + sa.sa_flags = SA_RESTART|SA_SIGINFO; + + pa_assert_se(sigaction(SIGBUS, &sa, NULL) == 0); + } + + n = (unsigned) pa_atomic_load(&read_lock); + j = WHICH(n); + + m = pa_xnew(pa_memtrap, 1); + m->start = (void*) start; + m->size = size; + pa_atomic_store(&m->bad, 0); + + memtrap_link(m, !j); + memtrap_swap(n); + memtrap_link(m, j); + + pa_mutex_unlock(lock); + + return m; +} + +void pa_memtrap_remove(pa_memtrap *m) { + unsigned n, j; + pa_mutex *lock; + + pa_assert(m); + + lock = pa_static_mutex_get(&write_lock, FALSE, FALSE); + pa_mutex_lock(lock); + + n = (unsigned) pa_atomic_load(&read_lock); + j = WHICH(n); + + memtrap_unlink(m, !j); + memtrap_swap(n); + memtrap_unlink(m, j); + + pa_xfree(m); + + if (!memtraps[0]) { + struct sigaction sa; + + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = SIG_DFL; + pa_assert_se(sigaction(SIGBUS, &sa, NULL) == 0); + } + + pa_mutex_unlock(lock); +} + +pa_memtrap *pa_memtrap_update(pa_memtrap *m, const void *start, size_t size) { + unsigned n, j; + pa_mutex *lock; + + pa_assert(m); + + pa_assert(start); + pa_assert(size > 0); + pa_assert(PA_PAGE_ALIGN_PTR(start) == start); + pa_assert(PA_PAGE_ALIGN(size) == size); + + lock = pa_static_mutex_get(&write_lock, FALSE, FALSE); + pa_mutex_lock(lock); + + if (m->start == start && m->size == size) + goto unlock; + + n = (unsigned) pa_atomic_load(&read_lock); + j = WHICH(n); + + memtrap_unlink(m, !j); + memtrap_swap(n); + memtrap_unlink(m, j); + + m->start = (void*) start; + m->size = size; + pa_atomic_store(&m->bad, 0); + + n = (unsigned) pa_atomic_load(&read_lock); + j = WHICH(n); + + memtrap_link(m, !j); + memtrap_swap(n); + memtrap_link(m, j); + +unlock: + pa_mutex_unlock(lock); + + return m; +} diff --git a/src/pulsecore/memtrap.h b/src/pulsecore/memtrap.h new file mode 100644 index 00000000..d93d6720 --- /dev/null +++ b/src/pulsecore/memtrap.h @@ -0,0 +1,38 @@ +#ifndef foopulsecorememtraphfoo +#define foopulsecorememtraphfoo + +/*** + This file is part of PulseAudio. + + Copyright 2009 Lennart Poettering + + PulseAudio is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + PulseAudio is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with PulseAudio; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + USA. +***/ + +#include + +#include + +typedef struct pa_memtrap pa_memtrap; + +pa_memtrap* pa_memtrap_add(const void *start, size_t size); +pa_memtrap *pa_memtrap_update(pa_memtrap *m, const void *start, size_t size); + +void pa_memtrap_remove(pa_memtrap *m); + +pa_bool_t pa_memtrap_is_good(pa_memtrap *m); + +#endif diff --git a/src/tests/sigbus-test.c b/src/tests/sigbus-test.c new file mode 100644 index 00000000..dec4f0f2 --- /dev/null +++ b/src/tests/sigbus-test.c @@ -0,0 +1,69 @@ +/*** + This file is part of PulseAudio. + + Copyright 2009 Lennart Poettering + + PulseAudio is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + PulseAudio is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with PulseAudio; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + USA. +***/ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include +#include + +int main(int argc, char *argv[]) { + void *p; + int fd; + pa_memtrap *m; + + pa_log_set_level(PA_LOG_DEBUG); + + /* Create the memory map */ + pa_assert_se((fd = open("sigbus-test-map", O_RDWR|O_TRUNC|O_CREAT, 0660)) >= 0); + pa_assert_se(unlink("sigbus-test-map") == 0); + pa_assert_se(ftruncate(fd, PA_PAGE_SIZE) >= 0); + pa_assert_se((p = mmap(NULL, PA_PAGE_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0)) != MAP_FAILED); + + /* Register memory map */ + m = pa_memtrap_add(p, PA_PAGE_SIZE); + + /* Use memory map */ + pa_snprintf(p, PA_PAGE_SIZE, "This is a test that should work fine."); + + /* Verify memory map */ + pa_log("Let's see if this worked: %s", (char*) p); + pa_log("And memtrap says it is good: %s", pa_yes_no(pa_memtrap_is_good(m))); + + /* Invalidate mapping */ + pa_assert_se(ftruncate(fd, 0) >= 0); + + /* Use memory map */ + pa_snprintf(p, PA_PAGE_SIZE, "This is a test that should fail but get caught."); + + /* Verify memory map */ + pa_log("Let's see if this worked: %s", (char*) p); + pa_log("And memtrap says it is good: %s", pa_yes_no(pa_memtrap_is_good(m))); + + pa_memtrap_remove(m); + munmap(p, PA_PAGE_SIZE); + + return 0; +} -- cgit