Fork handler mitigations
authorroot <root@dw-6.eecs.uci.edu>
Wed, 3 Jul 2019 20:06:02 +0000 (13:06 -0700)
committerroot <root@dw-6.eecs.uci.edu>
Wed, 3 Jul 2019 20:06:02 +0000 (13:06 -0700)
classlist.h
common.h
config.h
model.cc
mymemory.cc
snapshot.cc

index 641a148..24c635f 100644 (file)
@@ -19,4 +19,6 @@ class Fuzzer;
 struct model_snapshot_members;
 struct bug_message;
 typedef SnapList<ModelAction *> action_list_t;
+
+extern volatile int forklock;
 #endif
index 0f0ad64..27f4c8e 100644 (file)
--- a/common.h
+++ b/common.h
 #include "printf.h"
 
 extern int model_out;
-extern int switch_alloc;
 
 #define model_print(fmt, ...) do { \
-               switch_alloc = 1;              \
                char mprintbuf[256];                                                \
                int printbuflen=snprintf_(mprintbuf, 256, fmt, ## __VA_ARGS__);     \
                int lenleft = printbuflen < 256 ? printbuflen : 256;                   \
@@ -24,7 +22,6 @@ extern int switch_alloc;
                        lenleft-=byteswritten;                                            \
                        totalwritten+=byteswritten;                                       \
                }                                                                   \
-               switch_alloc = 0;                                                   \
 } while (0)
 
 #ifdef CONFIG_DEBUG
index 43c0442..ed0b6ba 100644 (file)
--- a/config.h
+++ b/config.h
@@ -54,4 +54,7 @@
 /** Enable debugging assertions (via ASSERT()) */
 #define CONFIG_ASSERT
 
+/** Enable mitigations against fork handlers that call into locks...  */
+#define FORK_HANDLER_HACK
+
 #endif
index 1be15ed..8454d0f 100644 (file)
--- a/model.cc
+++ b/model.cc
@@ -319,7 +319,17 @@ void ModelChecker::switch_from_master(Thread *thread)
  */
 uint64_t ModelChecker::switch_to_master(ModelAction *act)
 {
-       DBG();
+  if (forklock) {
+    static bool fork_message_printed = false;
+
+    if (!fork_message_printed) {
+      model_print("Fork handler trying to call into model checker...\n");
+      fork_message_printed = true;
+    }
+    delete act;
+    return 0;
+  }
+  DBG();
        Thread *old = thread_current();
        scheduler->set_current_thread(NULL);
        ASSERT(!old->get_pending());
index a85c48c..66a4fb9 100644 (file)
@@ -17,7 +17,6 @@
 size_t allocatedReqs[REQUESTS_BEFORE_ALLOC] = { 0 };
 int nextRequest = 0;
 int howManyFreed = 0;
-int switch_alloc = 0;
 #if !USE_MPROTECT_SNAPSHOT
 static mspace sStaticSpace = NULL;
 #endif
@@ -181,9 +180,6 @@ static void * user_malloc(size_t size)
 void *malloc(size_t size)
 {
        if (user_snapshot_space) {
-               if (switch_alloc) {
-                       return model_malloc(size);
-               }
                /* Only perform user allocations from user context */
                ASSERT(!model || thread_current());
                return user_malloc(size);
@@ -195,9 +191,6 @@ void *malloc(size_t size)
 void free(void * ptr)
 {
        if (!DontFree(ptr)) {
-               if (switch_alloc) {
-                       return model_free(ptr);
-               }
                mspace_free(user_snapshot_space, ptr);
        }
 }
index dc42614..6725a7a 100644 (file)
@@ -375,6 +375,8 @@ static void fork_snapshot_init(unsigned int numbackingpages,
        model_snapshot_space = create_mspace(numheappages * PAGESIZE, 1);
 }
 
+volatile int forklock = 0;
+
 static void fork_loop() {
        /* switch back here when takesnapshot is called */
        snapshotid = fork_snap->currSnapShotID;
@@ -386,7 +388,10 @@ static void fork_loop() {
        while (true) {
                pid_t forkedID;
                fork_snap->currSnapShotID = snapshotid + 1;
+
+               forklock = 1;
                forkedID = fork();
+               forklock = 0;
 
                if (0 == forkedID) {
                        setcontext(&fork_snap->shared_ctxt);