<div dir="ltr"><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_extra"><div class="gmail_quote">Li Wang <span dir="ltr"><<a href="mailto:liwang@redhat.com" target="_blank">liwang@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div style="font-size:small"><br></div><div class="gmail_extra"><div class="gmail_quote">Richard Palethorpe <span dir="ltr"><<a href="mailto:rpalethorpe@suse.com" target="_blank">rpalethorpe@suse.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="font-size:small;display:inline">...</div><span class="gmail-"><br>
@@ -99,6 +102,15 @@ struct tst_fzsync_pair {<br>
.info_gap = 0x7FFFF \<br>
}<br>
<br>
+<div style="font-size:small;display:inline"></div>static void tst_fzsync_pair_reset(struct tst_fzsync_pair *pair)<br>
+{<br>
+ pair->timer.clock_id = CLOCK_MONOTONIC_RAW;<br>
+ pair->timer.limit.tv_sec = 60 * tst_timeout_mul();<br>
+ pair->timer.limit.tv_nsec = 0;<br>
+<br>
+ tst_timer_start_st(&pair->tim<wbr>er);<br>
+}<br>
+<br></span></blockquote><div><br></div><div><div style="font-size:small">There is a loop defect in this method as I commented in patch V2.</div></div><div style="font-size:small"><br></div><div style="font-size:small">If we don't reset the pair->exit to 0 after one loop, it will be never run into the second</div><div style="font-size:small">fzsync function because the pair->exit has been set to 1 at the first expired time.</div><div style="font-size:small"><br></div><div style="font-size:small">something result like:</div><div style="font-size:small">----------------------------</div><div><div># ./cve-2016-7117 -i 3</div><div>tst_test.c:1022: INFO: Timeout per run is 0h 05m 00s</div><div>../../include/tst_fuzzy_sync.<wbr>h:121: INFO: avg_diff = -216ns, avg_dev = 565ns, delay = 02474 loops</div><div>../../include/tst_fuzzy_sync.<wbr>h:121: INFO: avg_diff = 12ns, avg_dev = 430ns, delay = 02604 loops</div><div>../../include/tst_fuzzy_sync.<wbr>h:330: INFO: Exceeded fuzzy sync time limit, requesting exit</div><div>cve-2016-7117.c:161: PASS: Nothing happened after 1564741 attempts</div><div>cve-2016-7117.c:161: PASS: Nothing happened after 1 attempts</div><div>cve-2016-7117.c:161: PASS: Nothing happened after 1 attempts</div><div><br></div><div>Summary:</div><div>passed 3</div><div>failed 0</div><div>skipped 0</div><div>warnings 0</div><div style="font-size:small"><br></div><div style="font-size:small">But, if we just reset the pair->exit to 0 in the new function <div style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;display:inline"></div><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">tst_fzsync_pair_reset(),</span></div><div style="font-size:small"><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">there still NOT fix the problem totally, because in the last test expired time, all threads</span></div><div style="font-size:small"><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">created by setup() </span>function have exited, and here we'll only loop in tst_fzsync_wait_a()</div><div style="font-size:small">and wait there forever. :(</div></div></div></div></div></blockquote><div><br></div><div class="gmail_default" style="font-size:small">I just come up with a stupid patch to fix that, but personally I insist believe</div><div class="gmail_default" style="font-size:small">that maybe we should not leave this kind of works to LTP user, we'd better</div><div class="gmail_default" style="font-size:small">encapsulate that all in fuzzy_sync library.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Just FYI:</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default">diff --git a/include/tst_fuzzy_sync.h b/include/tst_fuzzy_sync.h</div><div class="gmail_default">index 5e0ff36..862ab7e 100644</div><div class="gmail_default">--- a/include/tst_fuzzy_sync.h</div><div class="gmail_default">+++ b/include/tst_fuzzy_sync.h</div><div class="gmail_default">@@ -102,8 +102,14 @@ struct tst_fzsync_pair {</div><div class="gmail_default"> .info_gap = 0x7FFFF \</div><div class="gmail_default"> }</div><div class="gmail_default"> </div><div class="gmail_default">-static void tst_fzsync_pair_reset(struct tst_fzsync_pair *pair)</div><div class="gmail_default">+static void tst_fzsync_pair_init(struct tst_fzsync_pair *pair)</div><div class="gmail_default"> {</div><div class="gmail_default">+ pair->exit = 0;</div><div class="gmail_default">+ pair->delay = 0;</div><div class="gmail_default">+ pair->a_cntr = pair->b_cntr = 0;</div><div class="gmail_default">+ pair->avg_dev = pair->avg_diff = 0;</div><div class="gmail_default">+ pair->a.tv_sec = pair->a.tv_nsec = 0;</div><div class="gmail_default">+ pair->b.tv_sec = pair->b.tv_nsec = 0;</div><div class="gmail_default"> pair->timer.clock_id = CLOCK_MONOTONIC_RAW;</div><div class="gmail_default"> pair->timer.limit.tv_sec = 60 * tst_timeout_mul();</div><div class="gmail_default"> pair->timer.limit.tv_nsec = 0;</div><div class="gmail_default">diff --git a/testcases/cve/cve-2016-7117.c b/testcases/cve/cve-2016-7117.c</div><div class="gmail_default">index fecc588..f8993c7 100644</div><div class="gmail_default">--- a/testcases/cve/cve-2016-7117.c</div><div class="gmail_default">+++ b/testcases/cve/cve-2016-7117.c</div><div class="gmail_default">@@ -136,7 +136,10 @@ static void run(void)</div><div class="gmail_default"> </div><div class="gmail_default"> msghdrs[0].msg_hdr.msg_iov->iov_base = (void *)&rbuf;</div><div class="gmail_default"> </div><div class="gmail_default">- tst_fzsync_pair_reset(&fzsync_pair);</div><div class="gmail_default">+ if (fzsync_pair.exit == 1)</div><div class="gmail_default">+ setup();</div><div class="gmail_default">+</div><div class="gmail_default">+ tst_fzsync_pair_init(&fzsync_pair);</div><div class="gmail_default"> for (i = 1; i < ATTEMPTS; i++) {</div><div class="gmail_default"> if (socketpair(AF_LOCAL, SOCK_DGRAM, 0, (int *)socket_fds))</div><div class="gmail_default"> tst_brk(TBROK | TERRNO, "Socket creation failed");</div></div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div>Regards,<br></div><div>Li Wang<br></div></div></div>
</div></div>