Add regress tests to make sure arc4random(3) is reinitialized

correctly in fork children.

3 files changed, 181 insertions, 2 deletions

diff --git a/src/regress/lib/libc/Makefile b/src/regress/lib/libc/Makefile
index e7a96f1ece..06c09d35cd 100644
--- a/src/regress/lib/libc/Makefile
+++ b/src/regress/lib/libc/Makefile
@@ -1,6 +1,7 @@
-#       $OpenBSD: Makefile,v 1.41 2014/06/13 01:55:02 matthew Exp $
+#       $OpenBSD: Makefile,v 1.42 2014/06/18 08:24:00 matthew Exp $
 
-SUBDIR+= _setjmp alloca atexit basename cephes cxa-atexit db dirname env
+SUBDIR+= _setjmp alloca arc4random-fork
+SUBDIR+= atexit basename cephes cxa-atexit db dirname env
 SUBDIR+= explicit_bzero fmemopen fnmatch fpclassify getcap getopt_long glob
 SUBDIR+= hsearch longjmp locale malloc mkstemp modf netdb open_memstream
 SUBDIR+= orientation popen printf
diff --git a/src/regress/lib/libc/arc4random-fork/Makefile b/src/regress/lib/libc/arc4random-fork/Makefile
new file mode 100644
index 0000000000..05762e33ff
--- /dev/null
+++ b/src/regress/lib/libc/arc4random-fork/Makefile
@@ -0,0 +1,25 @@
+#       $OpenBSD: Makefile,v 1.1 2014/06/18 08:24:00 matthew Exp $
+
+PROG=   arc4random-fork
+
+REGRESS_TARGETS=        \
+        run             \
+        run-buf         \
+        run-prefork     \
+        run-buf-prefork
+
+run: ${PROG}
+        ./${PROG}
+
+run-buf: ${PROG}
+        ./${PROG} -b
+
+run-prefork: ${PROG}
+        ./${PROG} -p
+
+run-buf-prefork: ${PROG}
+        ./${PROG} -bp
+
+.PHONY: ${REGRESS_TARGETS}
+
+.include <bsd.regress.mk>
diff --git a/src/regress/lib/libc/arc4random-fork/arc4random-fork.c b/src/regress/lib/libc/arc4random-fork/arc4random-fork.c
new file mode 100644
index 0000000000..35a9ea6a98
--- /dev/null
+++ b/src/regress/lib/libc/arc4random-fork/arc4random-fork.c
@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2014 Google Inc.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/mman.h>
+#include <sys/wait.h>
+#include <assert.h>
+#include <err.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define CHECK(x) assert(x)
+#define CHECK_EQ(a, b) assert((a) == (b))
+#define CHECK_NE(a, b) assert((a) != (b))
+#define CHECK_GE(a, b) assert((a) >= (b))
+#define CHECK_LE(a, b) assert((a) <= (b))
+
+/* Test arc4random_buf(3) instead of arc4random(3). */
+static int flagbuf;
+
+/* Initialize arc4random(3) before forking. */
+static int flagprefork;
+
+enum {
+        N = 4096
+};
+
+typedef struct {
+        uint32_t x[N];
+} Buf;
+
+static int
+isfullbuf(const Buf *buf)
+{
+        size_t i;
+        for (i = 0; i < N; i++)
+                if (buf->x[i])
+                        return (1);
+        return (0);
+}
+
+static void
+fillbuf(Buf *buf)
+{
+        if (flagbuf) {
+                arc4random_buf(buf->x, sizeof(buf->x));
+        } else {
+                size_t i;
+                for (i = 0; i < N; i++)
+                        buf->x[i] = arc4random();
+        }
+}
+
+static void
+usage()
+{
+        extern const char *__progname;
+        errx(1, "usage: %s [-bp]", __progname);
+}
+
+int
+main(int argc, char *argv[])
+{
+        int opt, status;
+        Buf *bufparent, *bufchildone, *bufchildtwo;
+        pid_t pidone, pidtwo;
+        size_t i, countone = 0, counttwo = 0, countkids = 0;
+
+        while ((opt = getopt(argc, argv, "bp")) != -1) {
+                switch (opt) {
+                case 'b':
+                        flagbuf = 1;
+                        break;
+                case 'p':
+                        flagprefork = 1;
+                        break;
+                default:
+                        usage();
+                }
+        }
+
+        if (flagprefork)
+                arc4random();
+
+        bufparent = mmap(NULL, sizeof(Buf), PROT_READ|PROT_WRITE,
+            MAP_ANON|MAP_PRIVATE, -1, 0);
+        CHECK_NE(MAP_FAILED, bufparent);
+
+        bufchildone = mmap(NULL, sizeof(Buf), PROT_READ|PROT_WRITE,
+            MAP_ANON|MAP_SHARED, -1, 0);
+        CHECK_NE(MAP_FAILED, bufchildone);
+
+        bufchildtwo = mmap(NULL, sizeof(Buf), PROT_READ|PROT_WRITE,
+            MAP_ANON|MAP_SHARED, -1, 0);
+        CHECK_NE(MAP_FAILED, bufchildtwo);
+
+        pidone = fork();
+        CHECK_GE(pidone, 0);
+        if (pidone == 0) {
+                fillbuf(bufchildone);
+                _exit(0);
+        }
+
+        pidtwo = fork();
+        CHECK_GE(pidtwo, 0);
+        if (pidtwo == 0) {
+                fillbuf(bufchildtwo);
+                _exit(0);
+        }
+
+        fillbuf(bufparent);
+
+        CHECK_EQ(pidone, waitpid(pidone, &status, 0));
+        CHECK(WIFEXITED(status));
+        CHECK_EQ(0, WEXITSTATUS(status));
+
+        CHECK_EQ(pidtwo, waitpid(pidtwo, &status, 0));
+        CHECK(WIFEXITED(status));
+        CHECK_EQ(0, WEXITSTATUS(status));
+
+        CHECK(isfullbuf(bufchildone));
+        CHECK(isfullbuf(bufchildtwo));
+
+        for (i = 0; i < N; i++) {
+                countone += bufparent->x[i] == bufchildone->x[i];
+                counttwo += bufparent->x[i] == bufchildtwo->x[i];
+                countkids += bufchildone->x[i] == bufchildtwo->x[i];
+        }
+
+        /*
+         * These checks are inherently probabilistic and theoretically risk
+         * flaking, but there's less than a 1 in 2^40 chance of more than
+         * one pairwise match between two vectors of 4096 32-bit integers.
+         */
+        CHECK_LE(countone, 1);
+        CHECK_LE(counttwo, 1);
+        CHECK_LE(countkids, 1);
+
+        return (0);
+}