add code for CVE, fix issue, ensure CVE doesn't compile anymore

Author: sklose

examples/cve_2020_36470_example1.rs

@@ -0,0 +1,43 @@
+// #![forbid(unsafe_code)]
+
+// use disrustor::internal::RingBuffer;
+
+// use std::marker::PhantomData;
+// use std::thread;
+
+// struct NonSend {
+//     created_thread: thread::ThreadId,
+//     // Mark this struct as `NonSend`
+//     _marker: PhantomData<*mut ()>,
+// }
+
+// impl Default for NonSend {
+//     fn default() -> Self {
+//         NonSend {
+//             created_thread: thread::current().id(),
+//             _marker: PhantomData,
+//         }
+//     }
+// }
+
+// impl Drop for NonSend {
+//     fn drop(&mut self) {
+//         if thread::current().id() != self.created_thread {
+//             panic!("NonSend destructor is running on a wrong thread!");
+//         }
+//     }
+// }
+
+// fn main() {
+//     let buffer = RingBuffer::<NonSend>::new(1);
+
+//     let handle = thread::spawn(move || {
+//         drop(buffer);
+//     });
+
+//     handle.join().unwrap();
+// }
+
+fn main() {
+    println!("CVE-2020-36470 no longer compiles")
+}

examples/cve_2020_36470_example2.rs

@@ -0,0 +1,68 @@
+// #![forbid(unsafe_code)]
+
+// use std::cell::Cell;
+// use std::sync::Arc;
+// use std::thread;
+
+// use disrustor::internal::RingBuffer;
+// use disrustor::DisrustorBuilder;
+// use disrustor::EventProducer;
+
+// // A simple tagged union used to demonstrate problems with data races in Cell.
+// #[derive(Clone, Copy)]
+// enum RefOrInt {
+//     Ref(&'static u64),
+//     Int(u64),
+// }
+
+// static STATIC_INT: u64 = 123;
+
+// impl Default for RefOrInt {
+//     fn default() -> Self {
+//         RefOrInt::Ref(&STATIC_INT)
+//     }
+// }
+
+// fn main() {
+//     let provider = Arc::new(RingBuffer::<Cell<RefOrInt>>::new(1));
+//     let provider_cloned = provider.clone();
+
+//     thread::spawn(move || {
+//         let (_executor, producer) = DisrustorBuilder::new(provider_cloned)
+//             .with_spin_wait()
+//             .with_single_producer()
+//             .with_barrier(|_| {})
+//             .build();
+
+//         producer.write(std::iter::once(()), |slot, _seq, _item| loop {
+//             // Repeatedly write Ref(&addr) and Int(0xdeadbeef) into the cell.
+//             *slot.get_mut() = RefOrInt::Ref(&STATIC_INT);
+//             *slot.get_mut() = RefOrInt::Int(0xdeadbeef);
+//         });
+//     });
+
+//     let (_executor, producer) = DisrustorBuilder::new(provider.clone())
+//         .with_spin_wait()
+//         .with_single_producer()
+//         .with_barrier(|_| {})
+//         .build();
+
+//     producer.write(std::iter::once(()), |slot, _seq, _item| {
+//         loop {
+//             if let RefOrInt::Ref(addr) = slot.get() {
+//                 // Hope that between the time we pattern match the object as a
+//                 // `Ref`, it gets written to by the other thread.
+//                 if addr as *const u64 == &STATIC_INT as *const u64 {
+//                     continue;
+//                 }
+
+//                 println!("Pointer is now: {:p}", addr);
+//                 println!("Dereferencing addr will now segfault: {}", *addr);
+//             }
+//         }
+//     });
+// }
+
+fn main() {
+    println!("CVE-2020-36470 no longer compiles")
+}

src/dsl.rs

@@ -4,17 +4,26 @@ use std::{marker::PhantomData, sync::Arc};
 #[derive(Debug)]
 pub struct DisrustorBuilder {}
 
-pub struct WithDataProvider<D: DataProvider<T>, T> {
+pub struct WithDataProvider<D: DataProvider<T>, T>
+where
+    T: Send + Sync,
+{
     data_provider: Arc<D>,
     _element: PhantomData<T>,
 }
 
-pub struct WithWaitStrategy<W: WaitStrategy, D: DataProvider<T>, T> {
+pub struct WithWaitStrategy<W: WaitStrategy, D: DataProvider<T>, T>
+where
+    T: Send + Sync,
+{
     with_data_provider: WithDataProvider<D, T>,
     _wait_strategy: PhantomData<W>,
 }
 
-pub struct WithSequencer<S: Sequencer, W: WaitStrategy, D: DataProvider<T>, T> {
+pub struct WithSequencer<S: Sequencer, W: WaitStrategy, D: DataProvider<T>, T>
+where
+    T: Send + Sync,
+{
     with_wait_strategy: WithWaitStrategy<W, D, T>,
     sequencer: S,
 }
@@ -28,27 +37,39 @@ pub struct BarrierScope<'a, S: Sequencer, D: DataProvider<T>, T> {
     _element: PhantomData<T>,
 }
 
-pub struct WithEventHandlers<'a, S: Sequencer, W: WaitStrategy, D: DataProvider<T>, T> {
+pub struct WithEventHandlers<'a, S: Sequencer, W: WaitStrategy, D: DataProvider<T>, T>
+where
+    T: Send + Sync,
+{
     with_sequencer: WithSequencer<S, W, D, T>,
     event_handlers: Vec<Box<dyn Runnable + 'a>>,
     gating_sequences: Vec<Arc<AtomicSequence>>,
 }
 
 impl DisrustorBuilder {
     #[allow(clippy::new_ret_no_self)]
-    pub fn new<D: DataProvider<T>, T>(data_provider: Arc<D>) -> WithDataProvider<D, T> {
+    pub fn new<D: DataProvider<T>, T>(data_provider: Arc<D>) -> WithDataProvider<D, T>
+    where
+        T: Send + Sync,
+    {
         WithDataProvider {
             data_provider,
             _element: Default::default(),
         }
     }
 
-    pub fn with_ring_buffer<T: Default>(capacity: usize) -> WithDataProvider<RingBuffer<T>, T> {
+    pub fn with_ring_buffer<T: Default>(capacity: usize) -> WithDataProvider<RingBuffer<T>, T>
+    where
+        T: Send + Sync,
+    {
         Self::new(Arc::new(RingBuffer::new(capacity)))
     }
 }
 
-impl<D: DataProvider<T>, T> WithDataProvider<D, T> {
+impl<D: DataProvider<T>, T> WithDataProvider<D, T>
+where
+    T: Send + Sync,
+{
     pub fn with_wait_strategy<W: WaitStrategy>(self) -> WithWaitStrategy<W, D, T> {
         WithWaitStrategy {
             with_data_provider: self,
@@ -65,7 +86,10 @@ impl<D: DataProvider<T>, T> WithDataProvider<D, T> {
     }
 }
 
-impl<W: WaitStrategy, D: DataProvider<T>, T> WithWaitStrategy<W, D, T> {
+impl<W: WaitStrategy, D: DataProvider<T>, T> WithWaitStrategy<W, D, T>
+where
+    T: Send + Sync,
+{
     pub fn with_sequencer<S: Sequencer>(self, sequencer: S) -> WithSequencer<S, W, D, T> {
         WithSequencer {
             with_wait_strategy: self,
@@ -84,7 +108,7 @@ impl<W: WaitStrategy, D: DataProvider<T>, T> WithWaitStrategy<W, D, T> {
     }
 }
 
-impl<'a, S: Sequencer + 'a, W: WaitStrategy, D: DataProvider<T> + 'a, T: Send + 'a>
+impl<'a, S: Sequencer + 'a, W: WaitStrategy, D: DataProvider<T> + 'a, T: Send + Sync + 'a>
     WithSequencer<S, W, D, T>
 {
     pub fn with_barrier(
@@ -154,7 +178,7 @@ impl<'a, S: Sequencer + 'a, D: DataProvider<T> + 'a, T: Send + 'a> BarrierScope<
     }
 }
 
-impl<'a, S: Sequencer + 'a, W: WaitStrategy, D: DataProvider<T> + 'a, T: Send + 'a>
+impl<'a, S: Sequencer + 'a, W: WaitStrategy, D: DataProvider<T> + 'a, T: Send + Sync + 'a>
     WithEventHandlers<'a, S, W, D, T>
 {
     pub fn with_barrier(mut self, f: impl FnOnce(&mut BarrierScope<'a, S, D, T>)) -> Self {

src/ringbuffer.rs

@@ -27,7 +27,7 @@ impl<T: Default> RingBuffer<T> {
     }
 }
 
-impl<T> DataProvider<T> for RingBuffer<T> {
+impl<T: Send + Sync> DataProvider<T> for RingBuffer<T> {
     unsafe fn get_mut(&self, sequence: Sequence) -> &mut T {
         let index = sequence as usize & self.mask;
         let cell = self.data.get_unchecked(index);
@@ -45,8 +45,8 @@ impl<T> DataProvider<T> for RingBuffer<T> {
     }
 }
 
-unsafe impl<T> Send for RingBuffer<T> {}
-unsafe impl<T> Sync for RingBuffer<T> {}
+unsafe impl<T: Send> Send for RingBuffer<T> {}
+unsafe impl<T: Sync> Sync for RingBuffer<T> {}
 
 #[cfg(test)]
 mod test {