.gitlab-ci.yml: added thread sanitizer run

This checks for unsafe uses of variables in our included threaded
tests.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cc6746103437bff1a11102e125598ac601ba1fd2..9da0e870c0d44f34f3454cb9e70a7f7f85936691 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -218,11 +218,11 @@ asan.Fedora.x86_64:
   - CFLAGS="-fsanitize=address -g -O2" CXXFLAGS=$CFLAGS LDFLAGS="-static-libasan"
     dash ./configure --disable-gcc-warnings --disable-doc --cache-file cache/config.cache --disable-non-suiteb-curves --disable-guile
   - make -j$(nproc)
-  - LSAN_OPTIONS="suppressions=$(pwd)/fuzz/lsan.supp" make check -j$(nproc)
-  - LSAN_OPTIONS="suppressions=$(pwd)/fuzz/lsan.supp" make -C fuzz check -j$(nproc) GNUTLS_CPUID_OVERRIDE=0x1
-  - LSAN_OPTIONS="suppressions=$(pwd)/fuzz/lsan.supp" make -C fuzz check -j$(nproc) GNUTLS_CPUID_OVERRIDE=0x2
-  - LSAN_OPTIONS="suppressions=$(pwd)/fuzz/lsan.supp" make -C fuzz check -j$(nproc) GNUTLS_CPUID_OVERRIDE=0x4
-  - LSAN_OPTIONS="suppressions=$(pwd)/fuzz/lsan.supp" make -C fuzz check -j$(nproc) GNUTLS_CPUID_OVERRIDE=0x8
+  - LSAN_OPTIONS="suppressions=$(pwd)/devel/lsan.supp" make check -j$(nproc)
+  - LSAN_OPTIONS="suppressions=$(pwd)/devel/lsan.supp" make -C fuzz check -j$(nproc) GNUTLS_CPUID_OVERRIDE=0x1
+  - LSAN_OPTIONS="suppressions=$(pwd)/devel/lsan.supp" make -C fuzz check -j$(nproc) GNUTLS_CPUID_OVERRIDE=0x2
+  - LSAN_OPTIONS="suppressions=$(pwd)/devel/lsan.supp" make -C fuzz check -j$(nproc) GNUTLS_CPUID_OVERRIDE=0x4
+  - LSAN_OPTIONS="suppressions=$(pwd)/devel/lsan.supp" make -C fuzz check -j$(nproc) GNUTLS_CPUID_OVERRIDE=0x8
   - CFLAGS="-fsanitize=address -g -O2" CXXFLAGS=$CFLAGS LDFLAGS="-static-libasan"
     dash ./configure --cache-file cache/config.cache --disable-doc --with-system-priority-file=/etc/crypto-policies/back-ends/gnutls.config --with-default-priority-string=@SYSTEM --with-default-trust-store-pkcs11="pkcs11:" --disable-guile
   - make -j$(nproc)
@@ -242,6 +242,30 @@ asan.Fedora.x86_64:
       - tests/suite/*/*.log
   retry: 1
 
+threadsan.Fedora.x86_64:
+  stage: stage1-testing
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
+  script:
+  - ./bootstrap
+  - CFLAGS="-fsanitize=thread -g -O2" CXXFLAGS=$CFLAGS
+    dash ./configure --disable-gcc-warnings --disable-doc --cache-file cache/config.cache --disable-non-suiteb-curves --disable-guile --enable-fips140-mode
+  - make -j$(nproc)
+  - make -C tests check -j$(nproc) SUBDIRS=. TESTS="tls-pthread dtls-pthread fips-mode-pthread rng-pthread" TSAN_OPTIONS="suppressions=$(pwd)/devel/tsan.supp" GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 GNUTLS_FORCE_FIPS_MODE=1
+  tags:
+  - shared
+  except:
+  - tags
+  artifacts:
+    expire_in: 1 week
+    when: on_failure
+    paths:
+      - ./*.log
+      - fuzz/*.log
+      - tests/*.log
+      - tests/*/*.log
+      - tests/suite/*/*.log
+  retry: 1
+
 static-analyzers.Fedora.x86_64:
   stage: stage1-testing
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD

diff --git a/fuzz/lsan.supp b/devel/lsan.supp
similarity index 100%
rename from fuzz/lsan.supp
rename to devel/lsan.supp

diff --git a/devel/tsan.supp b/devel/tsan.supp
new file mode 100644 (file)
index 0000000..20a835b
--- /dev/null
+++ b/devel/tsan.supp
@@ -0,0 +1,9 @@
+# the following is an inherent issue on gnutls_record_get_direction()
+race:_gnutls_io_write_buffered
+race:_gnutls_io_write_flush
+
+# the following is an inherent issue on gnutls_transport_set_errno()
+race:reset_errno
+
+# this updates the recv_state to states that are harmless
+race:check_session_status