All of lore.kernel.org
 help / color / mirror / Atom feed
* [LTP] [PATCH v6] hugemmap37: Migrate truncate_sigbus_versus_oom from libhugetlbfs
@ 2026-04-07  5:06 “Samir
  2026-05-06 12:11 ` Andrea Cervesato via ltp
  0 siblings, 1 reply; 2+ messages in thread
From: “Samir @ 2026-04-07  5:06 UTC (permalink / raw)
  To: ltp; +Cc: “Samir

Some kernels have a bug in the positioning of the test against
i_size. This bug means that attempting to instantiate a page
beyond the end of a hugepage file can result in an OOM and SIGKILL
instead of the correct SIGBUS.

This test verifies that accessing memory beyond a truncated hugepage
file correctly triggers SIGBUS rather than causing an OOM condition.

Signed-off-by: Samir <samir@linux.ibm.com>
---
v6:
1. Fixed description: Removed dangling comma and improved clarity
2. Added 'static' keyword to setup() and cleanup() functions
3. Fixed signal handler initialization:
   - Zero-initialized struct sigaction with = {}
   - Added sigemptyset(&sa.sa_mask)
   - Removed SA_SIGINFO flag (using sa_handler, not sa_sigaction)
4. Removed dead code: Deleted unused totpages assignment from setup()
5. Fixed resource leaks in run_test():
   - Added SAFE_MUNMAP() for both mapped regions (p and q)
   - Added SAFE_CLOSE() for both file descriptors (fd and fdx)
   - Reset fd and fdx to -1 after closing
6. Fixed cleanup() checks: Changed 'if (fd > 0)' to 'if (fd != -1)'
7. Initialized file descriptors to -1 at declaration
---
 runtest/hugetlb                               |   1 +
 testcases/kernel/mem/.gitignore               |   1 +
 .../kernel/mem/hugetlb/hugemmap/hugemmap37.c  | 106 ++++++++++++++++++
 3 files changed, 108 insertions(+)
 create mode 100644 testcases/kernel/mem/hugetlb/hugemmap/hugemmap37.c

diff --git a/runtest/hugetlb b/runtest/hugetlb
index 0896d3c94..8aaafeee3 100644
--- a/runtest/hugetlb
+++ b/runtest/hugetlb
@@ -36,6 +36,7 @@ hugemmap30 hugemmap30
 hugemmap31 hugemmap31
 hugemmap32 hugemmap32
 hugemmap34 hugemmap34
+hugemmap37 hugemmap37
 hugemmap05_1 hugemmap05 -m
 hugemmap05_2 hugemmap05 -s
 hugemmap05_3 hugemmap05 -s -m
diff --git a/testcases/kernel/mem/.gitignore b/testcases/kernel/mem/.gitignore
index b4455de51..38d428fe8 100644
--- a/testcases/kernel/mem/.gitignore
+++ b/testcases/kernel/mem/.gitignore
@@ -36,6 +36,7 @@
 /hugetlb/hugemmap/hugemmap31
 /hugetlb/hugemmap/hugemmap32
 /hugetlb/hugemmap/hugemmap34
+/hugetlb/hugemmap/hugemmap37
 /hugetlb/hugeshmat/hugeshmat01
 /hugetlb/hugeshmat/hugeshmat02
 /hugetlb/hugeshmat/hugeshmat03
diff --git a/testcases/kernel/mem/hugetlb/hugemmap/hugemmap37.c b/testcases/kernel/mem/hugetlb/hugemmap/hugemmap37.c
new file mode 100644
index 000000000..06813b976
--- /dev/null
+++ b/testcases/kernel/mem/hugetlb/hugemmap/hugemmap37.c
@@ -0,0 +1,106 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2005-2006 David Gibson & Adam Litke, IBM Corporation.
+ */
+
+/*\
+ * Some kernels have a bug in the positioning of the test against
+ * i_size. This bug means that attempting to instantiate a page
+ * beyond the end of a hugepage file can result in an OOM and SIGKILL
+ * instead of the correct SIGBUS.
+ *
+ * The test:
+ * - Creates a hugepage file and maps it
+ * - Truncates the file to 0 size
+ * - Allocates all available hugepages to create memory pressure
+ * - Attempts to access the mapped memory
+ * - Verifies SIGBUS is received (correct behavior)
+ */
+
+#include "hugetlb.h"
+#include <setjmp.h>
+#include <signal.h>
+
+#define MNTPOINT "hugetlbfs/"
+static int fd = -1, fdx = -1;
+
+static unsigned long long hpage_size;
+static unsigned long totpages;
+
+static sigjmp_buf sig_escape;
+static volatile int test_pass;
+
+static void sigbus_handler(int signum LTP_ATTRIBUTE_UNUSED)
+{
+	test_pass = 1;
+	siglongjmp(sig_escape, 17);
+}
+
+static void run_test(void)
+{
+	void *p, *q;
+	unsigned long i;
+
+	test_pass = 0;
+
+	fd = tst_creat_unlinked(MNTPOINT, 0, 0600);
+	p = SAFE_MMAP(NULL, hpage_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+	SAFE_FTRUNCATE(fd, 0);
+
+	fdx = tst_creat_unlinked(MNTPOINT, 0, 0600);
+	totpages = SAFE_READ_MEMINFO(MEMINFO_HPAGE_FREE);
+	q = SAFE_MMAP(NULL, totpages * hpage_size, PROT_READ | PROT_WRITE, MAP_SHARED,
+			fdx, 0);
+	/* Touch the pages to ensure they're removed from the pool */
+	for (i = 0; i < totpages; i++) {
+		volatile char *x = (volatile char *)q + i * hpage_size;
+		*x = 0;
+	}
+	/* SIGBUS is what *should* happen */
+	SAFE_FTRUNCATE(fdx, 0);
+	if (sigsetjmp(sig_escape, 1) == 0)
+		*((volatile unsigned int *)p);
+
+	if (test_pass)
+		tst_res(TPASS, "Expected SIGBUS triggered");
+	else
+		tst_res(TFAIL, "Didn't SIGBUS");
+
+	SAFE_MUNMAP(p, hpage_size);
+	SAFE_MUNMAP(q, totpages * hpage_size);
+	SAFE_CLOSE(fd);
+	SAFE_CLOSE(fdx);
+	fd = -1;
+	fdx = -1;
+}
+
+static void setup(void)
+{
+	struct sigaction sa = {};
+
+	sigemptyset(&sa.sa_mask);
+	sa.sa_flags = 0;
+	sa.sa_handler = sigbus_handler;
+	SAFE_SIGACTION(SIGBUS, &sa, NULL);
+	hpage_size = tst_get_hugepage_size();
+}
+
+static void cleanup(void)
+{
+	if (fd != -1)
+		SAFE_CLOSE(fd);
+	if (fdx != -1)
+		SAFE_CLOSE(fdx);
+}
+
+static struct tst_test test = {
+	.tags = (struct tst_tag[]){{"linux-git", "ebed4bfc8da8"}, {}},
+	.needs_root = 1,
+	.mntpoint = MNTPOINT,
+	.needs_hugetlbfs = 1,
+	.needs_tmpdir = 1,
+	.setup = setup,
+	.cleanup = cleanup,
+	.test_all = run_test,
+	.hugepages = {1, TST_NEEDS},
+};
-- 
2.52.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-06 12:12 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-07  5:06 [LTP] [PATCH v6] hugemmap37: Migrate truncate_sigbus_versus_oom from libhugetlbfs “Samir
2026-05-06 12:11 ` Andrea Cervesato via ltp

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.