From: Christian Brauner <brauner@kernel.org>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
Date: Mon, 5 Aug 2024 09:22:08 +0200 [thread overview]
Message-ID: <20240805-modisch-anstreben-dc6f70ad6d3e@brauner> (raw)
In-Reply-To: <20240803225054.GY5334@ZenIV>
> Reproducer follows:
>
> #define __GNU_SOURCE
> #include <linux/close_range.h>
> #include <unistd.h>
> #include <fcntl.h>
> #include <signal.h>
> #include <sched.h>
> #include <stdio.h>
> #include <stdbool.h>
> #include <sys/mman.h>
>
> void is_open(int fd)
> {
> printf("#%d is %s\n", fd,
> fcntl(fd, F_GETFD) >= 0 ? "opened" : "not opened");
> }
>
> int child(void *unused)
> {
> while(1) {
> }
> return 0;
> }
>
> int main(void)
> {
> char *stack;
> pid_t pid;
>
> stack = mmap(NULL, 1024*1024, PROT_READ | PROT_WRITE,
> MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0);
> if (stack == MAP_FAILED) {
> perror("mmap");
> return -1;
> }
>
> pid = clone(child, stack + 1024*1024, CLONE_FILES | SIGCHLD, NULL);
> if (pid == -1) {
> perror("clone");
> return -1;
> }
> for (int i = 2; i < 128; i++)
> dup2(0, i);
> close_range(64, ~0U, CLOSE_RANGE_UNSHARE);
>
> is_open(64);
> printf("dup(0) => %d, expected 64\n", dup(0));
>
> kill(pid, 9);
> return 0;
Could you please add that reproducer to
tools/testing/selftests/core/close_range_test.c
TEST(close_range_bitmap_corruption)
{
}
Really, it doesn't have to be pretty but these repros in there really
have been helpful finding such corruptions when run with a proper k*san
config.
next prev parent reply other threads:[~2024-08-05 7:22 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-03 22:50 [PATCH] fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE Al Viro
2024-08-03 23:06 ` Al Viro
2024-08-03 23:51 ` Linus Torvalds
2024-08-04 0:05 ` Linus Torvalds
2024-08-04 0:34 ` Al Viro
2024-08-04 3:42 ` Linus Torvalds
2024-08-04 3:47 ` Al Viro
2024-08-04 4:17 ` Al Viro
2024-08-04 15:18 ` Linus Torvalds
2024-08-04 21:13 ` Al Viro
2024-08-05 23:44 ` Al Viro
2024-08-06 0:04 ` Linus Torvalds
2024-08-06 1:02 ` Al Viro
2024-08-06 8:41 ` Christian Brauner
2024-08-06 16:32 ` Al Viro
2024-08-06 17:01 ` Linus Torvalds
2024-08-05 7:22 ` Christian Brauner [this message]
2024-08-05 18:54 ` Al Viro
2024-08-06 9:11 ` Christian Brauner
2024-08-05 9:48 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240805-modisch-anstreben-dc6f70ad6d3e@brauner \
--to=brauner@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox