From: Waiman Long <llong@redhat.com>
To: "André Almeida" <andrealmeid@igalia.com>,
"Sebastian Andrzej Siewior" <bigeasy@linutronix.de>,
linux-kernel@vger.kernel.org
Cc: Darren Hart <dvhart@infradead.org>,
Davidlohr Bueso <dave@stgolabs.net>,
Ingo Molnar <mingo@redhat.com>,
Juri Lelli <juri.lelli@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Valentin Schneider <vschneid@redhat.com>,
Borislav Petkov <bp@alien8.de>,
kernel-dev@igalia.com
Subject: Re: [PATCH] selftests/futex: Fix futex_numa_mpol's memory out of range subtest
Date: Wed, 27 Aug 2025 13:58:50 -0400 [thread overview]
Message-ID: <9d4c0d27-0ebd-4c6d-af38-d32ef420fde4@redhat.com> (raw)
In-Reply-To: <20250827154420.1292208-1-andrealmeid@igalia.com>
On 8/27/25 11:44 AM, André Almeida wrote:
> The "Memory out of range" subtest works by pointing the futex pointer
> to the memory exactly after the allocated map (futex_ptr + mem_size).
> This address is out of the allocated range for futex_ptr, but depending
> on the memory layout, it might be pointing to a valid memory address of
> the process. In order to make this test deterministic, create a "buffer
> zone" with PROT_NONE just before allocating the valid futex_ptr memory,
> to make sure that futex_ptr + mem_size falls into a memory address that
> will return an invalid access error.
>
> Fixes: 3163369407ba ("selftests/futex: Add futex_numa_mpol")
> Signed-off-by: André Almeida <andrealmeid@igalia.com>
> ---
> This patch comes from this series:
> https://lore.kernel.org/lkml/20250704-tonyk-robust_test_cleanup-v1-13-c0ff4f24c4e1@igalia.com/
> ---
> .../futex/functional/futex_numa_mpol.c | 17 ++++++++++++++++-
> 1 file changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/tools/testing/selftests/futex/functional/futex_numa_mpol.c b/tools/testing/selftests/futex/functional/futex_numa_mpol.c
> index a9ecfb2d3932..1eb3e67d999b 100644
> --- a/tools/testing/selftests/futex/functional/futex_numa_mpol.c
> +++ b/tools/testing/selftests/futex/functional/futex_numa_mpol.c
> @@ -143,7 +143,7 @@ int main(int argc, char *argv[])
> {
> struct futex32_numa *futex_numa;
> int mem_size, i;
> - void *futex_ptr;
> + void *futex_ptr, *buffer_zone;
> int c;
>
> while ((c = getopt(argc, argv, "chv:")) != -1) {
> @@ -168,6 +168,17 @@ int main(int argc, char *argv[])
> ksft_set_plan(1);
>
> mem_size = sysconf(_SC_PAGE_SIZE);
> +
> + /*
> + * The "Memory out of range" test depends on having a pointer to an
> + * invalid address. To make this test deterministic, and to not depend
> + * on the memory layout of the process, create a "buffer zone" with
> + * PROT_NONE just before the valid memory (*futex_ptr).
> + */
> + buffer_zone = mmap(NULL, mem_size, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
> + if (buffer_zone == MAP_FAILED)
> + ksft_exit_fail_msg("mmap() for %d bytes failed\n", mem_size);
> +
> futex_ptr = mmap(NULL, mem_size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
> if (futex_ptr == MAP_FAILED)
> ksft_exit_fail_msg("mmap() for %d bytes failed\n", mem_size);
This patch makes the assumption that consecutive mmap() calls will
allocate pages consecutively downward from a certain address. I don't
know if this assumption will be valid in all cases. I think it will be
safer to just allocate the 2-page memory block and then change the 2nd
page protection to PROT_NONE to make it a guard page.
Cheers,
Longman
> @@ -229,6 +240,10 @@ int main(int argc, char *argv[])
> }
> }
> }
> +
> + munmap(buffer_zone, mem_size);
> + munmap(futex_ptr, mem_size);
> +
> ksft_test_result_pass("NUMA MPOL tests passed\n");
> ksft_finished();
> return 0;
next prev parent reply other threads:[~2025-08-27 17:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-27 15:44 [PATCH] selftests/futex: Fix futex_numa_mpol's memory out of range subtest André Almeida
2025-08-27 17:58 ` Waiman Long [this message]
2025-08-28 6:32 ` Sebastian Andrzej Siewior
2025-08-28 18:06 ` André Almeida
2025-08-28 18:20 ` Sebastian Andrzej Siewior
2025-08-28 18:47 ` Waiman Long
2025-08-29 2:22 ` André Almeida
2025-08-29 6:16 ` Sebastian Andrzej Siewior
2025-08-29 10:07 ` Borislav Petkov
2025-09-01 12:49 ` André Almeida
2025-09-01 13:57 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9d4c0d27-0ebd-4c6d-af38-d32ef420fde4@redhat.com \
--to=llong@redhat.com \
--cc=andrealmeid@igalia.com \
--cc=bigeasy@linutronix.de \
--cc=bp@alien8.de \
--cc=dave@stgolabs.net \
--cc=dvhart@infradead.org \
--cc=juri.lelli@redhat.com \
--cc=kernel-dev@igalia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=vschneid@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).