From: Jan Stancek <jstancek@redhat.com>
To: Madper Xie <cxie@redhat.com>
Cc: ltp-list@lists.sourceforge.net
Subject: Re: [LTP] [PATCH] syscalls/fork: add new case fork14
Date: Mon, 27 Jan 2014 06:12:38 -0500 (EST) [thread overview]
Message-ID: <1927689120.7067888.1390821158238.JavaMail.root@redhat.com> (raw)
In-Reply-To: <87mwihq3j6.fsf@redhat.com>
----- Original Message -----
> From: "Madper Xie" <cxie@redhat.com>
> To: ltp-list@lists.sourceforge.net
> Sent: Monday, 27 January, 2014 8:37:01 AM
> Subject: [LTP] [PATCH] syscalls/fork: add new case fork14
>
> This testcase is a reproducer for https://lkml.org/lkml/2012/4/24/328.
> Modified from Siddhesh Poyarekar's testcase posted on above link.
> Since vma length in dup_mmap is calculated and stored in a unsigned
> int, which is insufficient and hence overflows for very large maps
> (beyond 16TB). Once overflow occurred, the fork after mmaped memory >
> 16TB will succeed incorrectly.
>
> This case will run following loop:
> + mmap one (more) GB memory
> + fork and check return value.
> When mmaped more than 16 * 1024 GB, it will check if fork still fail.
> Expected result: Fork failed even if mmaped memory > 16 * 1024 GB
> ---
Hi,
you are missing Signed-off-by line in commit message.
Also it would be nice to mention upstream commit id:
commit 7edc8b0ac16cbaed7cb4ea4c6b95ce98d2997e84
Author: Siddhesh Poyarekar <siddhesh.poyarekar@gmail.com>
Date: Tue May 29 15:06:22 2012 -0700
mm/fork: fix overflow in vma length when copying mmap on clone
This has been fixed starting with 3.5, do we want to run this testcase
on older kernels as well?
Regards,
Jan
> runtest/syscalls | 1 +
> testcases/kernel/syscalls/fork/fork14.c | 118
> ++++++++++++++++++++++++++++++++
> 2 files changed, 119 insertions(+)
> create mode 100644 testcases/kernel/syscalls/fork/fork14.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index afa7976..4cf90e8 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -277,6 +277,7 @@ fork09 fork09
> fork10 fork10
> fork11 fork11
> fork13 fork13 -i 1000000
> +fork14 fork14
>
> fpathconf01 fpathconf01
>
> diff --git a/testcases/kernel/syscalls/fork/fork14.c
> b/testcases/kernel/syscalls/fork/fork14.c
> new file mode 100644
> index 0000000..65d124b
> --- /dev/null
> +++ b/testcases/kernel/syscalls/fork/fork14.c
> @@ -0,0 +1,118 @@
> +/*********************************************************************
> + * Copyright (C) 2014 Red Hat, Inc.
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of version 2 of the GNU General Public
> + * License as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it would be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> + *
> + * Further, this software is distributed without any warranty that it
> + * is free of the rightful claim of any third person regarding
> + * infringement or the like. Any license provided herein, whether
> + * implied or otherwise, applies only to this software file. Patent
> + * licenses, if any, provided herein do not apply to combinations of
> + * this program with other software, or any other product whatsoever.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write the Free Software
> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> + * 02110-1301, USA.
> + *
> + * This test is a reporducer for this patch:
> + * https://lkml.org/lkml/2012/4/24/328
> + * Since vma length in dup_mmap is calculated and stored in a unsigned
> + * int, it will overflow when length of mmaped memory > 16 TB. When
> + * overflow occur, fork will incorrectly succeed. The patch above
> + * fixed it.
> + ********************************************************************/
> +
> +#include <sys/mman.h>
> +#include <sys/wait.h>
> +#include <stdio.h>
> +#include <unistd.h>
> +#include "test.h"
> +#include "usctest.h"
> +
> +char *TCID = "fork14";
> +int TST_TOTAL = 1;
> +
> +#define GB (1024 * 1024 * 1024L)
> +
> +/* set mmap threshold to 16TB */
> +#define LARGE (16 * 1024)
> +#define EXTENT (16 * 1024 + 10)
> +
> +static void setup(void);
> +static void cleanup(void);
> +static int fork_test(void);
> +
> +int main(int ac, char **av)
> +{
> + int lc, ret;
> + char *msg;
> +
> + msg = parse_opts(ac, av, NULL, NULL);
> + if (msg != NULL)
> + tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg);
> +/*
> + * Tested on ppc64/x86_64/i386/s390x. And only 64bit has this issue.
> + * Since a 32bit program can't mmap so many memory.
> + */
> +#if __WORDSIZE == 32
> + tst_brkm(TCONF, NULL, "This test is only for 64bit.");
> +#endif
> + setup();
> + for (lc = 0; TEST_LOOPING(lc); lc++) {
> + tst_count = 0;
> +
> + ret = fork_test();
> + if (ret == 0)
> + tst_resm(TPASS, "fork failed as expected.");
> + }
> + cleanup();
> + tst_exit();
> +}
> +
> +static void setup(void)
> +{
> + tst_sig(FORK, DEF_HANDLER, cleanup);
> + TEST_PAUSE;
> +}
> +
> +static void cleanup(void)
> +{
> + TEST_CLEANUP;
> +}
> +
> +static int fork_test(void)
> +{
> + int i, ret = 0;
> + void *addr;
> +
> + for (i = 0; i < EXTENT; i++) {
> + addr = mmap(NULL, (size_t) 1 * GB, PROT_READ | PROT_WRITE,
> + MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
> + if (addr == MAP_FAILED)
> + tst_brkm(TBROK|TERRNO, cleanup, "mmap");
> + switch (fork()) {
> + case -1:
> + break;
> + case 0:
> + exit(0);
> + default:
> + if (waitpid(-1, NULL, 0) == -1)
> + tst_brkm(TBROK|TERRNO,
> + cleanup, "waitpid");
> +
> + if (i >= LARGE) {
> + tst_brkm(TFAIL, NULL,
> + "Fork succeeds incorrectly");
> + ret++;
> + }
> + }
> + }
> + return ret;
> +}
> --
> 1.8.5.3
>
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> Ltp-list mailing list
> Ltp-list@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ltp-list
>
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
next prev parent reply other threads:[~2014-01-27 11:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-27 7:37 [LTP] [PATCH] syscalls/fork: add new case fork14 Madper Xie
2014-01-27 11:12 ` Jan Stancek [this message]
2014-01-27 14:31 ` Madper Xie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1927689120.7067888.1390821158238.JavaMail.root@redhat.com \
--to=jstancek@redhat.com \
--cc=cxie@redhat.com \
--cc=ltp-list@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox