[LTP] [PATCH v5] Migrating the libhugetlbfs/testcases/truncate_sigbus_versus

public inbox for ltp@lists.linux.it
 help / color / mirror / Atom feed

* [LTP] [PATCH v5] Migrating the libhugetlbfs/testcases/truncate_sigbus_versus_oom.c test
@ 2026-03-17 10:20 Samir
  2026-03-26 12:54 ` Andrea Cervesato via ltp
  0 siblings, 1 reply; 2+ messages in thread
From: Samir @ 2026-03-17 10:20 UTC (permalink / raw)
  To: ltp; +Cc: Samir

In this test case, we are verifying the bug fix commit that is attached as a part of the test case structure,

Some kernel have a bug in the positioning of the test against
i_size.  This bug means that attempting to instantiate a page
beyond the end of a hugepage file can result in an OOM and SIGKILL
instead of the correct SIGBUS.

Signed-off-by: Samir <samir@linux.ibm.com>
---
v5:
1. Addressed typo issue from discription of the test.
2. Removed [Description] tag
3. Removed unused variable.
4. Moved struct sigaction sa this variable in to setup function.
---
 runtest/hugetlb                               |  1 +
 testcases/kernel/mem/.gitignore               |  1 +
 .../kernel/mem/hugetlb/hugemmap/hugemmap37.c  | 92 +++++++++++++++++++
 3 files changed, 94 insertions(+)
 create mode 100644 testcases/kernel/mem/hugetlb/hugemmap/hugemmap37.c

diff --git a/runtest/hugetlb b/runtest/hugetlb
index 0896d3c94..8aaafeee3 100644
--- a/runtest/hugetlb
+++ b/runtest/hugetlb
@@ -36,6 +36,7 @@ hugemmap30 hugemmap30
 hugemmap31 hugemmap31
 hugemmap32 hugemmap32
 hugemmap34 hugemmap34
+hugemmap37 hugemmap37
 hugemmap05_1 hugemmap05 -m
 hugemmap05_2 hugemmap05 -s
 hugemmap05_3 hugemmap05 -s -m
diff --git a/testcases/kernel/mem/.gitignore b/testcases/kernel/mem/.gitignore
index b4455de51..38d428fe8 100644
--- a/testcases/kernel/mem/.gitignore
+++ b/testcases/kernel/mem/.gitignore
@@ -36,6 +36,7 @@
 /hugetlb/hugemmap/hugemmap31
 /hugetlb/hugemmap/hugemmap32
 /hugetlb/hugemmap/hugemmap34
+/hugetlb/hugemmap/hugemmap37
 /hugetlb/hugeshmat/hugeshmat01
 /hugetlb/hugeshmat/hugeshmat02
 /hugetlb/hugeshmat/hugeshmat03
diff --git a/testcases/kernel/mem/hugetlb/hugemmap/hugemmap37.c b/testcases/kernel/mem/hugetlb/hugemmap/hugemmap37.c
new file mode 100644
index 000000000..300787a65
--- /dev/null
+++ b/testcases/kernel/mem/hugetlb/hugemmap/hugemmap37.c
@@ -0,0 +1,92 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2005-2006 David Gibson & Adam Litke, IBM Corporation.
+ */
+
+/*\
+ * Some kernels have a bug in the positioning of the test against
+ * i_size.  This bug means that attempting to instantiate a page
+ * beyond the end of a hugepage file can result in an OOM and SIGKILL
+ * instead of the correct SIGBUS.
+ */
+
+#include "hugetlb.h"
+#include <setjmp.h>
+#include <signal.h>
+
+#define MNTPOINT "hugetlbfs/"
+static int fd = -1, fdx = -1;
+
+static unsigned long long hpage_size;
+static unsigned long totpages;
+
+static sigjmp_buf sig_escape;
+static volatile int test_pass;
+
+static void sigbus_handler(int signum LTP_ATTRIBUTE_UNUSED)
+{
+	test_pass = 1;
+	siglongjmp(sig_escape, 17);
+}
+
+static void run_test(void)
+{
+	void *p, *q;
+	unsigned long i;
+
+	test_pass = 0;
+
+	fd = tst_creat_unlinked(MNTPOINT, 0, 0600);
+	p = SAFE_MMAP(NULL, hpage_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+	SAFE_FTRUNCATE(fd, 0);
+
+	fdx = tst_creat_unlinked(MNTPOINT, 0, 0600);
+	totpages = SAFE_READ_MEMINFO(MEMINFO_HPAGE_FREE);
+	q = SAFE_MMAP(NULL, totpages * hpage_size, PROT_READ | PROT_WRITE, MAP_SHARED,
+			fdx, 0);
+	/* Touch the pages to ensure they're removed from the pool */
+	for (i = 0; i < totpages; i++) {
+		volatile char *x = (volatile char *)q + i * hpage_size;
+		*x = 0;
+	}
+	/* SIGBUS is what *should* happen */
+	SAFE_FTRUNCATE(fdx, 0);
+	if (sigsetjmp(sig_escape, 1) == 0)
+		*((volatile unsigned int *)p);
+
+	if (test_pass)
+		tst_res(TPASS, "Expected SIGBUS triggered");
+	else
+		tst_res(TFAIL, "Didn't SIGBUS");
+}
+
+void setup(void)
+{
+	struct sigaction sa;
+
+	sa.sa_flags = SA_SIGINFO;
+	sa.sa_handler = sigbus_handler;
+	SAFE_SIGACTION(SIGBUS, &sa, NULL);
+	totpages = SAFE_READ_MEMINFO(MEMINFO_HPAGE_FREE);
+	hpage_size = tst_get_hugepage_size();
+}
+
+void cleanup(void)
+{
+	if (fd > 0)
+		SAFE_CLOSE(fd);
+	if (fdx > 0)
+		SAFE_CLOSE(fdx);
+}
+
+static struct tst_test test = {
+	.tags = (struct tst_tag[]){{"linux-git", "ebed4bfc8da8"}, {}},
+	.needs_root = 1,
+	.mntpoint = MNTPOINT,
+	.needs_hugetlbfs = 1,
+	.needs_tmpdir = 1,
+	.setup = setup,
+	.cleanup = cleanup,
+	.test_all = run_test,
+	.hugepages = {1, TST_NEEDS},
+};
-- 
2.51.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [LTP] [PATCH v5] Migrating the libhugetlbfs/testcases/truncate_sigbus_versus_oom.c test
  2026-03-17 10:20 [LTP] [PATCH v5] Migrating the libhugetlbfs/testcases/truncate_sigbus_versus_oom.c test Samir
@ 2026-03-26 12:54 ` Andrea Cervesato via ltp
  0 siblings, 0 replies; 2+ messages in thread
From: Andrea Cervesato via ltp @ 2026-03-26 12:54 UTC (permalink / raw)
  To: Samir; +Cc: Samir, ltp

Hi Samir,

Thanks for the migration. This is just a first line review on the major
issues related to this patch. Probably more will come with time if these
issues won't be achieved.

> Subject: [PATCH] Migrating the
>  libhugetlbfs/testcases/truncate_sigbus_versus_oom.c test

The subject should use imperative mood, e.g.:

  hugemmap37: Migrate truncate_sigbus_versus_oom from libhugetlbfs

> In this test case, we are verifying the bug fix commit that is attached as a part of the test case structure,
>
> Some kernel have a bug in the positioning of the test against

"Some kernel have" -> "Some kernels have". The first sentence ends with
a dangling comma and is vague. Consider dropping it entirely — the
second paragraph already explains the test clearly.

[...]

> +void setup(void)
> +{
> +	struct sigaction sa;

Two issues here:

1) setup() and cleanup() are missing the 'static' keyword.

2) 'sa' is uninitialized — sa_mask and other fields contain garbage.
   Zero-initialize it:

       struct sigaction sa = {};
       sigemptyset(&sa.sa_mask);

> +	sa.sa_flags = SA_SIGINFO;
> +	sa.sa_handler = sigbus_handler;

SA_SIGINFO tells the kernel to use sa_sigaction (3-argument handler),
but you assign to sa_handler (1-argument). This is undefined behavior
per POSIX. Since sigbus_handler() takes a single int, drop SA_SIGINFO:

    sa.sa_flags = 0;
    sa.sa_handler = sigbus_handler;

> +	totpages = SAFE_READ_MEMINFO(MEMINFO_HPAGE_FREE);
> +	hpage_size = tst_get_hugepage_size();

The totpages assignment here is dead code — it gets overwritten in
run_test() before use. Remove it from setup().

[...]

> +	fd = tst_creat_unlinked(MNTPOINT, 0, 0600);
> +	p = SAFE_MMAP(NULL, hpage_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);

[...]

> +	fdx = tst_creat_unlinked(MNTPOINT, 0, 0600);

[...]

> +	q = SAFE_MMAP(NULL, totpages * hpage_size, PROT_READ | PROT_WRITE, MAP_SHARED,
> +			fdx, 0);

fd and fdx are opened each iteration but only closed in cleanup(). On
-i N runs the previous fds leak. Similarly, p and q are mmap'd but
never munmapped, leaking virtual memory each iteration.

Close the fds and munmap both regions at the end of run_test(), resetting
fd/fdx to -1.

[...]

> +void cleanup(void)
> +{
> +	if (fd > 0)
> +		SAFE_CLOSE(fd);
> +	if (fdx > 0)
> +		SAFE_CLOSE(fdx);

if (fd != -1) and fd should be initialized to -1. zero is a valid value.

Regards,
--
Andrea Cervesato
SUSE QE Automation Engineer Linux
andrea.cervesato@suse.com

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-03-26 12:55 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-17 10:20 [LTP] [PATCH v5] Migrating the libhugetlbfs/testcases/truncate_sigbus_versus_oom.c test Samir
2026-03-26 12:54 ` Andrea Cervesato via ltp

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox