[LTP] [PATCH 1/1] mremap06: Add mremap() reproducer for 7e7757876f25

Cyril Hrubis chrubis@suse.cz
Tue Jul 4 10:41:46 CEST 2023 

Hi!
> mremap06.c:69: TINFO: all pages with compatible mapping
> mremap06.c:90: TPASS: mmap/mremap work properly
> mremap06.c:69: TINFO: third page's mapping incompatible
> mremap06.c:90: TPASS: mmap/mremap work properly
> mremap06.c:69: TINFO: first page's mapping incompatible
> mremap06.c:56: TFAIL: page 1 wrong value 2 (0x32)
> mremap06.c:56: TFAIL: page 2 wrong value 3 (0x33)
> 
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> @Cyril: I plan to add SAFE_FALLOCATE() (3 other sources),
> SAFE_MPROTECT() (7 other sources) and SAFE_MREMAP()
> (2 other sources), but as a separate effort.
> 
> Kind regards,
> Petr
> 
>  runtest/syscalls                            |   1 +
>  testcases/kernel/syscalls/mremap/.gitignore |   1 +
>  testcases/kernel/syscalls/mremap/mremap06.c | 129 ++++++++++++++++++++
>  3 files changed, 131 insertions(+)
>  create mode 100644 testcases/kernel/syscalls/mremap/mremap06.c
> 
> diff --git a/runtest/syscalls b/runtest/syscalls
> index b29151186..008bca508 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -845,6 +845,7 @@ mremap02 mremap02
>  mremap03 mremap03
>  mremap04 mremap04
>  mremap05 mremap05
> +mremap06 mremap06
>  
>  msgctl01 msgctl01
>  msgctl02 msgctl02
> diff --git a/testcases/kernel/syscalls/mremap/.gitignore b/testcases/kernel/syscalls/mremap/.gitignore
> index 833e1b883..ec15a19cd 100644
> --- a/testcases/kernel/syscalls/mremap/.gitignore
> +++ b/testcases/kernel/syscalls/mremap/.gitignore
> @@ -3,3 +3,4 @@
>  /mremap03
>  /mremap04
>  /mremap05
> +/mremap06
> diff --git a/testcases/kernel/syscalls/mremap/mremap06.c b/testcases/kernel/syscalls/mremap/mremap06.c
> new file mode 100644
> index 000000000..b7aa5549f
> --- /dev/null
> +++ b/testcases/kernel/syscalls/mremap/mremap06.c
> @@ -0,0 +1,129 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (c) 2023 SUSE LLC
> + * Author: Vlastimil Babka <vbabka@suse.cz>
> + * LTP port: Petr Vorel <pvorel@suse.cz>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * Bug reproducer for 7e7757876f25 ("mm/mremap: fix vm_pgoff in vma_merge() case 3")
> + */
> +
> +#define _GNU_SOURCE
> +#include <unistd.h>
> +#include <stdlib.h>
> +#include <stdio.h>
> +#include <fcntl.h>
> +#include <sys/mman.h>
> +
> +#include "tst_test.h"
> +#include "tst_safe_macros.h"
> +
> +#define PAGE_SIZE 4096

This wouldn't work on 64k page size.

> +#define MMAP_SIZE ((ARRAY_SIZE(tcases)+1)*PAGE_SIZE)
> +#define MREMAP_SIZE (ARRAY_SIZE(tcases)*PAGE_SIZE)

These have to be variables initialized on the fly with getpagesize()
instead of PAGE_SIZE.

> +static int fd;
> +static char *buf, *buf2;
> +
> +static struct tcase {
> +	size_t incompatible;
> +	const char *desc;
> +} tcases[] = {
> +	{
> +		.desc = "all pages with compatible mapping",
> +	},
> +	{
> +		.incompatible = 3,
> +		.desc = "third page's mapping incompatible",
> +	},
> +	{
> +		.incompatible = 1,
> +		.desc = "first page's mapping incompatible",
> +	},
> +};
> +
> +static int check_pages(void)
> +{
> +	int fail = 0, i;
> +	char val;
> +
> +	for (i = 0; i < (int)ARRAY_SIZE(tcases); i++) {
> +		val = buf[i * PAGE_SIZE];
> +		if (val != 0x30 + i) {
> +			tst_res(TFAIL, "page %d wrong value %d (0x%x)", i, val - 0x30, val);

Woudn't this generate too many FAILURE messages? Maybe we should just
break the for cycle here.

> +			fail = 1;
> +		}
> +	}
> +
> +	return fail;
> +}
> +
> +static void do_test(unsigned int n)
> +{
> +	struct tcase *tc = &tcases[n];
> +	int ret;
> +
> +	tst_res(TINFO, "%s", tc->desc);
> +
> +	buf = SAFE_MMAP(0, MMAP_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
> +
> +	buf2 = mremap(buf + PAGE_SIZE, PAGE_SIZE, PAGE_SIZE,
> +			MREMAP_MAYMOVE|MREMAP_FIXED, buf + MREMAP_SIZE);
> +	if (buf2 == MAP_FAILED)
> +		tst_brk(TBROK, "mremap() failed");
> +
> +	if (tc->incompatible) {
> +		ret = mprotect(buf + (tc->incompatible-1)*PAGE_SIZE, PAGE_SIZE, PROT_READ);
> +		if (ret == -1)
> +			tst_brk(TBROK, "mprotect() failed");
> +	}
> +
> +	buf2 = mremap(buf + MREMAP_SIZE, PAGE_SIZE, PAGE_SIZE,
> +			MREMAP_MAYMOVE|MREMAP_FIXED, buf + PAGE_SIZE);
> +	if (buf2 == MAP_FAILED)
> +		tst_brk(TBROK, "mremap() failed");
> +
> +	if (!check_pages())
> +		tst_res(TPASS, "mmap/mremap work properly");
> +
> +	SAFE_MUNMAP(buf, MREMAP_SIZE);
> +}
> +
> +static void setup(void)
> +{
> +	int ret, i;
> +
> +	fd = SAFE_OPEN("testfile", O_CREAT | O_RDWR | O_TRUNC, 0600);
> +
> +	ret = fallocate(fd, 0, 0, MMAP_SIZE);
> +	if (ret == -1)
> +		tst_brk(TBROK, "fallocate() failed");
> +
> +	buf = SAFE_MMAP(0, MMAP_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
> +
> +	for (i = 0; i < (int)ARRAY_SIZE(tcases)+1; i++)
> +		buf[i * PAGE_SIZE] = 0x30 + i;
> +
> +	/* clear the page tables */
> +	SAFE_MUNMAP(buf, MMAP_SIZE);
> +}
> +
> +static void cleanup(void)
> +{
> +	if (fd > 0)
> +		SAFE_CLOSE(fd);
> +}
> +
> +static struct tst_test test = {
> +	.setup = setup,
> +	.cleanup = cleanup,
> +	.test = do_test,
> +	.tcnt = ARRAY_SIZE(tcases),
> +	.tags = (struct tst_tag[]) {
> +		{"linux-git", "7e7757876f25"},
> +		{}
> +	},
> +};
> -- 
> 2.40.1
> 

-- 
Cyril Hrubis
chrubis@suse.cz

More information about the ltp mailing list