[LTP] [PATCH] syscalls/mmap17.c: Add new regression test

Jan Stancek jstancek@redhat.com
Fri Feb 2 11:20:21 CET 2018



----- Original Message -----
> We add a regression test to check if mmap() can't map invalid physical
> addresses.  If mmap() maps /dev/mem offsets outside of the addressable
> limits of a system, setting reserved bits corrupts the page table and
> triggers a kernel crash.
> 
> The kernel bug has been fixed by:
> 'commit ce56a86 ("x86/mm: Limit mmap() of /dev/mem to valid physical
> addresses")'
> 
> Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
> ---
>  runtest/syscalls                        |  1 +
>  testcases/kernel/syscalls/.gitignore    |  1 +
>  testcases/kernel/syscalls/mmap/mmap17.c | 81
>  +++++++++++++++++++++++++++++++++
>  3 files changed, 83 insertions(+)
>  create mode 100644 testcases/kernel/syscalls/mmap/mmap17.c
> 
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 2a4fad0..4342f03 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -641,6 +641,7 @@ mmap14 mmap14
>  #mmap11 mmap11 -i 30000
>  mmap15 mmap15
>  mmap16 mmap16
> +mmap17 mmap17
>  
>  modify_ldt01 modify_ldt01
>  modify_ldt02 modify_ldt02
> diff --git a/testcases/kernel/syscalls/.gitignore
> b/testcases/kernel/syscalls/.gitignore
> index 67211ca..6a8560a 100644
> --- a/testcases/kernel/syscalls/.gitignore
> +++ b/testcases/kernel/syscalls/.gitignore
> @@ -584,6 +584,7 @@
>  /mmap/mmap14
>  /mmap/mmap15
>  /mmap/mmap16
> +/mmap/mmap17
>  /modify_ldt/modify_ldt01
>  /modify_ldt/modify_ldt02
>  /modify_ldt/modify_ldt03
> diff --git a/testcases/kernel/syscalls/mmap/mmap17.c
> b/testcases/kernel/syscalls/mmap/mmap17.c
> new file mode 100644
> index 0000000..b83050f
> --- /dev/null
> +++ b/testcases/kernel/syscalls/mmap/mmap17.c
> @@ -0,0 +1,81 @@
> +/*
> + * Copyright (c) 2018 FUJITSU LIMITED. All rights reserved.
> + * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
> + *
> + * This program is free software;  you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY;  without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
> + * the GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +/*
> + * Description:
> + * A regression test to check if mmap() can't map invalid physical
> addresses.
> + * If mmap() maps /dev/mem offsets outside of the addressable limits of a
> + * system, setting reserved bits corrupts the page table and triggers a
> kernel
> + * crash.
> + *
> + * The kernel bug has been fixed by:
> + * 'commit ce56a86 ("x86/mm: Limit mmap() of /dev/mem to valid physical
> addresses")'
> + */
> +
> +#include <errno.h>
> +#include <unistd.h>
> +#include <sys/mman.h>
> +
> +#include "tst_test.h"
> +
> +#define MEM_PATH	"/dev/mem"
> +#define CPUINFO_PATH	"/proc/cpuinfo"
> +
> +static int fd;
> +static int phy_addr_bits;
> +
> +static void verify_mmap(void)
> +{
> +	char *addr;
> +
> +	addr = mmap(NULL, 1, PROT_READ | PROT_WRITE, MAP_SHARED, fd,
> +		    1ULL<<phy_addr_bits);
> +	if (addr == MAP_FAILED) {
> +		tst_res(TPASS | TERRNO,
> +			"Refused to map invalid physical address");
> +		return;
> +	}
> +
> +	addr[0] = 'a';
> +	SAFE_MUNMAP(addr, 1);
> +	tst_res(TFAIL, "Mapped and set invalid physical address successfully");
> +}
> +
> +static void setup(void)
> +{
> +	if (access(MEM_PATH, F_OK))
> +		tst_brk(TCONF, "%s didn't exist", MEM_PATH);
> +
> +	fd = SAFE_OPEN(MEM_PATH, O_RDWR | O_SYNC);
> +
> +	SAFE_FILE_LINES_SCANF(CPUINFO_PATH, "address sizes\t: %d",
> +			      &phy_addr_bits);

This looks like a problem for architectures other than x86:

$ grep -l "address sizes" -r arch/
arch/sh/kernel/cpu/proc.c
arch/x86/kernel/cpu/proc.c
arch/x86/kernel/umip.c
arch/x86/lib/insn-eval.c

Regards,
Jan

> +}
> +
> +static void cleanup(void)
> +{
> +	if (fd > 0)
> +		SAFE_CLOSE(fd);
> +}
> +
> +static struct tst_test test = {
> +	.needs_root = 1,
> +	.setup = setup,
> +	.cleanup = cleanup,
> +	.test_all = verify_mmap,
> +};
> --
> 1.8.3.1
> 
> 
> 
> 
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
> 


More information about the ltp mailing list