[LTP] [PATCH v2 1/2] clock_nanosleep01: Avoid dereferencing bad pointers in libc

Tue Oct 5 15:46:39 CEST 2021

In 32-bit (regardless of kernel bits) glibc and musl will usually
dereference the timespec pointers and try to read them. In some cases
this might be avoidable, but they must do it in others.

Passing invalid pointers is undefined in POSIX. In any case, AFAICT
libc would have to catch the signal in order to guarantee EFAULT is
returned.

It's also reported that some other libc implementations dereference
the pointers even in 64bit. If this happens then it blocks more useful
testing. So this avoids passing bad pointers to libc.

Also turn test_type into a bitmask to reduce if statement length.

Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Acked-by: Jan Stancek <jstancek@redhat.com>
---

V2:
* Also remove check on 64-bit
* Avoid pause waiting for child proc
* Use bitmask

 .../clock_nanosleep/clock_nanosleep01.c         | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/testcases/kernel/syscalls/clock_nanosleep/clock_nanosleep01.c b/testcases/kernel/syscalls/clock_nanosleep/clock_nanosleep01.c
index 382497918..6d81151b6 100644
--- a/testcases/kernel/syscalls/clock_nanosleep/clock_nanosleep01.c
+++ b/testcases/kernel/syscalls/clock_nanosleep/clock_nanosleep01.c
@@ -27,10 +27,10 @@ static void sighandler(int sig LTP_ATTRIBUTE_UNUSED)
 }
 
 enum test_type {
-	NORMAL,
-	SEND_SIGINT,
-	BAD_TS_ADDR_REQ,
-	BAD_TS_ADDR_REM,
+	NORMAL = 1,
+	SEND_SIGINT = 2,
+	BAD_TS_ADDR_REQ = 4,
+	BAD_TS_ADDR_REM = 8,
 };
 
 #define TYPE_NAME(x) .ttype = x, .desc = #x
@@ -138,7 +138,14 @@ static void do_test(unsigned int i)
 
 	tst_res(TINFO, "case %s", tc->desc);
 
-	if (tc->ttype == SEND_SIGINT || tc->ttype == BAD_TS_ADDR_REM)
+	if (tc->ttype & (BAD_TS_ADDR_REQ | BAD_TS_ADDR_REM) &&
+	    tv->clock_nanosleep == libc_clock_nanosleep) {
+		tst_res(TCONF,
+			"The libc wrapper may dereference req or rem");
+		return;
+	}
+
+	if (tc->ttype & (SEND_SIGINT | BAD_TS_ADDR_REM))
 		pid = create_sig_proc(SIGINT, 40, 500000);
 
 	tst_ts_set_sec(rq, tc->tv_sec);
-- 
2.33.0

