From: <cx...@re...> - 2012-10-29 09:29:17
|
From: Madper Xie <cx...@re...> Modified form a reproducer for https://patchwork.kernel.org/patch/1358441/ pmd_present would return the wrong value on PROT_NONE ranges or in case of a non reproducible race with split_huge_page. The system will crash when this test failed. Signed-off-by: Madper Xie <cx...@re...> --- testcases/kernel/mem/thp/thp03.c | 117 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 testcases/kernel/mem/thp/thp03.c diff --git a/testcases/kernel/mem/thp/thp03.c b/testcases/kernel/mem/thp/thp03.c new file mode 100644 index 0000000..ee6fa1e --- /dev/null +++ b/testcases/kernel/mem/thp/thp03.c @@ -0,0 +1,117 @@ +/* + * Copyright (C) 2012 Red Hat, Inc. + * This program is free software; you can redistribute it and/or + * modify it under the terms of version 2 of the GNU General Public + * License as published by the Free Software Foundation. + * + * This program is distributed in the hope that it would be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * + * Further, this software is distributed without any warranty that it + * is free of the rightful claim of any third person regarding + * infringement or the like. Any license provided herein, whether + * implied or otherwise, applies only to this software file. Patent + * licenses, if any, provided herein do not apply to combinations of + * this program with other software, or any other product whatsoever. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * thp03 - Case for spliting unaligned memory. + * - System will panic if failed. + * + * There was a bug in THP, will crash happened due to the following + * reason according to developers: + * + * most VM places are using pmd_none but a few are still using + * pmd_present. The meaning is about the same for the pmd. However + * pmd_present would return the wrong value on PROT_NONE ranges or in + * case of a non reproducible race with split_huge_page. + * When the code using pmd_present gets a false negative, the kernel will + * crash. It's just an annoying DoS with a BUG_ON triggering: no memory + * corruption and no data corruption (nor userland nor kernel). + */ + +#include <sys/mman.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <fcntl.h> +#include <stdlib.h> +#include <string.h> +#include "mem.h" +#include "safe_macros.h" +#include "test.h" +#include "usctest.h" + +char *TCID = "thp03"; + +static void thp_test(void); + +static long hugepage_size; +static long unaligned_size; +static long page_size; + +int main(int argc, char **argv) +{ + int lc; + char *msg; + + msg = parse_opts(argc, argv, NULL, NULL); + if (msg != NULL) + tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg); + + setup(); + + for (lc = 0; TEST_LOOPING(lc); lc++) { + Tst_count = 0; + + thp_test(); + } + tst_resm(TPASS, "system didn't crash, pass."); + cleanup(); + tst_exit(); +} + +static void thp_test(void) +{ + void *p; + + p = mmap(NULL, unaligned_size, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + if (p == MAP_FAILED) + tst_brkm(TBROK|TERRNO, cleanup, "mmap"); + + memset(p, 0x00, unaligned_size); + if (mprotect(p, unaligned_size, PROT_NONE) == -1) + tst_brkm(TBROK|TERRNO, cleanup, "mprotect"); + if (madvise(p + hugepage_size, page_size, MADV_MERGEABLE) == -1) + tst_brkm(TBROK|TERRNO, cleanup, "madvise"); + + switch (fork()) { + case -1: + tst_brkm(TBROK|TERRNO, cleanup, "fork"); + case 0: + exit(0); + default: + if (waitpid(-1, NULL, 0) == -1) + tst_brkm(TBROK|TERRNO, cleanup, "waitpid"); + } +} + +void setup(void) +{ + hugepage_size = read_meminfo("Hugepagesize:") * KB; + unaligned_size = hugepage_size * 4 - 1; + page_size = SAFE_SYSCONF(NULL, _SC_PAGESIZE); + + tst_sig(FORK, DEF_HANDLER, cleanup); + TEST_PAUSE; +} + +void cleanup(void) +{ + TEST_CLEANUP; +} -- 1.8.0 |
From: Caspar Z. <ca...@ca...> - 2012-10-29 10:36:13
|
On 10/29/2012 05:29 PM, cx...@re... wrote: > From: Madper Xie <cx...@re...> > > Modified form a reproducer for > https://patchwork.kernel.org/patch/1358441/ > pmd_present would return the wrong value on PROT_NONE ranges or in case > of a non reproducible race with split_huge_page. > > The system will crash when this test failed. > > Signed-off-by: Madper Xie <cx...@re...> Please also attach the runtest entry. Reviewed-by: Caspar Zhang <ca...@ca...> > --- > testcases/kernel/mem/thp/thp03.c | 117 +++++++++++++++++++++++++++++++++++++++ > 1 file changed, 117 insertions(+) > create mode 100644 testcases/kernel/mem/thp/thp03.c > > diff --git a/testcases/kernel/mem/thp/thp03.c b/testcases/kernel/mem/thp/thp03.c > new file mode 100644 > index 0000000..ee6fa1e > --- /dev/null > +++ b/testcases/kernel/mem/thp/thp03.c > @@ -0,0 +1,117 @@ > +/* > + * Copyright (C) 2012 Red Hat, Inc. > + * This program is free software; you can redistribute it and/or > + * modify it under the terms of version 2 of the GNU General Public > + * License as published by the Free Software Foundation. > + * > + * This program is distributed in the hope that it would be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > + * > + * Further, this software is distributed without any warranty that it > + * is free of the rightful claim of any third person regarding > + * infringement or the like. Any license provided herein, whether > + * implied or otherwise, applies only to this software file. Patent > + * licenses, if any, provided herein do not apply to combinations of > + * this program with other software, or any other product whatsoever. > + * > + * You should have received a copy of the GNU General Public License > + * along with this program; if not, write the Free Software > + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA > + * 02110-1301, USA. > + * > + * thp03 - Case for spliting unaligned memory. > + * - System will panic if failed. > + * > + * There was a bug in THP, will crash happened due to the following > + * reason according to developers: > + * > + * most VM places are using pmd_none but a few are still using > + * pmd_present. The meaning is about the same for the pmd. However > + * pmd_present would return the wrong value on PROT_NONE ranges or in > + * case of a non reproducible race with split_huge_page. > + * When the code using pmd_present gets a false negative, the kernel will > + * crash. It's just an annoying DoS with a BUG_ON triggering: no memory > + * corruption and no data corruption (nor userland nor kernel). > + */ > + > +#include <sys/mman.h> > +#include <sys/types.h> > +#include <sys/wait.h> > +#include <fcntl.h> > +#include <stdlib.h> > +#include <string.h> > +#include "mem.h" > +#include "safe_macros.h" > +#include "test.h" > +#include "usctest.h" > + > +char *TCID = "thp03"; > + > +static void thp_test(void); > + > +static long hugepage_size; > +static long unaligned_size; > +static long page_size; > + > +int main(int argc, char **argv) > +{ > + int lc; > + char *msg; > + > + msg = parse_opts(argc, argv, NULL, NULL); > + if (msg != NULL) > + tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg); > + > + setup(); > + > + for (lc = 0; TEST_LOOPING(lc); lc++) { > + Tst_count = 0; > + > + thp_test(); > + } > + tst_resm(TPASS, "system didn't crash, pass."); > + cleanup(); > + tst_exit(); > +} > + > +static void thp_test(void) > +{ > + void *p; > + > + p = mmap(NULL, unaligned_size, PROT_READ | PROT_WRITE, > + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); > + if (p == MAP_FAILED) > + tst_brkm(TBROK|TERRNO, cleanup, "mmap"); > + > + memset(p, 0x00, unaligned_size); > + if (mprotect(p, unaligned_size, PROT_NONE) == -1) > + tst_brkm(TBROK|TERRNO, cleanup, "mprotect"); > + if (madvise(p + hugepage_size, page_size, MADV_MERGEABLE) == -1) > + tst_brkm(TBROK|TERRNO, cleanup, "madvise"); > + > + switch (fork()) { > + case -1: > + tst_brkm(TBROK|TERRNO, cleanup, "fork"); > + case 0: > + exit(0); > + default: > + if (waitpid(-1, NULL, 0) == -1) > + tst_brkm(TBROK|TERRNO, cleanup, "waitpid"); > + } > +} > + > +void setup(void) > +{ > + hugepage_size = read_meminfo("Hugepagesize:") * KB; > + unaligned_size = hugepage_size * 4 - 1; > + page_size = SAFE_SYSCONF(NULL, _SC_PAGESIZE); > + > + tst_sig(FORK, DEF_HANDLER, cleanup); > + TEST_PAUSE; > +} > + > +void cleanup(void) > +{ > + TEST_CLEANUP; > +} > |
From: <ch...@su...> - 2012-10-29 13:59:57
|
Hi! > Modified form a reproducer for > https://patchwork.kernel.org/patch/1358441/ I would add this link as well as kernel commit hash to the comment with testcase description too. Just in case. > +char *TCID = "thp03"; It's missing: int TST_TOTAL = 1; So that test framework knows the number of executed tests. (I'm not sure if it's currently used, but all the other tests defined this) > +static void thp_test(void); > + > +static long hugepage_size; > +static long unaligned_size; > +static long page_size; The rests seems okay. -- Cyril Hrubis ch...@su... |
From: <cx...@re...> - 2012-10-30 02:07:40
|
From: Madper Xie <cx...@re...> Modified form a reproducer for https://patchwork.kernel.org/patch/1358441/ Commit: 59af0d4348eb07087097e310f60422b994dd3a2c pmd_present would return the wrong value on PROT_NONE ranges or in case of a non reproducible race with split_huge_page. The system will crash when this test failed. Signed-off-by: Madper Xie <cx...@re...> --- runtest/mm | 1 + testcases/kernel/mem/thp/thp03.c | 121 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 122 insertions(+) create mode 100644 testcases/kernel/mem/thp/thp03.c diff --git a/runtest/mm b/runtest/mm index 2dd66f0..0f59ef7 100644 --- a/runtest/mm +++ b/runtest/mm @@ -82,6 +82,7 @@ swapping01 swapping01 -i 5 thp01 thp01 -I 120 thp02 thp02 +thp03 thp03 vma01 vma01 vma02 vma02 diff --git a/testcases/kernel/mem/thp/thp03.c b/testcases/kernel/mem/thp/thp03.c new file mode 100644 index 0000000..93a0689 --- /dev/null +++ b/testcases/kernel/mem/thp/thp03.c @@ -0,0 +1,121 @@ +/* + * Copyright (C) 2012 Red Hat, Inc. + * This program is free software; you can redistribute it and/or + * modify it under the terms of version 2 of the GNU General Public + * License as published by the Free Software Foundation. + * + * This program is distributed in the hope that it would be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * + * Further, this software is distributed without any warranty that it + * is free of the rightful claim of any third person regarding + * infringement or the like. Any license provided herein, whether + * implied or otherwise, applies only to this software file. Patent + * licenses, if any, provided herein do not apply to combinations of + * this program with other software, or any other product whatsoever. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * thp03 - Case for spliting unaligned memory. + * - System will panic if failed. + * + * Modified form a reproducer for + * https://patchwork.kernel.org/patch/1358441/ + * Commit: 59af0d4348eb07087097e310f60422b994dd3a2c + * There was a bug in THP, will crash happened due to the following + * reason according to developers: + * + * most VM places are using pmd_none but a few are still using + * pmd_present. The meaning is about the same for the pmd. However + * pmd_present would return the wrong value on PROT_NONE ranges or in + * case of a non reproducible race with split_huge_page. + * When the code using pmd_present gets a false negative, the kernel will + * crash. It's just an annoying DoS with a BUG_ON triggering: no memory + * corruption and no data corruption (nor userland nor kernel). + */ + +#include <sys/mman.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <fcntl.h> +#include <stdlib.h> +#include <string.h> +#include "mem.h" +#include "safe_macros.h" +#include "test.h" +#include "usctest.h" + +char *TCID = "thp03"; +int TST_TOTAL = 1; + +static void thp_test(void); + +static long hugepage_size; +static long unaligned_size; +static long page_size; + +int main(int argc, char **argv) +{ + int lc; + char *msg; + + msg = parse_opts(argc, argv, NULL, NULL); + if (msg != NULL) + tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg); + + setup(); + + for (lc = 0; TEST_LOOPING(lc); lc++) { + Tst_count = 0; + + thp_test(); + } + tst_resm(TPASS, "system didn't crash, pass."); + cleanup(); + tst_exit(); +} + +static void thp_test(void) +{ + void *p; + + p = mmap(NULL, unaligned_size, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + if (p == MAP_FAILED) + tst_brkm(TBROK|TERRNO, cleanup, "mmap"); + + memset(p, 0x00, unaligned_size); + if (mprotect(p, unaligned_size, PROT_NONE) == -1) + tst_brkm(TBROK|TERRNO, cleanup, "mprotect"); + if (madvise(p + hugepage_size, page_size, MADV_MERGEABLE) == -1) + tst_brkm(TBROK|TERRNO, cleanup, "madvise"); + + switch (fork()) { + case -1: + tst_brkm(TBROK|TERRNO, cleanup, "fork"); + case 0: + exit(0); + default: + if (waitpid(-1, NULL, 0) == -1) + tst_brkm(TBROK|TERRNO, cleanup, "waitpid"); + } +} + +void setup(void) +{ + hugepage_size = read_meminfo("Hugepagesize:") * KB; + unaligned_size = hugepage_size * 4 - 1; + page_size = SAFE_SYSCONF(NULL, _SC_PAGESIZE); + + tst_sig(FORK, DEF_HANDLER, cleanup); + TEST_PAUSE; +} + +void cleanup(void) +{ + TEST_CLEANUP; +} -- 1.8.0 |
From: Wanlong G. <gao...@cn...> - 2012-10-30 02:23:31
|
On 10/30/2012 10:07 AM, cx...@re... wrote: > From: Madper Xie <cx...@re...> > > Modified form a reproducer for > https://patchwork.kernel.org/patch/1358441/ > Commit: 59af0d4348eb07087097e310f60422b994dd3a2c > pmd_present would return the wrong value on PROT_NONE ranges or in case > of a non reproducible race with split_huge_page. > > The system will crash when this test failed. Pushed with Caspar's Reviewed-by and Cyril's Acked-by, thank you. Wanlong Gao |