testcases/kernel/syscalls/fork/fork14.c

/*********************************************************************
 * Copyright (C) 2014  Red Hat, Inc.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of version 2 of the GNU General Public
 * License as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it would be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 *
 * Further, this software is distributed without any warranty that it
 * is free of the rightful claim of any third person regarding
 * infringement or the like.  Any license provided herein, whether
 * implied or otherwise, applies only to this software file.  Patent
 * licenses, if any, provided herein do not apply to combinations of
 * this program with other software, or any other product whatsoever.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 *
 * This test is a reporducer for this patch:
 *              https://lkml.org/lkml/2012/4/24/328
 * Since vma length in dup_mmap is calculated and stored in a unsigned
 * int, it will overflow when length of mmaped memory > 16 TB. When
 * overflow occur, fork will  incorrectly succeed. The patch above
 * fixed it.
 ********************************************************************/

#include <sys/mman.h>
#include <sys/wait.h>
#include <stdio.h>
#include <unistd.h>
#include "test.h"
#include "safe_macros.h"

char *TCID = "fork14";
int TST_TOTAL = 1;

#define GB		(1024 * 1024 * 1024L)

/* set mmap threshold to 16TB */
#define LARGE		(16 * 1024)
#define EXTENT		(16 * 1024 + 10)

static char **pointer_vec;

static void setup(void);
static void cleanup(void);
static int  fork_test(void);

int main(int ac, char **av)
{
	int lc, reproduced;
	const char *msg;

	msg = parse_opts(ac, av, NULL, NULL);
	if (msg != NULL)
		tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg);
/*
 * Tested on ppc64/x86_64/i386/s390x. And only 64bit has this issue.
 * Since a 32bit program can't mmap so many memory.
 */
#if __WORDSIZE == 32
	tst_brkm(TCONF, NULL, "This test is only for 64bit.");
#endif
	setup();
	for (lc = 0; TEST_LOOPING(lc); lc++) {
		tst_count = 0;

		reproduced = fork_test();
		if (reproduced == 0)
			tst_resm(TPASS, "fork failed as expected.");
	}
	cleanup();
	tst_exit();
}

static void setup(void)
{
	tst_sig(FORK, DEF_HANDLER, cleanup);
	TEST_PAUSE;

	pointer_vec = SAFE_MALLOC(cleanup, EXTENT * sizeof(char *));
}

static void cleanup(void)
{
	free(pointer_vec);
}

static int fork_test(void)
{
	int i, j, prev_failed = 0, fails = 0;
	int reproduced = 0;
	void *addr;

	for (i = 0; i < EXTENT; i++) {
		addr = mmap(NULL, 1 * GB, PROT_READ | PROT_WRITE,
			    MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
		if (addr == MAP_FAILED) {
			pointer_vec[i] = NULL;
			fails++;
			/*
			 * EXTENT is "16*1024+10", if fails count exceeds 10,
			 * we are almost impossible to get an vm_area_struct
			 * sized 16TB
			 */
			if (fails == 11) {
				tst_brkm(TCONF, cleanup, "mmap() fails too many"
					 "times, so we are almost impossible to"
					 " get an vm_area_struct sized 16TB.");
			}
		} else {
			pointer_vec[i] = addr;
		}

		switch (tst_fork()) {
		case -1:
			prev_failed = 1;
		break;
		case 0:
			exit(0);
		default:
			if (waitpid(-1, NULL, 0) == -1)
				tst_brkm(TBROK | TERRNO, cleanup, "waitpid");

			if (prev_failed > 0 && i >= LARGE) {
				tst_resm(TFAIL, "Fork succeeds incorrectly");
				reproduced = 1;
				goto clear_memory_map;
			}
		}
	}

clear_memory_map:
	for (j = 0; j <= i; j++) {
		if (pointer_vec[j])
			SAFE_MUNMAP(cleanup, pointer_vec[j], 1 * GB);
	}

	return reproduced;
}