1 /*
2 * Copyright (c) 2015 Fujitsu Ltd.
3 * Author: Xiaoguang Wang <wangxg.fnst@cn.fujitsu.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
13 * the GNU General Public License for more details.
14 */
15
16 /*
17 * This is a regression test for commit:
18 * http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
19 * commit/?id=90a8020
20 * http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
21 * commit/?id=d6320cb
22 */
23
24 #define _GNU_SOURCE
25
26 #include <stdio.h>
27 #include <errno.h>
28 #include <fcntl.h>
29 #include <sys/types.h>
30 #include <sys/wait.h>
31 #include <unistd.h>
32 #include <sys/mount.h>
33 #include <sys/mman.h>
34
35 #include "test.h"
36 #include "safe_macros.h"
37
38 #define MNTPOINT "mntpoint"
39 #define FS_BLOCKSIZE 1024
40 #define SUB_LOOPCOUNT 10
41
42 static void setup(void);
43 static void cleanup(void);
44 static void do_child(void);
45 static void do_test(void);
46
47 static const char *device;
48 static const char *fs_type = "ext4";
49 static int mount_flag;
50 static int chdir_flag;
51 static int parentfd = -1;
52
53 static int page_size;
54 static int bug_reproduced;
55
56 char *TCID = "mmap16";
57 int TST_TOTAL = 1;
58
main(int ac,char ** av)59 int main(int ac, char **av)
60 {
61 int i, lc;
62
63 tst_parse_opts(ac, av, NULL, NULL);
64
65 setup();
66
67 /*
68 * If child process was killed by SIGBUS, indeed that can not guarantee
69 * this bug must have been fixed, If we're luckily enough, virtual
70 * memory subsystem happen to decide that it is time to write dirty
71 * pages, it will make mapped pages write-protect, so ->page_mkwrite()
72 * still will be called, child process will be killed by SIGBUS, but
73 * it's not because of above fixing patches. So here we run this test
74 * 10 times, if once, child process exits normally, we can sure that
75 * this bug is not fixed.
76 */
77 for (lc = 0; TEST_LOOPING(lc); lc++) {
78 tst_count = 0;
79
80 for (i = 0; i < SUB_LOOPCOUNT; i++)
81 do_test();
82 }
83
84 if (bug_reproduced)
85 tst_resm(TFAIL, "Bug is reproduced!");
86 else
87 tst_resm(TPASS, "Bug is not reproduced!");
88
89 cleanup();
90 tst_exit();
91 }
92
do_test(void)93 static void do_test(void)
94 {
95 int ret, status;
96 pid_t child;
97 char buf[FS_BLOCKSIZE];
98
99 SAFE_TOUCH(cleanup, "testfilep", 0644, NULL);
100 SAFE_TOUCH(cleanup, "testfilec", 0644, NULL);
101
102 child = tst_fork();
103 switch (child) {
104 case -1:
105 tst_brkm(TBROK | TERRNO, cleanup, "fork failed");
106 case 0:
107 do_child();
108 default:
109 parentfd = SAFE_OPEN(cleanup, "testfilep", O_RDWR);
110 memset(buf, 'a', FS_BLOCKSIZE);
111
112 TST_SAFE_CHECKPOINT_WAIT(cleanup, 0);
113 while (1) {
114 ret = write(parentfd, buf, FS_BLOCKSIZE);
115 if (ret < 0) {
116 if (errno == ENOSPC) {
117 break;
118 } else {
119 tst_brkm(TBROK | TERRNO, cleanup,
120 "write failed unexpectedly");
121 }
122 }
123 }
124 SAFE_CLOSE(cleanup, parentfd);
125 TST_SAFE_CHECKPOINT_WAKE(cleanup, 0);
126 }
127
128 wait(&status);
129 if (WIFEXITED(status) && WEXITSTATUS(status) == 1) {
130 bug_reproduced = 1;
131 } else {
132 /*
133 * If child process was killed by SIGBUS, bug is not reproduced.
134 */
135 if (!WIFSIGNALED(status) || WTERMSIG(status) != SIGBUS) {
136 tst_brkm(TBROK | TERRNO, cleanup,
137 "child process terminate unexpectedly");
138 }
139 }
140
141 SAFE_UNLINK(cleanup, "testfilep");
142 SAFE_UNLINK(cleanup, "testfilec");
143 }
144
setup(void)145 static void setup(void)
146 {
147 const char *fs_opts[3] = {"-b", "1024", NULL};
148 const char *extra_opts[] = {"10240", NULL};
149
150 tst_sig(FORK, DEF_HANDLER, NULL);
151 tst_require_root();
152
153 TEST_PAUSE;
154 tst_tmpdir();
155
156 TST_CHECKPOINT_INIT(tst_rmdir);
157
158 page_size = getpagesize();
159
160 device = tst_acquire_device(cleanup);
161 if (!device)
162 tst_brkm(TCONF, cleanup, "Failed to obtain block device");
163 tst_mkfs(cleanup, device, fs_type, fs_opts, extra_opts);
164
165 SAFE_MKDIR(cleanup, MNTPOINT, 0755);
166 /*
167 * Disable ext4 delalloc feature, so block will be allocated
168 * as soon as possible
169 */
170 SAFE_MOUNT(cleanup, device, MNTPOINT, fs_type, 0, "nodelalloc");
171 mount_flag = 1;
172
173 SAFE_CHDIR(cleanup, MNTPOINT);
174 chdir_flag = 1;
175
176 }
177
do_child(void)178 static void do_child(void)
179 {
180 int fd, offset;
181 char buf[FS_BLOCKSIZE];
182 char *addr = NULL;
183
184 /*
185 * We have changed SIGBUS' handler in parent process by calling
186 * tst_sig(FORK, DEF_HANDLER, NULL), so here just restore it.
187 */
188 if (signal(SIGBUS, SIG_DFL) == SIG_ERR)
189 tst_brkm(TBROK | TERRNO, NULL, "signal(SIGBUS) failed");
190
191 memset(buf, 'a', FS_BLOCKSIZE);
192 fd = SAFE_OPEN(NULL, "testfilec", O_RDWR);
193 SAFE_WRITE(NULL, 1, fd, buf, FS_BLOCKSIZE);
194
195 /*
196 * In case mremap() may fail because that memory area can not be
197 * expanded at current virtual address(MREMAP_MAYMOVE is not set),
198 * we first do a mmap(page_size * 2) operation to reserve some
199 * free address space.
200 */
201 addr = SAFE_MMAP(NULL, NULL, page_size * 2, PROT_WRITE | PROT_READ,
202 MAP_PRIVATE_EXCEPT_UCLINUX | MAP_ANONYMOUS, -1, 0);
203 SAFE_MUNMAP(NULL, addr, page_size * 2);
204
205 addr = SAFE_MMAP(NULL, addr, FS_BLOCKSIZE, PROT_WRITE | PROT_READ,
206 MAP_SHARED, fd, 0);
207
208 addr[0] = 'a';
209
210 SAFE_FTRUNCATE(NULL, fd, page_size * 2);
211 addr = mremap(addr, FS_BLOCKSIZE, 2 * page_size, 0);
212 if (addr == MAP_FAILED)
213 tst_brkm(TBROK | TERRNO, NULL, "mremap failed unexpectedly");
214
215 /*
216 * Let parent process consume FS free blocks as many as possible, then
217 * there'll be no free blocks allocated for this new file mmaping for
218 * offset starting at 1024, 2048, or 3072. If this above kernel bug
219 * has been fixed, usually child process will killed by SIGBUS signal,
220 * if not, the data 'A', 'B', 'C' will be silently discarded later when
221 * kernel writepage is called, that means data corruption.
222 */
223 TST_SAFE_CHECKPOINT_WAKE(NULL, 0);
224 TST_SAFE_CHECKPOINT_WAIT2(NULL, 0, 60*1000);
225
226 for (offset = FS_BLOCKSIZE; offset < page_size; offset += FS_BLOCKSIZE)
227 addr[offset] = 'a';
228
229 SAFE_MUNMAP(NULL, addr, 2 * page_size);
230 SAFE_CLOSE(NULL, fd);
231 exit(TFAIL);
232 }
233
cleanup(void)234 static void cleanup(void)
235 {
236 if (parentfd >= 0)
237 close(parentfd);
238 if (chdir_flag && chdir(".."))
239 tst_resm(TWARN | TERRNO, "chdir('..') failed");
240 if (mount_flag && tst_umount(MNTPOINT) < 0)
241 tst_resm(TWARN | TERRNO, "umount device:%s failed", device);
242 if (device)
243 tst_release_device(device);
244 tst_rmdir();
245 }
246