From: Jianlin Lv <Jianlin.Lv@arm.com>
To: bpf@vger.kernel.org
Cc: davem@davemloft.net, kuba@kernel.org, ast@kernel.org,
daniel@iogearbox.net, yhs@fb.com, Jianlin.Lv@arm.com,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH bpf-next] bpf: fix segmentation fault of test_progs
Date: Sat, 8 Aug 2020 01:20:16 +0800 [thread overview]
Message-ID: <20200807172016.150952-1-Jianlin.Lv@arm.com> (raw)
In-Reply-To: <20200731061600.18344-1-Jianlin.Lv@arm.com>
test_progs reports the segmentation fault as below
$ sudo ./test_progs -t mmap --verbose
test_mmap:PASS:skel_open_and_load 0 nsec
......
test_mmap:PASS:adv_mmap1 0 nsec
test_mmap:PASS:adv_mmap2 0 nsec
test_mmap:PASS:adv_mmap3 0 nsec
test_mmap:PASS:adv_mmap4 0 nsec
Segmentation fault
This issue was triggered because mmap() and munmap() used inconsistent
length parameters; mmap() creates a new mapping of 3*page_size, but the
length parameter set in the subsequent re-map and munmap() functions is
4*page_size; this leads to the destruction of the process space.
Another issue is that when unmap the second page fails, the length
parameter to delete tmp1 mappings should be 3*page_size.
Signed-off-by: Jianlin Lv <Jianlin.Lv@arm.com>
---
tools/testing/selftests/bpf/prog_tests/mmap.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/mmap.c b/tools/testing/selftests/bpf/prog_tests/mmap.c
index 43d0b5578f46..2070cfe19cac 100644
--- a/tools/testing/selftests/bpf/prog_tests/mmap.c
+++ b/tools/testing/selftests/bpf/prog_tests/mmap.c
@@ -192,7 +192,7 @@ void test_mmap(void)
/* unmap second page: pages 1, 3 mapped */
err = munmap(tmp1 + page_size, page_size);
if (CHECK(err, "adv_mmap2", "errno %d\n", errno)) {
- munmap(tmp1, map_sz);
+ munmap(tmp1, 3 * page_size);
goto cleanup;
}
@@ -207,8 +207,8 @@ void test_mmap(void)
CHECK(tmp1 + page_size != tmp2, "adv_mmap4",
"tmp1: %p, tmp2: %p\n", tmp1, tmp2);
- /* re-map all 4 pages */
- tmp2 = mmap(tmp1, 4 * page_size, PROT_READ, MAP_SHARED | MAP_FIXED,
+ /* re-map all 3 pages */
+ tmp2 = mmap(tmp1, 3 * page_size, PROT_READ, MAP_SHARED | MAP_FIXED,
data_map_fd, 0);
if (CHECK(tmp2 == MAP_FAILED, "adv_mmap5", "errno %d\n", errno)) {
munmap(tmp1, 3 * page_size); /* unmap page 1 */
@@ -226,7 +226,7 @@ void test_mmap(void)
CHECK_FAIL(map_data->val[2] != 321);
CHECK_FAIL(map_data->val[far] != 3 * 321);
- munmap(tmp2, 4 * page_size);
+ munmap(tmp2, 3 * page_size);
/* map all 4 pages, but with pg_off=1 page, should fail */
tmp1 = mmap(NULL, 4 * page_size, PROT_READ, MAP_SHARED | MAP_FIXED,
--
2.17.1
next prev parent reply other threads:[~2020-08-07 17:20 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-31 6:16 [PATCH bpf-next] bpf: fix compilation warning of selftests Jianlin Lv
2020-07-31 15:00 ` Daniel Borkmann
2020-07-31 17:39 ` Andrii Nakryiko
2020-08-06 10:42 ` [PATCH bpf-next v2] " Jianlin Lv
2020-08-07 0:05 ` Alexei Starovoitov
2020-08-07 17:20 ` Jianlin Lv [this message]
2020-08-07 20:13 ` [PATCH bpf-next] bpf: fix segmentation fault of test_progs Andrii Nakryiko
2020-08-10 15:39 ` [PATCH bpf-next v2] " Jianlin Lv
2020-08-11 0:23 ` Andrii Nakryiko
2020-08-11 13:19 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200807172016.150952-1-Jianlin.Lv@arm.com \
--to=jianlin.lv@arm.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.