[LTP] [PATCH] hugemmap02 test from LTP gives "Segmentation fault"

Wed, 12 Nov 2008 00:10:17 -0800 

Hi,

Recently, the hugemmap02 test gave some "Segmentation fault" as reported
below. Please also find the corresponding discussion and the patch.

-----------------------------------------------------------
Iranna D. Ankad Reported:
-----------------------------------------------------------
hugemmap02 "Segmentation fault" on a 32-bit system:
Linux 2.6.18-120.el5PAE #1 SMP Fri Oct 17 18:17:11 EDT 2008 i686 i686
i386 GNU/Linux

Allocate some huge pages:  

# echo 50 > /proc/sys/vm/nr_hugepages

2. Create & mount hugetlbfs
#mkdir -p /hugetlbfs
#mount -t hugetlbfs none /hugetlbfs

3. Go to following directory in LTP
i.e cd  /root/ltp-full-20080930/testcases/kernel/mem/hugetlb/hugemmap

4. Run "hugemmap02" test

# ./hugemmap02 -H /hugetlbfs/
Segmentation fault

-----------------------------------------------------------
Cijurajan Kollanoor Replied:
-----------------------------------------------------------
The program receives a segmentation fault here:

154                 /* Attempt to mmap a huge page into a low memory address */
155                 errno = 0;
156                 addr2 = mmap(LOW_ADDR2, MAP_SIZE, PROT_READ | PROT_WRITE, 
==> Segfault
157                             MAP_SHARED | MAP_FIXED, fildes, 0);
158 
-----------------------------------------------------------
ADAM G. LITKE Replied:
-----------------------------------------------------------
Unfortunately, when you mmap using the MAP_FIXED flag, you can overwrite an
existing mmap in the address space.  Please do the following to check if this
has happened:

1. Insert a 'getchar();' call above line 155 in the test source code above and
recompile the test.
2. Run the test.  When it pauses (waiting for input at the getchar() call), hit
<ctrl>-z to background the test.
3. Determine the pid of the test case using ps
4. Collect the /proc/<pid>/maps for the appropriate pid
5. Paste that output here in this bug.

-----------------------------------------------------------
Cijurajan Kollanoor Replied:
-----------------------------------------------------------
# cat maps 
00000000-00001000 r-xs 00000000 00:11 1781       /dev/zero
00110000-0024e000 r-xp 00000000 08:02 19183585   /lib/libc-2.5.so
0024e000-00250000 r-xp 0013e000 08:02 19183585   /lib/libc-2.5.so
00250000-00251000 rwxp 00140000 08:02 19183585   /lib/libc-2.5.so
00251000-00254000 rwxp 00251000 00:00 0 
005f1000-0060b000 r-xp 00000000 08:02 19183582   /lib/ld-2.5.so
0060b000-0060c000 r-xp 00019000 08:02 19183582   /lib/ld-2.5.so
0060c000-0060d000 rwxp 0001a000 08:02 19183582   /lib/ld-2.5.so
0073a000-0073b000 r-xp 0073a000 00:00 0          [vdso]
08048000-0804d000 r-xp 00000000 08:02 2586373   
/root/ltp-full-20080930/testcases/kernel/mem/hugetlb/hugemmap/hugemmap02
0804d000-0804e000 rw-p 00004000 08:02 2586373   
/root/ltp-full-20080930/testcases/kernel/mem/hugetlb/hugemmap/hugemmap02
0804e000-08052000 rw-p 0804e000 00:00 0 
08248000-08269000 rw-p 08248000 00:00 0          [heap]
67ef8000-77ef8000 r--s 00000000 00:11 1781       /dev/zero
77ef8000-87ef8000 r--s 00000000 00:11 1781       /dev/zero
87ef8000-97ef8000 r--s 00000000 00:11 1781       /dev/zero
97ef8000-a7ef8000 r--s 00000000 00:11 1781       /dev/zero
a7ef8000-b7ef8000 r--s 00000000 00:11 1781       /dev/zero
b7ef8000-b7efa000 rw-p b7ef8000 00:00 0 
b7f0a000-b7f0b000 rw-p b7f0a000 00:00 0 
bf918000-bf92d000 rw-p bffea000 00:00 0          [stack]
-----------------------------------------------------------
ADAM G. LITKE Replied:
-----------------------------------------------------------
My suspicion is confirmed.  This is a LTP test case bug.  All of the
above mappings will have been overwritten by the mmap call on the
hugetlbfs file at address 0.  This will most certainly cause your
program to crash and burn.

To fix the test case, I would recommend removing the MAP_FIXED flag from that
mmap call and checking the address you get from mmap.  If it's zero, you'll
know a mapping could be created at the bottom of the address space.  If it's
-1, the mmaping failed.  

But if it's >0, you'll have to decide how to handle the case where the mapping
could not be placed in the spot you requested.  This case would not be a
failure, just a failure to test the scenario you wanted to test.  I assume the
LTP test harness has a way to represent an insignificant test result.  You
might just treat this case in the same way you handle mmap() == 0.
-----------------------------------------------------------
-----------------------------------------------------------

Regards--
Subrata

Signed-Off-By:  Cijurajan Kollanoor <[EMAIL PROTECTED]>,

--- /root/ltp-full-20080930/testcases/kernel/mem/hugetlb/hugemmap/hugemmap02.c.orig	2008-11-07 01:06:11.000000000 +0530
+++ /root/ltp-full-20080930/testcases/kernel/mem/hugetlb/hugemmap/hugemmap02.c	2008-11-07 23:54:08.000000000 +0530
@@ -154,7 +154,7 @@ main(int ac, char **av)
 		/* Attempt to mmap a huge page into a low memory address */
 		errno = 0;
 		addr2 = mmap(LOW_ADDR2, MAP_SIZE, PROT_READ | PROT_WRITE,
-			    MAP_SHARED | MAP_FIXED, fildes, 0);
+			    MAP_SHARED, fildes, 0);
 		
 #if __WORDSIZE==64 /* 64-bit process */ 
 		if (addr2 == MAP_FAILED) {
@@ -165,13 +165,15 @@ main(int ac, char **av)
 			tst_resm(TPASS, "huge mmap() correctly succeeded for 64-bit");
 		}
 #else /* 32-bit process */ 
-		if (addr2 != MAP_FAILED) {
-			tst_resm(TFAIL, "huge mmap() unexpectedly succeeded on %s for 32-bit, errno=%d : %s",
-				 TEMPFILE, errno, strerror(errno));
-			continue;
-		} else {
-			tst_resm(TPASS, "huge mmap() failed correctly for 32-bit");
-		}
+                if (addr2 > 0){
+                        tst_resm(TCONF, "huge mmap() failed to test the scenario");
+                        continue;
+                } else if (addr == 0) {
+                        tst_resm(TPASS, "huge mmap() succeeded for 32-bit");
+                } else {
+                        tst_resm(TFAIL, "huge mmap() unexpectedly failed %s for 32-bit, errno=%d : %s",
+                                TEMPFILE, errno, strerror(errno));
+                }
 #endif
 
 		/* Clean up things in case we are looping */

# strace ./hugemmap02 -H /hugetlbfs/
execve("./hugemmap02", ["./hugemmap02", "-H", "/hugetlbfs/"], [/* 23 vars */])
= 0
brk(0)                                  = 0x9887000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=66484, ...}) = 0
mmap2(NULL, 66484, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fbb000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320Ob\0004\0\0\0004"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1606892, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fba000
mmap2(0x60f000, 1324452, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x60f000
mmap2(0x74d000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13e) = 0x74d000
mmap2(0x750000, 9636, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x750000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fb9000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fb96c0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
mprotect(0x74d000, 8192, PROT_READ)     = 0
mprotect(0x60b000, 4096, PROT_READ)     = 0
munmap(0xb7fbb000, 66484)               = 0
brk(0)                                  = 0x9887000
brk(0x98a8000)                          = 0x98a8000
getpid()                                = 17815
rt_sigaction(SIGHUP, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGILL, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTRAP, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGABRT, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGBUS, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGFPE, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGUSR1, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSEGV, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGUSR2, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGALRM, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSTKFLT, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTSTP, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTTIN, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTTOU, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGURG, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGXCPU, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGXFSZ, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGVTALRM, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPROF, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGWINCH, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGIO, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPWR, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSYS, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_16, {0x804b244, [], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
open("/hugetlbfs//17815mmapfile", O_RDWR|O_CREAT, 0666) = 3
open("/dev/zero", O_RDONLY)             = 4
mmap2(NULL, 268435456, PROT_READ, MAP_SHARED, 4, 0) = 0xa7fb9000
mmap2(NULL, 268435456, PROT_READ, MAP_SHARED, 4, 0) = 0x97fb9000
mmap2(NULL, 268435456, PROT_READ, MAP_SHARED, 4, 0) = 0x87fb9000
mmap2(NULL, 268435456, PROT_READ, MAP_SHARED, 4, 0) = 0x77fb9000
mmap2(NULL, 268435456, PROT_READ, MAP_SHARED, 4, 0) = 0x67fb9000
mmap2(NULL, 4096, PROT_READ, MAP_SHARED|MAP_FIXED, 4, 0) = 0
mmap2(NULL, 33554432, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED, 3, 0) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Reply via email to