1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) 2015-2017 Red Hat, Inc.
4 * Copyright (c) Linux Test Project, 2018-2023
5 *
6 * Authors:
7 * Herton R. Krzesinski <[email protected]>
8 * Li Wang <[email protected]>
9 */
10
11 /*\
12 * [Description]
13 *
14 * There is a race condition if we map a same file on different processes.
15 * Region tracking is protected by mmap_sem and hugetlb_instantiation_mutex.
16 * When we do mmap, we don't grab a hugetlb_instantiation_mutex, but only
17 * mmap_sem (exclusively). This doesn't prevent other tasks from modifying
18 * the region structure, so it can be modified by two processes concurrently.
19 *
20 * This bug was fixed on stable kernel by commits:
21 *
22 * f522c3ac00a4 (mm, hugetlb: change variable name reservations to resv)
23 * 9119a41e9091 (mm, hugetlb: unify region structure handling)
24 * 7b24d8616be3 (mm, hugetlb: fix race in region tracking)
25 * 1406ec9ba6c6 (mm, hugetlb: improve, cleanup resv_map parameters)
26 */
27
28 #define _GNU_SOURCE
29 #include <pthread.h>
30 #include <stdio.h>
31 #include "hugetlb.h"
32 #include "lapi/mmap.h"
33
34 static long hpage_size;
35
36 struct mp {
37 char *addr;
38 int sz;
39 };
40
41 #define ARSZ 50
42 #define LOOP 5
43
setup(void)44 static void setup(void)
45 {
46 hpage_size = SAFE_READ_MEMINFO("Hugepagesize:") * 1024;
47 }
48
thr(void * arg)49 static void *thr(void *arg)
50 {
51 struct mp *mmap_sz = arg;
52 int i, lim, a, b, c;
53
54 srand(time(NULL));
55 lim = rand() % 10;
56 for (i = 0; i < lim; i++) {
57 a = rand() % mmap_sz->sz;
58 for (c = 0; c <= a; c++) {
59 b = rand() % mmap_sz->sz;
60 *(mmap_sz->addr + b * hpage_size) = rand();
61 }
62 }
63 return NULL;
64 }
65
do_mmap(unsigned int j LTP_ATTRIBUTE_UNUSED)66 static void do_mmap(unsigned int j LTP_ATTRIBUTE_UNUSED)
67 {
68 int i, sz = ARSZ + 1;
69 void *addr, *new_addr;
70 struct mp mmap_sz[ARSZ];
71 pthread_t tid[ARSZ];
72
73 addr = mmap(NULL, sz * hpage_size,
74 PROT_READ | PROT_WRITE,
75 MAP_PRIVATE | MAP_ANONYMOUS | MAP_HUGETLB,
76 -1, 0);
77
78 if (addr == MAP_FAILED) {
79 if (errno == ENOMEM) {
80 tst_brk(TCONF, "Cannot allocate hugepage, memory too fragmented?");
81 }
82
83 tst_brk(TBROK | TERRNO, "Cannot allocate hugepage");
84 }
85
86 for (i = 0; i < ARSZ; ++i, --sz) {
87 mmap_sz[i].sz = sz;
88 mmap_sz[i].addr = addr;
89
90 TEST(pthread_create(&tid[i], NULL, thr, &mmap_sz[i]));
91 if (TST_RET)
92 tst_brk(TBROK | TRERRNO, "pthread_create failed");
93
94 new_addr = mmap(addr, (sz - 1) * hpage_size,
95 PROT_READ | PROT_WRITE,
96 MAP_PRIVATE | MAP_ANONYMOUS | MAP_HUGETLB | MAP_FIXED,
97 -1, 0);
98
99 if (new_addr == MAP_FAILED)
100 tst_brk(TFAIL | TERRNO, "mmap failed");
101
102 addr = new_addr;
103 }
104
105 for (i = 0; i < ARSZ; ++i) {
106 TEST(pthread_join(tid[i], NULL));
107 if (TST_RET)
108 tst_brk(TBROK | TRERRNO, "pthread_join failed");
109 }
110
111 if (munmap(addr, sz * hpage_size) == -1)
112 tst_brk(TFAIL | TERRNO, "huge munmap failed");
113
114 tst_res(TPASS, "No regression found");
115 }
116
117 static struct tst_test test = {
118 .needs_root = 1,
119 .tcnt = LOOP,
120 .needs_tmpdir = 1,
121 .test = do_mmap,
122 .setup = setup,
123 .hugepages = {(ARSZ + 1) * LOOP, TST_NEEDS},
124 .tags = (const struct tst_tag[]) {
125 {"linux-git", "f522c3ac00a4"},
126 {"linux-git", "9119a41e9091"},
127 {"linux-git", "7b24d8616be3"},
128 {"linux-git", "1406ec9ba6c6"},
129 {}
130 }
131 };
132