xref: /aosp_15_r20/external/ltp/testcases/kernel/syscalls/sbrk/sbrk03.c (revision 49cdfc7efb34551c7342be41a7384b9c40d7cab7) 
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Copyright (c) 2016 Linux Test Project.
4  */
5 
6 /*
7  * DESCRIPTION
8  *
9  * Total s390 2^31 addr space is 0x80000000.
10  *
11  *     0x80000000 - 0x10000000 = 0x70000000
12  *
13  * 0x70000000 is a valid positive intptr_t and adding it to the current offset
14  * produces a valid uintptr_t without overflow (since the MSB being set is OK),
15  * but that is irrelevant for s390 since it has 31-bit pointers and not 32-bit
16  * pointers. Consequently, the brk syscall behaves incorrectly with the invalid
17  * address and changes the program break to the overflowed address. The glibc
18  * part of the implementation detects this overflow and returns a failure with
19  * ENOMEM, but does not reset the program break.
20  *
21  * So the bug is in sbrk as well as the brk syscall. brk() should validate the
22  * address being passed and return an error. sbrk() should not result in a brk
23  * call at all for an invalid address. One could argue in favour of fixing brk
24  * in glibc, but it should be the kernel since one could call the syscall
25  * directly without using the glibc entry points.
26  *
27  * The kernel part was fixed on v3.15 by commits:
28  *     473a06572fcd (s390/compat: convert system call wrappers to C part 02)
29  *
30  * Note:
31  *     The reproducer should be built(gcc -m31) in 32bit on s390 platform
32  *
33  */
34 
35 #include <stdio.h>
36 #include <unistd.h>
37 #include "lapi/abisize.h"
38 #include "tst_test.h"
39 
sbrk_test(void)40 static void sbrk_test(void)
41 {
42 	void *ret1, *ret2;
43 
44 	/* set bkr to 0x10000000 */
45 	tst_res(TINFO, "initial brk: %d", brk((void *)0x10000000));
46 
47 	/* add 0x10000000, up to total of 0x20000000 */
48 	tst_res(TINFO, "sbrk increm: %p", sbrk(0x10000000));
49 	ret1 = sbrk(0);
50 
51 	/* sbrk() returns -1 on s390, but still does overflowed brk() */
52 	tst_res(TINFO, "sbrk increm: %p", sbrk(0x70000000));
53 	ret2 = sbrk(0);
54 
55 	if (ret1 != ret2) {
56 		tst_res(TFAIL, "Bug! sbrk: %p", ret2);
57 		return;
58 	}
59 
60 	tst_res(TPASS, "sbrk verify: %p", ret2);
61 }
62 
63 static struct tst_test test = {
64 	.test_all = sbrk_test,
65 	.supported_archs = (const char *const []) {
66 		"s390",
67 		NULL
68 	},
69 	.needs_abi_bits = 32,
70 	.tags = (const struct tst_tag[]) {
71 		{"linux-git", "473a06572fcd"},
72 		{}
73 	}
74 };
75