xref: /aosp_15_r20/external/ltp/testcases/kernel/syscalls/sbrk/sbrk03.c (revision 49cdfc7efb34551c7342be41a7384b9c40d7cab7) 
1*49cdfc7eSAndroid Build Coastguard Worker // SPDX-License-Identifier: GPL-2.0-or-later
2*49cdfc7eSAndroid Build Coastguard Worker /*
3*49cdfc7eSAndroid Build Coastguard Worker  * Copyright (c) 2016 Linux Test Project.
4*49cdfc7eSAndroid Build Coastguard Worker  */
5*49cdfc7eSAndroid Build Coastguard Worker 
6*49cdfc7eSAndroid Build Coastguard Worker /*
7*49cdfc7eSAndroid Build Coastguard Worker  * DESCRIPTION
8*49cdfc7eSAndroid Build Coastguard Worker  *
9*49cdfc7eSAndroid Build Coastguard Worker  * Total s390 2^31 addr space is 0x80000000.
10*49cdfc7eSAndroid Build Coastguard Worker  *
11*49cdfc7eSAndroid Build Coastguard Worker  *     0x80000000 - 0x10000000 = 0x70000000
12*49cdfc7eSAndroid Build Coastguard Worker  *
13*49cdfc7eSAndroid Build Coastguard Worker  * 0x70000000 is a valid positive intptr_t and adding it to the current offset
14*49cdfc7eSAndroid Build Coastguard Worker  * produces a valid uintptr_t without overflow (since the MSB being set is OK),
15*49cdfc7eSAndroid Build Coastguard Worker  * but that is irrelevant for s390 since it has 31-bit pointers and not 32-bit
16*49cdfc7eSAndroid Build Coastguard Worker  * pointers. Consequently, the brk syscall behaves incorrectly with the invalid
17*49cdfc7eSAndroid Build Coastguard Worker  * address and changes the program break to the overflowed address. The glibc
18*49cdfc7eSAndroid Build Coastguard Worker  * part of the implementation detects this overflow and returns a failure with
19*49cdfc7eSAndroid Build Coastguard Worker  * ENOMEM, but does not reset the program break.
20*49cdfc7eSAndroid Build Coastguard Worker  *
21*49cdfc7eSAndroid Build Coastguard Worker  * So the bug is in sbrk as well as the brk syscall. brk() should validate the
22*49cdfc7eSAndroid Build Coastguard Worker  * address being passed and return an error. sbrk() should not result in a brk
23*49cdfc7eSAndroid Build Coastguard Worker  * call at all for an invalid address. One could argue in favour of fixing brk
24*49cdfc7eSAndroid Build Coastguard Worker  * in glibc, but it should be the kernel since one could call the syscall
25*49cdfc7eSAndroid Build Coastguard Worker  * directly without using the glibc entry points.
26*49cdfc7eSAndroid Build Coastguard Worker  *
27*49cdfc7eSAndroid Build Coastguard Worker  * The kernel part was fixed on v3.15 by commits:
28*49cdfc7eSAndroid Build Coastguard Worker  *     473a06572fcd (s390/compat: convert system call wrappers to C part 02)
29*49cdfc7eSAndroid Build Coastguard Worker  *
30*49cdfc7eSAndroid Build Coastguard Worker  * Note:
31*49cdfc7eSAndroid Build Coastguard Worker  *     The reproducer should be built(gcc -m31) in 32bit on s390 platform
32*49cdfc7eSAndroid Build Coastguard Worker  *
33*49cdfc7eSAndroid Build Coastguard Worker  */
34*49cdfc7eSAndroid Build Coastguard Worker 
35*49cdfc7eSAndroid Build Coastguard Worker #include <stdio.h>
36*49cdfc7eSAndroid Build Coastguard Worker #include <unistd.h>
37*49cdfc7eSAndroid Build Coastguard Worker #include "lapi/abisize.h"
38*49cdfc7eSAndroid Build Coastguard Worker #include "tst_test.h"
39*49cdfc7eSAndroid Build Coastguard Worker 
sbrk_test(void)40*49cdfc7eSAndroid Build Coastguard Worker static void sbrk_test(void)
41*49cdfc7eSAndroid Build Coastguard Worker {
42*49cdfc7eSAndroid Build Coastguard Worker 	void *ret1, *ret2;
43*49cdfc7eSAndroid Build Coastguard Worker 
44*49cdfc7eSAndroid Build Coastguard Worker 	/* set bkr to 0x10000000 */
45*49cdfc7eSAndroid Build Coastguard Worker 	tst_res(TINFO, "initial brk: %d", brk((void *)0x10000000));
46*49cdfc7eSAndroid Build Coastguard Worker 
47*49cdfc7eSAndroid Build Coastguard Worker 	/* add 0x10000000, up to total of 0x20000000 */
48*49cdfc7eSAndroid Build Coastguard Worker 	tst_res(TINFO, "sbrk increm: %p", sbrk(0x10000000));
49*49cdfc7eSAndroid Build Coastguard Worker 	ret1 = sbrk(0);
50*49cdfc7eSAndroid Build Coastguard Worker 
51*49cdfc7eSAndroid Build Coastguard Worker 	/* sbrk() returns -1 on s390, but still does overflowed brk() */
52*49cdfc7eSAndroid Build Coastguard Worker 	tst_res(TINFO, "sbrk increm: %p", sbrk(0x70000000));
53*49cdfc7eSAndroid Build Coastguard Worker 	ret2 = sbrk(0);
54*49cdfc7eSAndroid Build Coastguard Worker 
55*49cdfc7eSAndroid Build Coastguard Worker 	if (ret1 != ret2) {
56*49cdfc7eSAndroid Build Coastguard Worker 		tst_res(TFAIL, "Bug! sbrk: %p", ret2);
57*49cdfc7eSAndroid Build Coastguard Worker 		return;
58*49cdfc7eSAndroid Build Coastguard Worker 	}
59*49cdfc7eSAndroid Build Coastguard Worker 
60*49cdfc7eSAndroid Build Coastguard Worker 	tst_res(TPASS, "sbrk verify: %p", ret2);
61*49cdfc7eSAndroid Build Coastguard Worker }
62*49cdfc7eSAndroid Build Coastguard Worker 
63*49cdfc7eSAndroid Build Coastguard Worker static struct tst_test test = {
64*49cdfc7eSAndroid Build Coastguard Worker 	.test_all = sbrk_test,
65*49cdfc7eSAndroid Build Coastguard Worker 	.supported_archs = (const char *const []) {
66*49cdfc7eSAndroid Build Coastguard Worker 		"s390",
67*49cdfc7eSAndroid Build Coastguard Worker 		NULL
68*49cdfc7eSAndroid Build Coastguard Worker 	},
69*49cdfc7eSAndroid Build Coastguard Worker 	.needs_abi_bits = 32,
70*49cdfc7eSAndroid Build Coastguard Worker 	.tags = (const struct tst_tag[]) {
71*49cdfc7eSAndroid Build Coastguard Worker 		{"linux-git", "473a06572fcd"},
72*49cdfc7eSAndroid Build Coastguard Worker 		{}
73*49cdfc7eSAndroid Build Coastguard Worker 	}
74*49cdfc7eSAndroid Build Coastguard Worker };
75