aboutsummaryrefslogtreecommitdiff
path: root/tests/heap-overflow.c
blob: 93196ec944dbde4bbbbd507b03a056fbea8f605e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
/*
 * Test heap overflow for libhugetlbfs.
 * Copyright 2008 Cray Inc.  All rights reserved.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, 5th Floor, Boston, MA 02110-1301, USA.
 */

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <sys/wait.h>
#include <hugetlbfs.h>
#include "hugetests.h"

long oc_pool = -1;
long hpagesize;

void cleanup(void)
{
	if (oc_pool > 0)
		restore_overcommit_pages(hpagesize, oc_pool);
}

int main(int argc, char **argv)
{
	int freepages;
	long size1, size2;
	void *p1, *p2;
	int st, pid, rv;

	test_init(argc, argv);

	if (!getenv("HUGETLB_MORECORE"))
		CONFIG("Must have HUGETLB_MORECORE=yes");

	hpagesize = check_hugepagesize();

	/* Must be root because this test modifies the overcommit pool */
	check_must_be_root();

	oc_pool = read_nr_overcommit(hpagesize);
	if (oc_pool > 0)
		set_nr_overcommit_hugepages(hpagesize, 0);

	freepages = get_huge_page_counter(hpagesize, HUGEPAGES_FREE);
	if (freepages < 3)
		CONFIG("Must have at least 3 free hugepages");

	/*
	 * Allocation 1: one hugepage.  Due to malloc overhead, morecore
	 * will probably mmap two hugepages.
	 */
	size1 = hpagesize;
	p1 = malloc(size1);
	if (!p1)
		FAIL("Couldn't malloc %ld bytes", size1);
	if (!test_addr_huge(p1))
		FAIL("First allocation %p not on hugepages", p1);

	/*
	 * Allocation 2: all free hugepages to ensure we exhaust the free pool.
	 */
	size2 = freepages * hpagesize;
	p2 = malloc(size2);
	if (!p2)
		FAIL("Couldn't malloc %ld bytes", size2);
	st = test_addr_huge(p2);
	verbose_printf("Second allocation %p huge?  %s\n", p2, st < 0 ? "??" :
		       (st ? "yes" : "no"));

	/*
	 * Touch the pages in a child process.  Kernel sends a SIGKILL if
	 * we run out of hugepages.
	 */
	pid = fork();
	if (pid < 0)
		FAIL("fork: %s", strerror(errno));

	if (pid == 0) {
		memset(p1, 0, size1);
		memset(p2, 0, size2);
		exit(0);
	}

	rv = waitpid(pid, &st, 0);
	if (rv < 0)
		FAIL("waitpid: %s\n", strerror(errno));
	if (WIFSIGNALED(st))
		FAIL("Child killed by signal %d touching malloc'ed memory",
		     WTERMSIG(st));

	PASS();
}