----- Original Message -----
> From: [email protected]
> To: [email protected]
> Sent: Wednesday, 30 April, 2014 2:14:33 PM
> Subject: [LTP] Unifying syscalls tests for EFAULT
>
> Hi!
> We have quite a lot of testcases that passes wrong pointer to syscalls
> to check that they return EFAULT and several ad-hoc ways to do this.
> I've looked at the code we have and at the kernel implementation in
> order to fix this mess.
>
> There are several ways that testcases use to generate bad addres:
>
> * (void*)-1
> * get_high_address()
> * mmap(..., PROT_NONE, ...)
>
>
> I've looked how is the checking implemented in kernel and it boils down
> to various get_user/put_user variants of strncpy build on the top of the
> __get_user and __put_user functions.
>
> On x86 these functions do coarse check for overflow which should be
> triggered by the (void*)-1 parameter, then if the pointer is smaller
> than maximal possible userspace address and then proceeds with the
> memory access. If memory access creates a page fault the page fault
> handler executes fixup code which returns the EFAULT and if I understand
> this correctly this is the case for both get_high_address() and
> mmap(..., PROT_NONE, ...).
>
> Then there are other architectures that does things a little bit
> differently and I'm not even sure how because most of the functions are
> written in assembler.
>
> Now there are a few things I wonder about:
>
> * Is there an machine that has userspace memory mapped on (void*)-1 ?
>
> because that would make quite a lot of our testcases to fail
>
> * Is there a machine that has userspace address mapped on NULL ?
I do recall a testcase, which had special setup for ia64, because
it didn't work as expected for NULL. When looking at process map,
there was a single page mapped 0, which didn't come from test:
# cat /proc/self/maps
00000000-00004000 r--p 00000000 00:00 0
See this email thread:
https://www.mail-archive.com/[email protected]/msg17855.html
Regards,
Jan
>
> I would consider this pretty evil thing to do, due to fact that
> most of the libraries returns NULL on failure and dereferencing
> these should really cause SegFault or EFAULT.
>
> --
> Cyril Hrubis
> [email protected]
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Ltp-list mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/ltp-list
>
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list
