Re-visiting SKIP_TEST_BOGUS_ADDR in tests/ipc_msg.c

Dylan Jhong dylan at andestech.com
Mon Sep 14 10:21:14 UTC 2020 

On Mon, Sep 14, 2020 at 02:20:36PM +0800, Dylan Jhung wrote:
> On Sat, Sep 12, 2020 at 07:19:00PM +0800, Dmitry V. Levin wrote:
> > On Fri, Sep 11, 2020 at 06:10:35PM +0800, Ruinland ChuanTzu Tsai wrote:
> > > Hi all,
> > > 
> > > In glibc's 2.32 implementation, the syscall wrapper code now will ac-
> > > cess the `buf` for transforming data types into kernel desired ones :
> > > 
> > > https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/msgctl.c;h=0776472d5e01dea3d4a90e5f025f5074e10d0250;hb=HEAD
> > > 
> > > which is introduced in the commit 3283f711 :
> > > https://sourceware.org/git/?p=glibc.git;a=commit;f=sysdeps/unix/sysv/linux/msgctl.c;h=3283f711132eaadc4f04bd8c1d84c910c29ba066
> > > 
> > > This will definitely triggers the segmentation fault in user space
> > > first instead of triggering EFAULT inside Linux kernel on _every_
> > > platform.
> > 
> > Apparently, the conversion happens only on those architectures where
> > glibc supports 32-bit time_t, that is, where __TIMESIZE == 32.
> > 
> > On these architectures disabling of TEST_MSGCTL_BOGUS_ADDR cures the
> > segfault, but sadly it isn't enough to fix the test because glibc
> > performs the time_t conversion and passes a structure at a different
> > address in memory to the system call.
> > 
> > 
> > -- 
> > ldv
> 
> Hi ldv,
> 
> In my opinion, I think that we should remove the "TEST_MSGCTL_BOGUS_ADDR" test case in ipc_msg.c.
> And just like you said in the paragraph above, 
> this test case fails because that glibc will access the parameter and make some conversion of that parameter.
> 
> Accessing the parameter is totally a valid thing that glibc can do.
> So, if we want to test the kernel behavior, we should use syscall(), instead.
> https://man7.org/linux/man-pages/man2/syscall.2.html
> 
> This issue had already been pointed out when this test case was created.
> We could find the ref below:
> https://lists.strace.io/pipermail/strace-devel/2016-September/005612.html
> 
> If you are agree with that, I can come up with a patch to fix this issue.
>

Hi ldv,

Sorry, I had misunderstanded what you mean in the last mail.

> > On these architectures disabling of TEST_MSGCTL_BOGUS_ADDR cures the
> > segfault, but sadly it isn't enough to fix the test because glibc
> > performs the time_t conversion and passes a structure at a different
> > address in memory to the system call.

You're right! The all test cases of ipc_msg* are resulted fail 
due to that glibc has passed a diffenet address in memory to kernel.

It seems that the only solution of these ipc_msg* test cases is to 
avoid using msgctl() that glibc provided.
Using syscall() can resolve this issue.

We have to modify these test cases something like below:

   - rc = msgctl(0, MSG_INFO, &ds);
   + rc = syscall(SYS_msgctl, 0, MSG_INFO, &ds);

If we choose the syscall() method, we can keep the TEST_MSGCTL_BOGUS_ADDR test case.

Are these modification ok to you?

> Best,
> Dylan Jhong
> 
> -- 
> Strace-devel mailing list
> Strace-devel at lists.strace.io
> https://lists.strace.io/mailman/listinfo/strace-devel


Best,
Dylan Jhong

More information about the Strace-devel mailing list