[DTrace-devel] [PATCH 7/7] test: fix two return tests to not cause trigger buffer overruns

Nick Alcock nick.alcock at oracle.com
Wed Mar 20 14:15:37 UTC 2024 

test/triggers/bogus-ioctl.c is rather odd.  It was originally written for
test/unittest/io/tst.fds.d.  It uses bogus ioctl()s to trigger two things:

 - an infloop at the start with first arg -1, which the script responds to
   by raise()ing SIGUSR1 to get it going again via a signal handler and a
   siglongjmp() (you could use -x evaltime=main for the same purpose, but
   from the dates I believe this test predates that feature)
 - a loop at the end which passes the fd number as the first arg, which
   the script responds to by printing out that fd

A lot of other scripts have grown up that rely on it to just spray out
bogus ioctls forever, but alas two have grown up that assume that they
can get it going via hitting it with SIGUSR1 whenever a bogus ioctl()
is received, regardless of its arg values or anything.  This works fine
the first time, but the second time around it acts as a goto back to the
setjmp(), increments n too far, triggers a buffer overrun on the fds
array in bogus-ioctl and then bogus-ioctl hits an assertion failure and
dies.

This went unnoticed before now because it often happens that the assertion
failure and coredump takes long enough that runtest.sh has already tested
for a coredump by the time it happens, but it's still a bug.  Fix trivial,
we don't even need to look at the arg values: only raise(SIGUSR1) at most
once.

Signed-off-by: Nick Alcock <nick.alcock at oracle.com>
---
 test/unittest/fbtprovider/tst.return1.d | 7 ++++---
 test/unittest/syscall/tst.return_args.d | 5 +++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/test/unittest/fbtprovider/tst.return1.d b/test/unittest/fbtprovider/tst.return1.d
index 751e88652b403..f63a237f8ebd5 100644
--- a/test/unittest/fbtprovider/tst.return1.d
+++ b/test/unittest/fbtprovider/tst.return1.d
@@ -1,6 +1,6 @@
 /*
  * Oracle Linux DTrace.
- * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
  * Licensed under the Universal Permissive License v 1.0 as shown at
  * http://oss.oracle.com/licenses/upl.
  */
@@ -21,9 +21,10 @@ BEGIN
 
 /* notify the trigger to exit its ioctl() loop */
 syscall::ioctl:entry
-/pid == $1/
+/pid == $1 && !signalled/
 {
 	raise(SIGUSR1);
+	signalled = 1;
 }
 
 /* if we enter open(), reset the expected return value */
@@ -44,7 +45,7 @@ fbt:vmlinux:do_sys_open*:return
 }
 
 syscall::open*:return
-/pid == $1 && ++niter >= 20/
+/pid == $1 && ++niter >= 5/
 {
 	exit(0);
 }
diff --git a/test/unittest/syscall/tst.return_args.d b/test/unittest/syscall/tst.return_args.d
index 459afec58269e..e9e752ffa8ed1 100644
--- a/test/unittest/syscall/tst.return_args.d
+++ b/test/unittest/syscall/tst.return_args.d
@@ -1,6 +1,6 @@
 /*
  * Oracle Linux DTrace.
- * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
  * Licensed under the Universal Permissive License v 1.0 as shown at
  * http://oss.oracle.com/licenses/upl.
  */
@@ -18,9 +18,10 @@ BEGIN
 }
 
 syscall::ioctl:entry
-/pid == $1/
+/pid == $1 && !signalled/
 {
 	raise(SIGUSR1);
+	signalled = 1;
 }
 
 syscall::open*:return
-- 
2.44.0.273.ge0bd14271f

More information about the DTrace-devel mailing list