1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (c) 2016 Linux Test Project.
4 */
5
6/*
7 * DESCRIPTION
8 *
9 * Total s390 2^31 addr space is 0x80000000.
10 *
11 *     0x80000000 - 0x10000000 = 0x70000000
12 *
13 * 0x70000000 is a valid positive intptr_t and adding it to the current offset
14 * produces a valid uintptr_t without overflow (since the MSB being set is OK),
15 * but that is irrelevant for s390 since it has 31-bit pointers and not 32-bit
16 * pointers. Consequently, the brk syscall behaves incorrectly with the invalid
17 * address and changes the program break to the overflowed address. The glibc
18 * part of the implementation detects this overflow and returns a failure with
19 * ENOMEM, but does not reset the program break.
20 *
21 * So the bug is in sbrk as well as the brk syscall. brk() should validate the
22 * address being passed and return an error. sbrk() should not result in a brk
23 * call at all for an invalid address. One could argue in favour of fixing brk
24 * in glibc, but it should be the kernel since one could call the syscall
25 * directly without using the glibc entry points.
26 *
27 * The kernel part was fixed on v3.15 by commits:
28 *     473a06572fcd (s390/compat: convert system call wrappers to C part 02)
29 *
30 * Note:
31 *     The reproducer should be built(gcc -m31) in 32bit on s390 platform
32 *
33 */
34
35#include <stdio.h>
36#include <unistd.h>
37#include "lapi/abisize.h"
38#include "tst_test.h"
39
40static void sbrk_test(void)
41{
42#if defined(__s390__) && defined(TST_ABI32)
43	void *ret1, *ret2;
44
45	/* set bkr to 0x10000000 */
46	tst_res(TINFO, "initial brk: %d", brk((void *)0x10000000));
47
48	/* add 0x10000000, up to total of 0x20000000 */
49	tst_res(TINFO, "sbrk increm: %p", sbrk(0x10000000));
50	ret1 = sbrk(0);
51
52	/* sbrk() returns -1 on s390, but still does overflowed brk() */
53	tst_res(TINFO, "sbrk increm: %p", sbrk(0x70000000));
54	ret2 = sbrk(0);
55
56	if (ret1 != ret2) {
57		tst_res(TFAIL, "Bug! sbrk: %p", ret2);
58		return;
59	}
60
61	tst_res(TPASS, "sbrk verify: %p", ret2);
62#else
63	tst_res(TCONF, "Only works in 32bit on s390 series system");
64#endif
65}
66
67static struct tst_test test = {
68	.test_all = sbrk_test,
69	.tags = (const struct tst_tag[]) {
70		{"linux-git", "473a06572fcd"},
71		{}
72	}
73};
74