polyphony 0.85 → 0.86

data/vendor/liburing/test/poll.c

@@ -0,0 +1,109 @@
+/* SPDX-License-Identifier: MIT */
+/*
+ * Description: test io_uring poll handling
+ *
+ */
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <poll.h>
+#include <sys/wait.h>
+
+#include "liburing.h"
+
+static void sig_alrm(int sig)
+{
+	fprintf(stderr, "Timed out!\n");
+	exit(1);
+}
+
+int main(int argc, char *argv[])
+{
+	struct io_uring_cqe *cqe;
+	struct io_uring_sqe *sqe;
+	struct io_uring ring;
+	int pipe1[2];
+	pid_t p;
+	int ret;
+
+	if (argc > 1)
+		return 0;
+
+	if (pipe(pipe1) != 0) {
+		perror("pipe");
+		return 1;
+	}
+
+	p = fork();
+	switch (p) {
+	case -1:
+		perror("fork");
+		exit(2);
+	case 0: {
+		struct sigaction act;
+
+		ret = io_uring_queue_init(1, &ring, 0);
+		if (ret) {
+			fprintf(stderr, "child: ring setup failed: %d\n", ret);
+			return 1;
+		}
+
+		memset(&act, 0, sizeof(act));
+		act.sa_handler = sig_alrm;
+		act.sa_flags = SA_RESTART;
+		sigaction(SIGALRM, &act, NULL);
+		alarm(1);
+
+		sqe = io_uring_get_sqe(&ring);
+		if (!sqe) {
+			fprintf(stderr, "get sqe failed\n");
+			return 1;
+		}
+
+		io_uring_prep_poll_add(sqe, pipe1[0], POLLIN);
+		io_uring_sqe_set_data(sqe, sqe);
+
+		ret = io_uring_submit(&ring);
+		if (ret <= 0) {
+			fprintf(stderr, "child: sqe submit failed: %d\n", ret);
+			return 1;
+		}
+
+		do {
+			ret = io_uring_wait_cqe(&ring, &cqe);
+			if (ret < 0) {
+				fprintf(stderr, "child: wait completion %d\n", ret);
+				break;
+			}
+			io_uring_cqe_seen(&ring, cqe);
+		} while (ret != 0);
+
+		if (ret < 0)
+			return 1;
+		if (cqe->user_data != (unsigned long) sqe) {
+			fprintf(stderr, "child: cqe doesn't match sqe\n");
+			return 1;
+		}
+		if ((cqe->res & POLLIN) != POLLIN) {
+			fprintf(stderr, "child: bad return value %ld\n",
+							(long) cqe->res);
+			return 1;
+		}
+		exit(0);
+		}
+	default:
+		do {
+			errno = 0;
+			ret = write(pipe1[1], "foo", 3);
+		} while (ret == -1 && errno == EINTR);
+
+		if (ret != 3) {
+			fprintf(stderr, "parent: bad write return %d\n", ret);
+			return 1;
+		}
+		return 0;
+	}
+}

data/vendor/liburing/test/pollfree.c

@@ -0,0 +1,426 @@
+/* SPDX-License-Identifier: MIT */
+// https://syzkaller.appspot.com/bug?id=5f5a44abb4cba056fe24255c4fcb7e7bbe13de7a
+// autogenerated by syzkaller (https://github.com/google/syzkaller)
+
+#include <dirent.h>
+#include <endian.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <pthread.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/prctl.h>
+#include <sys/stat.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <time.h>
+#include <unistd.h>
+
+#include <linux/futex.h>
+
+#ifdef __NR_futex
+
+static void sleep_ms(uint64_t ms)
+{
+  usleep(ms * 1000);
+}
+
+static uint64_t current_time_ms(void)
+{
+  struct timespec ts;
+  if (clock_gettime(CLOCK_MONOTONIC, &ts))
+    exit(1);
+  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
+}
+
+static void thread_start(void* (*fn)(void*), void* arg)
+{
+  pthread_t th;
+  pthread_attr_t attr;
+  pthread_attr_init(&attr);
+  pthread_attr_setstacksize(&attr, 128 << 10);
+  int i = 0;
+  for (; i < 100; i++) {
+    if (pthread_create(&th, &attr, fn, arg) == 0) {
+      pthread_attr_destroy(&attr);
+      return;
+    }
+    if (errno == EAGAIN) {
+      usleep(50);
+      continue;
+    }
+    break;
+  }
+  exit(1);
+}
+
+typedef struct {
+  int state;
+} event_t;
+
+static void event_init(event_t* ev)
+{
+  ev->state = 0;
+}
+
+static void event_reset(event_t* ev)
+{
+  ev->state = 0;
+}
+
+static void event_set(event_t* ev)
+{
+  if (ev->state)
+    exit(1);
+  __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE);
+  syscall(__NR_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000);
+}
+
+static void event_wait(event_t* ev)
+{
+  while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE))
+    syscall(__NR_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0);
+}
+
+static int event_isset(event_t* ev)
+{
+  return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE);
+}
+
+static int event_timedwait(event_t* ev, uint64_t timeout)
+{
+  uint64_t start = current_time_ms();
+  uint64_t now = start;
+  for (;;) {
+    uint64_t remain = timeout - (now - start);
+    struct timespec ts;
+    ts.tv_sec = remain / 1000;
+    ts.tv_nsec = (remain % 1000) * 1000 * 1000;
+    syscall(__NR_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts);
+    if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE))
+      return 1;
+    now = current_time_ms();
+    if (now - start > timeout)
+      return 0;
+  }
+}
+
+#define SIZEOF_IO_URING_SQE 64
+#define SIZEOF_IO_URING_CQE 16
+#define SQ_HEAD_OFFSET 0
+#define SQ_TAIL_OFFSET 64
+#define SQ_RING_MASK_OFFSET 256
+#define SQ_RING_ENTRIES_OFFSET 264
+#define SQ_FLAGS_OFFSET 276
+#define SQ_DROPPED_OFFSET 272
+#define CQ_HEAD_OFFSET 128
+#define CQ_TAIL_OFFSET 192
+#define CQ_RING_MASK_OFFSET 260
+#define CQ_RING_ENTRIES_OFFSET 268
+#define CQ_RING_OVERFLOW_OFFSET 284
+#define CQ_FLAGS_OFFSET 280
+#define CQ_CQES_OFFSET 320
+
+struct io_sqring_offsets {
+  uint32_t head;
+  uint32_t tail;
+  uint32_t ring_mask;
+  uint32_t ring_entries;
+  uint32_t flags;
+  uint32_t dropped;
+  uint32_t array;
+  uint32_t resv1;
+  uint64_t resv2;
+};
+
+struct io_cqring_offsets {
+  uint32_t head;
+  uint32_t tail;
+  uint32_t ring_mask;
+  uint32_t ring_entries;
+  uint32_t overflow;
+  uint32_t cqes;
+  uint64_t resv[2];
+};
+
+struct io_uring_params {
+  uint32_t sq_entries;
+  uint32_t cq_entries;
+  uint32_t flags;
+  uint32_t sq_thread_cpu;
+  uint32_t sq_thread_idle;
+  uint32_t features;
+  uint32_t resv[4];
+  struct io_sqring_offsets sq_off;
+  struct io_cqring_offsets cq_off;
+};
+
+#define IORING_OFF_SQ_RING 0
+#define IORING_OFF_SQES 0x10000000ULL
+
+#define sys_io_uring_setup 425
+static long syz_io_uring_setup(volatile long a0, volatile long a1,
+                               volatile long a2, volatile long a3,
+                               volatile long a4, volatile long a5)
+{
+  uint32_t entries = (uint32_t)a0;
+  struct io_uring_params* setup_params = (struct io_uring_params*)a1;
+  void* vma1 = (void*)a2;
+  void* vma2 = (void*)a3;
+  void** ring_ptr_out = (void**)a4;
+  void** sqes_ptr_out = (void**)a5;
+  uint32_t fd_io_uring = syscall(sys_io_uring_setup, entries, setup_params);
+  uint32_t sq_ring_sz =
+      setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t);
+  uint32_t cq_ring_sz = setup_params->cq_off.cqes +
+                        setup_params->cq_entries * SIZEOF_IO_URING_CQE;
+  uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz;
+  *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE,
+                       MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring,
+                       IORING_OFF_SQ_RING);
+  uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE;
+  *sqes_ptr_out =
+      mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE,
+           MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES);
+  return fd_io_uring;
+}
+
+static long syz_io_uring_submit(volatile long a0, volatile long a1,
+                                volatile long a2, volatile long a3)
+{
+  char* ring_ptr = (char*)a0;
+  char* sqes_ptr = (char*)a1;
+  char* sqe = (char*)a2;
+  uint32_t sqes_index = (uint32_t)a3;
+  uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET);
+  uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET);
+  uint32_t sq_array_off =
+      (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63;
+  if (sq_ring_entries)
+    sqes_index %= sq_ring_entries;
+  char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE;
+  memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE);
+  uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET);
+  uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET);
+  uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask;
+  uint32_t sq_tail_next = *sq_tail_ptr + 1;
+  uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off);
+  *(sq_array + sq_tail) = sqes_index;
+  __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE);
+  return 0;
+}
+
+static void kill_and_wait(int pid, int* status)
+{
+  kill(-pid, SIGKILL);
+  kill(pid, SIGKILL);
+  for (int i = 0; i < 100; i++) {
+    if (waitpid(-1, status, WNOHANG | __WALL) == pid)
+      return;
+    usleep(1000);
+  }
+  DIR* dir = opendir("/sys/fs/fuse/connections");
+  if (dir) {
+    for (;;) {
+      struct dirent* ent = readdir(dir);
+      if (!ent)
+        break;
+      if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
+        continue;
+      char abort[300];
+      snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
+               ent->d_name);
+      int fd = open(abort, O_WRONLY);
+      if (fd == -1) {
+        continue;
+      }
+      if (write(fd, abort, 1) < 0) {
+      }
+      close(fd);
+    }
+    closedir(dir);
+  } else {
+  }
+  while (waitpid(-1, status, __WALL) != pid) {
+  }
+}
+
+static void setup_test()
+{
+  prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
+  setpgrp();
+}
+
+struct thread_t {
+  int created, call;
+  event_t ready, done;
+};
+
+static struct thread_t threads[16];
+static void execute_call(int call);
+static int running;
+
+static void* thr(void* arg)
+{
+  struct thread_t* th = (struct thread_t*)arg;
+  for (;;) {
+    event_wait(&th->ready);
+    event_reset(&th->ready);
+    execute_call(th->call);
+    __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED);
+    event_set(&th->done);
+  }
+  return 0;
+}
+
+static void execute_one(void)
+{
+  int i, call, thread;
+  for (call = 0; call < 4; call++) {
+    for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0]));
+         thread++) {
+      struct thread_t* th = &threads[thread];
+      if (!th->created) {
+        th->created = 1;
+        event_init(&th->ready);
+        event_init(&th->done);
+        event_set(&th->done);
+        thread_start(thr, th);
+      }
+      if (!event_isset(&th->done))
+        continue;
+      event_reset(&th->done);
+      th->call = call;
+      __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED);
+      event_set(&th->ready);
+      event_timedwait(&th->done, 50);
+      break;
+    }
+  }
+  for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++)
+    sleep_ms(1);
+}
+
+static void execute_one(void);
+
+#define WAIT_FLAGS __WALL
+
+static void loop(void)
+{
+  int iter = 0;
+  for (; iter < 5000; iter++) {
+    int pid = fork();
+    if (pid < 0)
+      exit(1);
+    if (pid == 0) {
+      setup_test();
+      execute_one();
+      exit(0);
+    }
+    int status = 0;
+    uint64_t start = current_time_ms();
+    for (;;) {
+      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
+        break;
+      sleep_ms(1);
+      if (current_time_ms() - start < 5000)
+        continue;
+      kill_and_wait(pid, &status);
+      break;
+    }
+  }
+}
+
+#ifndef __NR_io_uring_enter
+#define __NR_io_uring_enter 426
+#endif
+
+uint64_t r[4] = {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0};
+
+void execute_call(int call)
+{
+  intptr_t res = 0;
+  switch (call) {
+  case 0:
+    *(uint64_t*)0x200000c0 = 0;
+    res = syscall(__NR_signalfd4, -1, 0x200000c0ul, 8ul, 0ul);
+    if (res != -1)
+      r[0] = res;
+    break;
+  case 1:
+    *(uint32_t*)0x20000a84 = 0;
+    *(uint32_t*)0x20000a88 = 0;
+    *(uint32_t*)0x20000a8c = 0;
+    *(uint32_t*)0x20000a90 = 0;
+    *(uint32_t*)0x20000a98 = -1;
+    memset((void*)0x20000a9c, 0, 12);
+    res = -1;
+    res = syz_io_uring_setup(0x87, 0x20000a80, 0x206d6000, 0x206d7000,
+                             0x20000000, 0x20000040);
+    if (res != -1) {
+      r[1] = res;
+      r[2] = *(uint64_t*)0x20000000;
+      r[3] = *(uint64_t*)0x20000040;
+    }
+    break;
+  case 2:
+    *(uint8_t*)0x20002240 = 6;
+    *(uint8_t*)0x20002241 = 0;
+    *(uint16_t*)0x20002242 = 0;
+    *(uint32_t*)0x20002244 = r[0];
+    *(uint64_t*)0x20002248 = 0;
+    *(uint64_t*)0x20002250 = 0;
+    *(uint32_t*)0x20002258 = 0;
+    *(uint16_t*)0x2000225c = 0;
+    *(uint16_t*)0x2000225e = 0;
+    *(uint64_t*)0x20002260 = 0;
+    *(uint16_t*)0x20002268 = 0;
+    *(uint16_t*)0x2000226a = 0;
+    memset((void*)0x2000226c, 0, 20);
+    syz_io_uring_submit(r[2], r[3], 0x20002240, 0);
+    break;
+  case 3:
+    syscall(__NR_io_uring_enter, r[1], 0x1523a, 0, 0ul, 0ul, 0xaul);
+    break;
+  }
+}
+
+int main(int argc, char *argv[])
+{
+  void *ret;
+
+#if !defined(__i386) && !defined(__x86_64__)
+  return 0;
+#endif
+
+  if (argc > 1)
+    return 0;
+
+  ret = mmap((void *)0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
+  if (ret == MAP_FAILED)
+    return 0;
+  mmap((void *)0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul);
+  if (ret == MAP_FAILED)
+    return 0;
+  mmap((void *)0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
+  if (ret == MAP_FAILED)
+    return 0;
+  loop();
+  return 0;
+}
+
+#else /* __NR_futex */
+
+int main(int argc, char *argv[])
+{
+  return 0;
+}
+
+#endif /* __NR_futex */

data/vendor/liburing/test/probe.c

@@ -0,0 +1,135 @@
+/* SPDX-License-Identifier: MIT */
+/*
+ * Description: test IORING_REGISTER_PROBE
+ */
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+
+#include "helpers.h"
+#include "liburing.h"
+
+static int no_probe;
+
+static int verify_probe(struct io_uring_probe *p, int full)
+{
+	if (!full && p->ops_len) {
+		fprintf(stderr, "Got ops_len=%u\n", p->ops_len);
+		return 1;
+	}
+	if (!p->last_op) {
+		fprintf(stderr, "Got last_op=%u\n", p->last_op);
+		return 1;
+	}
+	if (!full)
+		return 0;
+	/* check a few ops that must be supported */
+	if (!(p->ops[IORING_OP_NOP].flags & IO_URING_OP_SUPPORTED)) {
+		fprintf(stderr, "NOP not supported!?\n");
+		return 1;
+	}
+	if (!(p->ops[IORING_OP_READV].flags & IO_URING_OP_SUPPORTED)) {
+		fprintf(stderr, "READV not supported!?\n");
+		return 1;
+	}
+	if (!(p->ops[IORING_OP_WRITE].flags & IO_URING_OP_SUPPORTED)) {
+		fprintf(stderr, "WRITE not supported!?\n");
+		return 1;
+	}
+
+	return 0;
+}
+
+static int test_probe_helper(struct io_uring *ring)
+{
+	int ret;
+	struct io_uring_probe *p;
+
+	p = io_uring_get_probe_ring(ring);
+	if (!p) {
+		fprintf(stderr, "Failed getting probe data\n");
+		return 1;
+	}
+
+	ret = verify_probe(p, 1);
+	io_uring_free_probe(p);
+	return ret;
+}
+
+static int test_probe(struct io_uring *ring)
+{
+	struct io_uring_probe *p;
+	size_t len;
+	int ret;
+
+	len = sizeof(*p) + 256 * sizeof(struct io_uring_probe_op);
+	p = t_calloc(1, len);
+	ret = io_uring_register_probe(ring, p, 0);
+	if (ret == -EINVAL) {
+		fprintf(stdout, "Probe not supported, skipping\n");
+		no_probe = 1;
+		goto out;
+	} else if (ret) {
+		fprintf(stdout, "Probe returned %d\n", ret);
+		goto err;
+	}
+
+	if (verify_probe(p, 0))
+		goto err;
+
+	/* now grab for all entries */
+	memset(p, 0, len);
+	ret = io_uring_register_probe(ring, p, 256);
+	if (ret == -EINVAL) {
+		fprintf(stdout, "Probe not supported, skipping\n");
+		goto err;
+	} else if (ret) {
+		fprintf(stdout, "Probe returned %d\n", ret);
+		goto err;
+	}
+
+	if (verify_probe(p, 1))
+		goto err;
+
+out:
+	free(p);
+	return 0;
+err:
+	free(p);
+	return 1;
+}
+
+int main(int argc, char *argv[])
+{
+	struct io_uring ring;
+	int ret;
+
+	if (argc > 1)
+		return 0;
+
+	ret = io_uring_queue_init(8, &ring, 0);
+	if (ret) {
+		fprintf(stderr, "ring setup failed\n");
+		return 1;
+	}
+
+	ret = test_probe(&ring);
+	if (ret) {
+		fprintf(stderr, "test_probe failed\n");
+		return ret;
+	}
+	if (no_probe)
+		return 0;
+
+	ret = test_probe_helper(&ring);
+	if (ret) {
+		fprintf(stderr, "test_probe failed\n");
+		return ret;
+	}
+
+
+	return 0;
+}