polyphony 0.85 → 0.86

data/vendor/liburing/test/sqpoll-cancel-hang.c

@@ -0,0 +1,157 @@
+/* SPDX-License-Identifier: MIT */
+#include <fcntl.h>
+#include <signal.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/wait.h>
+#include <time.h>
+#include <unistd.h>
+#include "liburing.h"
+#include "../src/syscall.h"
+
+static uint64_t current_time_ms(void)
+{
+    struct timespec ts;
+    if (clock_gettime(CLOCK_MONOTONIC, &ts))
+        exit(1);
+    return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
+}
+
+#define SIZEOF_IO_URING_SQE 64
+#define SIZEOF_IO_URING_CQE 16
+#define SQ_TAIL_OFFSET 64
+#define SQ_RING_MASK_OFFSET 256
+#define SQ_RING_ENTRIES_OFFSET 264
+#define CQ_RING_ENTRIES_OFFSET 268
+#define CQ_CQES_OFFSET 320
+
+#define IORING_OFF_SQES 0x10000000ULL
+
+static void kill_and_wait(int pid, int* status)
+{
+    kill(-pid, SIGKILL);
+    kill(pid, SIGKILL);
+    while (waitpid(-1, status, __WALL) != pid) {
+    }
+}
+
+#define WAIT_FLAGS __WALL
+
+uint64_t r[3] = {0xffffffffffffffff, 0x0, 0x0};
+
+static long syz_io_uring_setup(volatile long a0, volatile long a1,
+volatile long a2, volatile long a3, volatile long a4, volatile long
+a5)
+{
+    uint32_t entries = (uint32_t)a0;
+    struct io_uring_params* setup_params = (struct io_uring_params*)a1;
+    void* vma1 = (void*)a2;
+    void* vma2 = (void*)a3;
+    void** ring_ptr_out = (void**)a4;
+    void** sqes_ptr_out = (void**)a5;
+    uint32_t fd_io_uring = __sys_io_uring_setup(entries, setup_params);
+    uint32_t sq_ring_sz = setup_params->sq_off.array +
+setup_params->sq_entries * sizeof(uint32_t);
+    uint32_t cq_ring_sz = setup_params->cq_off.cqes +
+setup_params->cq_entries * SIZEOF_IO_URING_CQE;
+    uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz;
+    *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE,
+MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring,
+IORING_OFF_SQ_RING);
+    uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE;
+    *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE,
+MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES);
+    return fd_io_uring;
+}
+
+static long syz_io_uring_submit(volatile long a0, volatile long a1,
+volatile long a2, volatile long a3)
+{
+    char* ring_ptr = (char*)a0;
+    char* sqes_ptr = (char*)a1;
+    char* sqe = (char*)a2;
+    uint32_t sqes_index = (uint32_t)a3;
+    uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET);
+    uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET);
+    uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries *
+SIZEOF_IO_URING_CQE + 63) & ~63;
+    if (sq_ring_entries)
+        sqes_index %= sq_ring_entries;
+    char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE;
+    memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE);
+    uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET);
+    uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET);
+    uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask;
+    uint32_t sq_tail_next = *sq_tail_ptr + 1;
+    uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off);
+    *(sq_array + sq_tail) = sqes_index;
+    __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE);
+    return 0;
+}
+
+
+void trigger_bug(void)
+{
+    intptr_t res = 0;
+    *(uint32_t*)0x20000204 = 0;
+    *(uint32_t*)0x20000208 = 2;
+    *(uint32_t*)0x2000020c = 0;
+    *(uint32_t*)0x20000210 = 0;
+    *(uint32_t*)0x20000218 = -1;
+    memset((void*)0x2000021c, 0, 12);
+    res = -1;
+    res = syz_io_uring_setup(0x7987, 0x20000200, 0x20400000, 0x20ffd000, 0x200000c0, 0x200001c0);
+    if (res != -1) {
+        r[0] = res;
+        r[1] = *(uint64_t*)0x200000c0;
+        r[2] = *(uint64_t*)0x200001c0;
+    }
+    *(uint8_t*)0x20000180 = 0xb;
+    *(uint8_t*)0x20000181 = 1;
+    *(uint16_t*)0x20000182 = 0;
+    *(uint32_t*)0x20000184 = 0;
+    *(uint64_t*)0x20000188 = 4;
+    *(uint64_t*)0x20000190 = 0x20000140;
+    *(uint64_t*)0x20000140 = 0x77359400;
+    *(uint64_t*)0x20000148 = 0;
+    *(uint32_t*)0x20000198 = 1;
+    *(uint32_t*)0x2000019c = 0;
+    *(uint64_t*)0x200001a0 = 0;
+    *(uint16_t*)0x200001a8 = 0;
+    *(uint16_t*)0x200001aa = 0;
+    memset((void*)0x200001ac, 0, 20);
+    syz_io_uring_submit(r[1], r[2], 0x20000180, 1);
+    *(uint32_t*)0x20000544 = 0;
+    *(uint32_t*)0x20000548 = 0x36;
+    *(uint32_t*)0x2000054c = 0;
+    *(uint32_t*)0x20000550 = 0;
+    *(uint32_t*)0x20000558 = r[0];
+    memset((void*)0x2000055c, 0, 12);
+
+}
+int main(void)
+{
+    mmap((void *)0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul);
+    int pid = fork();
+    if (pid < 0)
+        exit(1);
+    if (pid == 0) {
+        trigger_bug();
+        exit(0);
+    }
+    int status = 0;
+    uint64_t start = current_time_ms();
+    for (;;) {
+        if (current_time_ms() - start < 1000) {
+            continue;
+        }
+        kill_and_wait(pid, &status);
+        break;
+    }
+    return 0;
+}
+
+
+

data/vendor/liburing/test/sqpoll-disable-exit.c

@@ -0,0 +1,196 @@
+/* SPDX-License-Identifier: MIT */
+// https://syzkaller.appspot.com/bug?id=99f4ea77bb9b9ef24cefb66469be319f4aa9f162
+// autogenerated by syzkaller (https://github.com/google/syzkaller)
+
+#include <dirent.h>
+#include <endian.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/prctl.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "liburing.h"
+#include "../src/syscall.h"
+
+static void sleep_ms(uint64_t ms)
+{
+  usleep(ms * 1000);
+}
+
+static uint64_t current_time_ms(void)
+{
+  struct timespec ts;
+  if (clock_gettime(CLOCK_MONOTONIC, &ts))
+    exit(1);
+  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
+}
+
+static bool write_file(const char* file, const char* what, ...)
+{
+  char buf[1024];
+  va_list args;
+  va_start(args, what);
+  vsnprintf(buf, sizeof(buf), what, args);
+  va_end(args);
+  buf[sizeof(buf) - 1] = 0;
+  int len = strlen(buf);
+  int fd = open(file, O_WRONLY | O_CLOEXEC);
+  if (fd == -1)
+    return false;
+  if (write(fd, buf, len) != len) {
+    int err = errno;
+    close(fd);
+    errno = err;
+    return false;
+  }
+  close(fd);
+  return true;
+}
+
+#define SIZEOF_IO_URING_SQE 64
+#define SIZEOF_IO_URING_CQE 16
+#define SQ_HEAD_OFFSET 0
+#define SQ_TAIL_OFFSET 64
+#define SQ_RING_MASK_OFFSET 256
+#define SQ_RING_ENTRIES_OFFSET 264
+#define SQ_FLAGS_OFFSET 276
+#define SQ_DROPPED_OFFSET 272
+#define CQ_HEAD_OFFSET 128
+#define CQ_TAIL_OFFSET 192
+#define CQ_RING_MASK_OFFSET 260
+#define CQ_RING_ENTRIES_OFFSET 268
+#define CQ_RING_OVERFLOW_OFFSET 284
+#define CQ_FLAGS_OFFSET 280
+#define CQ_CQES_OFFSET 320
+
+static long syz_io_uring_setup(volatile long a0, volatile long a1,
+                               volatile long a2, volatile long a3,
+                               volatile long a4, volatile long a5)
+{
+  uint32_t entries = (uint32_t)a0;
+  struct io_uring_params* setup_params = (struct io_uring_params*)a1;
+  void* vma1 = (void*)a2;
+  void* vma2 = (void*)a3;
+  void** ring_ptr_out = (void**)a4;
+  void** sqes_ptr_out = (void**)a5;
+  uint32_t fd_io_uring = __sys_io_uring_setup(entries, setup_params);
+  uint32_t sq_ring_sz =
+      setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t);
+  uint32_t cq_ring_sz = setup_params->cq_off.cqes +
+                        setup_params->cq_entries * SIZEOF_IO_URING_CQE;
+  uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz;
+  *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE,
+                       MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring,
+                       IORING_OFF_SQ_RING);
+  uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE;
+  *sqes_ptr_out =
+      mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE,
+           MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES);
+  return fd_io_uring;
+}
+
+static void kill_and_wait(int pid, int* status)
+{
+  kill(-pid, SIGKILL);
+  kill(pid, SIGKILL);
+  for (int i = 0; i < 100; i++) {
+    if (waitpid(-1, status, WNOHANG | __WALL) == pid)
+      return;
+    usleep(1000);
+  }
+  DIR* dir = opendir("/sys/fs/fuse/connections");
+  if (dir) {
+    for (;;) {
+      struct dirent* ent = readdir(dir);
+      if (!ent)
+        break;
+      if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
+        continue;
+      char abort[300];
+      snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
+               ent->d_name);
+      int fd = open(abort, O_WRONLY);
+      if (fd == -1) {
+        continue;
+      }
+      if (write(fd, abort, 1) < 0) {
+      }
+      close(fd);
+    }
+    closedir(dir);
+  } else {
+  }
+  while (waitpid(-1, status, __WALL) != pid) {
+  }
+}
+
+static void setup_test()
+{
+  prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
+  setpgrp();
+  write_file("/proc/self/oom_score_adj", "1000");
+}
+
+static void execute_one(void);
+
+#define WAIT_FLAGS __WALL
+
+static void loop(void)
+{
+  int iter = 0;
+  for (; iter < 100; iter++) {
+    int pid = fork();
+    if (pid < 0)
+      exit(1);
+    if (pid == 0) {
+      setup_test();
+      execute_one();
+      exit(0);
+    }
+    int status = 0;
+    uint64_t start = current_time_ms();
+    for (;;) {
+      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
+        break;
+      sleep_ms(1);
+      if (current_time_ms() - start < 5000) {
+        continue;
+      }
+      kill_and_wait(pid, &status);
+      break;
+    }
+  }
+}
+
+void execute_one(void)
+{
+  *(uint32_t*)0x20000044 = 0;
+  *(uint32_t*)0x20000048 = 0x42;
+  *(uint32_t*)0x2000004c = 0;
+  *(uint32_t*)0x20000050 = 0;
+  *(uint32_t*)0x20000058 = -1;
+  *(uint32_t*)0x2000005c = 0;
+  *(uint32_t*)0x20000060 = 0;
+  *(uint32_t*)0x20000064 = 0;
+  syz_io_uring_setup(0x74bc, 0x20000040, 0x20ffb000, 0x20ffc000, 0, 0);
+}
+int main(void)
+{
+  mmap((void *)0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
+  mmap((void *)0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul);
+  mmap((void *)0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
+  loop();
+  return 0;
+}

data/vendor/liburing/test/sqpoll-exit-hang.c

@@ -0,0 +1,78 @@
+/* SPDX-License-Identifier: MIT */
+/*
+ * Test that we exit properly with SQPOLL and having a request that
+ * adds a circular reference to the ring itself.
+ */
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <poll.h>
+#include "liburing.h"
+
+static unsigned long long mtime_since(const struct timeval *s,
+				      const struct timeval *e)
+{
+	long long sec, usec;
+
+	sec = e->tv_sec - s->tv_sec;
+	usec = (e->tv_usec - s->tv_usec);
+	if (sec > 0 && usec < 0) {
+		sec--;
+		usec += 1000000;
+	}
+
+	sec *= 1000;
+	usec /= 1000;
+	return sec + usec;
+}
+
+static unsigned long long mtime_since_now(struct timeval *tv)
+{
+	struct timeval end;
+
+	gettimeofday(&end, NULL);
+	return mtime_since(tv, &end);
+}
+
+int main(int argc, char *argv[])
+{
+	struct io_uring_params p = {};
+	struct timeval tv;
+	struct io_uring ring;
+	struct io_uring_sqe *sqe;
+	int ret;
+
+	if (argc > 1)
+		return 0;
+
+	p.flags = IORING_SETUP_SQPOLL;
+	p.sq_thread_idle = 100;
+
+	ret = io_uring_queue_init_params(1, &ring, &p);
+	if (ret) {
+		if (geteuid()) {
+			printf("%s: skipped, not root\n", argv[0]);
+			return 0;
+		}
+		fprintf(stderr, "queue_init=%d\n", ret);
+		return 1;
+	}
+
+	if (!(p.features & IORING_FEAT_SQPOLL_NONFIXED)) {
+		fprintf(stdout, "Skipping\n");
+		return 0;
+	}
+
+	sqe = io_uring_get_sqe(&ring);
+	io_uring_prep_poll_add(sqe, ring.ring_fd, POLLIN);
+	io_uring_submit(&ring);
+
+	gettimeofday(&tv, NULL);
+	do {
+		usleep(1000);
+	} while (mtime_since_now(&tv) < 1000);
+
+	return 0;
+}

data/vendor/liburing/test/sqpoll-sleep.c

@@ -0,0 +1,69 @@
+/* SPDX-License-Identifier: MIT */
+/*
+ * Test that the sqthread goes to sleep around the specified time, and that
+ * the NEED_WAKEUP flag is then set.
+ */
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include "liburing.h"
+
+static unsigned long long mtime_since(const struct timeval *s,
+				      const struct timeval *e)
+{
+	long long sec, usec;
+
+	sec = e->tv_sec - s->tv_sec;
+	usec = (e->tv_usec - s->tv_usec);
+	if (sec > 0 && usec < 0) {
+		sec--;
+		usec += 1000000;
+	}
+
+	sec *= 1000;
+	usec /= 1000;
+	return sec + usec;
+}
+
+static unsigned long long mtime_since_now(struct timeval *tv)
+{
+	struct timeval end;
+
+	gettimeofday(&end, NULL);
+	return mtime_since(tv, &end);
+}
+
+int main(int argc, char *argv[])
+{
+	struct io_uring_params p = {};
+	struct timeval tv;
+	struct io_uring ring;
+	int ret;
+
+	if (argc > 1)
+		return 0;
+
+	p.flags = IORING_SETUP_SQPOLL;
+	p.sq_thread_idle = 100;
+
+	ret = io_uring_queue_init_params(1, &ring, &p);
+	if (ret) {
+		if (geteuid()) {
+			printf("%s: skipped, not root\n", argv[0]);
+			return 0;
+		}
+		fprintf(stderr, "queue_init=%d\n", ret);
+		return 1;
+	}
+
+	gettimeofday(&tv, NULL);
+	do {
+		usleep(1000);
+		if ((*ring.sq.kflags) & IORING_SQ_NEED_WAKEUP)
+			return 0;
+	} while (mtime_since_now(&tv) < 1000);
+
+	return 1;
+}

data/vendor/liburing/test/statx.c

@@ -0,0 +1,172 @@
+/* SPDX-License-Identifier: MIT */
+/*
+ * Description: run various statx(2) tests
+ *
+ */
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/syscall.h>
+#include <linux/stat.h>
+
+#include "helpers.h"
+#include "liburing.h"
+
+#ifdef __NR_statx
+static int do_statx(int dfd, const char *path, int flags, unsigned mask,
+		    struct statx *statxbuf)
+{
+	return syscall(__NR_statx, dfd, path, flags, mask, statxbuf);
+}
+#else
+static int do_statx(int dfd, const char *path, int flags, unsigned mask,
+		    struct statx *statxbuf)
+{
+	errno = ENOSYS;
+	return -1;
+}
+#endif
+
+static int statx_syscall_supported(void)
+{
+	return errno == ENOSYS ? 0 : -1;
+}
+
+static int test_statx(struct io_uring *ring, const char *path)
+{
+	struct io_uring_cqe *cqe;
+	struct io_uring_sqe *sqe;
+	struct statx x1, x2;
+	int ret;
+
+	sqe = io_uring_get_sqe(ring);
+	if (!sqe) {
+		fprintf(stderr, "get sqe failed\n");
+		goto err;
+	}
+	io_uring_prep_statx(sqe, -1, path, 0, STATX_ALL, &x1);
+
+	ret = io_uring_submit(ring);
+	if (ret <= 0) {
+		fprintf(stderr, "sqe submit failed: %d\n", ret);
+		goto err;
+	}
+
+	ret = io_uring_wait_cqe(ring, &cqe);
+	if (ret < 0) {
+		fprintf(stderr, "wait completion %d\n", ret);
+		goto err;
+	}
+	ret = cqe->res;
+	io_uring_cqe_seen(ring, cqe);
+	if (ret)
+		return ret;
+	ret = do_statx(-1, path, 0, STATX_ALL, &x2);
+	if (ret < 0)
+		return statx_syscall_supported();
+	if (memcmp(&x1, &x2, sizeof(x1))) {
+		fprintf(stderr, "Miscompare between io_uring and statx\n");
+		goto err;
+	}
+	return 0;
+err:
+	return -1;
+}
+
+static int test_statx_fd(struct io_uring *ring, const char *path)
+{
+	struct io_uring_cqe *cqe;
+	struct io_uring_sqe *sqe;
+	struct statx x1, x2;
+	int ret, fd;
+
+	fd = open(path, O_RDONLY);
+	if (fd < 0) {
+		perror("open");
+		return 1;
+	}
+
+	memset(&x1, 0, sizeof(x1));
+
+	sqe = io_uring_get_sqe(ring);
+	if (!sqe) {
+		fprintf(stderr, "get sqe failed\n");
+		goto err;
+	}
+	io_uring_prep_statx(sqe, fd, "", AT_EMPTY_PATH, STATX_ALL, &x1);
+
+	ret = io_uring_submit(ring);
+	if (ret <= 0) {
+		fprintf(stderr, "sqe submit failed: %d\n", ret);
+		goto err;
+	}
+
+	ret = io_uring_wait_cqe(ring, &cqe);
+	if (ret < 0) {
+		fprintf(stderr, "wait completion %d\n", ret);
+		goto err;
+	}
+	ret = cqe->res;
+	io_uring_cqe_seen(ring, cqe);
+	if (ret)
+		return ret;
+	memset(&x2, 0, sizeof(x2));
+	ret = do_statx(fd, "", AT_EMPTY_PATH, STATX_ALL, &x2);
+	if (ret < 0)
+		return statx_syscall_supported();
+	if (memcmp(&x1, &x2, sizeof(x1))) {
+		fprintf(stderr, "Miscompare between io_uring and statx\n");
+		goto err;
+	}
+	return 0;
+err:
+	return -1;
+}
+
+int main(int argc, char *argv[])
+{
+	struct io_uring ring;
+	const char *fname;
+	int ret;
+
+	ret = io_uring_queue_init(8, &ring, 0);
+	if (ret) {
+		fprintf(stderr, "ring setup failed\n");
+		return 1;
+	}
+
+	if (argc > 1) {
+		fname = argv[1];
+	} else {
+		fname = "/tmp/.statx";
+		t_create_file(fname, 4096);
+	}
+
+	ret = test_statx(&ring, fname);
+	if (ret) {
+		if (ret == -EINVAL) {
+			fprintf(stdout, "statx not supported, skipping\n");
+			goto done;
+		}
+		fprintf(stderr, "test_statx failed: %d\n", ret);
+		goto err;
+	}
+
+	ret = test_statx_fd(&ring, fname);
+	if (ret) {
+		fprintf(stderr, "test_statx_fd failed: %d\n", ret);
+		goto err;
+	}
+done:
+	if (fname != argv[1])
+		unlink(fname);
+	return 0;
+err:
+	if (fname != argv[1])
+		unlink(fname);
+	return 1;
+}