Skip to content

test/mempool: bug demonstration test #16728

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

test/mempool: bug demonstration test #16728

wants to merge 1 commit into from

Conversation

@npitre
Copy link

@npitre npitre commented Jun 11, 2019

This test demonstrates one of the serious bugs that exist in the
mem-pool implementation as ovf Zephyr v1.14.0, and probably earlier
versions too.

Fixes for those bugs are contained in PR #16703.

@zephyrbot zephyrbot added area: Tests Issues related to a particular existing or missing test area: Kernel labels Jun 11, 2019
@zephyrbot
Copy link

zephyrbot commented Jun 11, 2019
edited
Loading

Found the following issues, please fix and resubmit:

Codeowners issues

Path '/include/drivers/modem/' not found, in CODEOWNERS

Path '/include/drivers/ioapic.h' not found, in CODEOWNERS

Path '/include/drivers/loapic.h' not found, in CODEOWNERS

Path '/include/drivers/serial/uart_ns16550.h' not found, in CODEOWNERS

@npitre npitre force-pushed the mempoolbroken branch 2 times, most recently from f12f146 to 1eef8c0 Compare June 11, 2019 03:59
@andyross andyross mentioned this pull request Jun 20, 2019
Merged
andyross
andyross approved these changes Jun 20, 2019
View reviewed changes
Copy link
Contributor

@andyross andyross left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should absolutely go in as a regression check. Would be good to clean up the commit message to describe the symptom being tested ("Check that blocks of different levels don't overlap", etc...) and not just label it a "serious bug".

Ideally it would also be folded into one of the existing mem_pool tests, as the build time involved in separate test cases is a performance annoyance in CI; we try to keep things to a minimum of processes. But we could come along later and do that.

(Obviously needs to wait for a fix to land before merging, of course.)

andyross pushed a commit to andyross/zephyr that referenced this pull request Jun 24, 2019
lib/os/mempool: Fix corruption case with block splitting
59c39b5 
The block_fits() predicate was borked.  It would check that a block
fits within the bounds of the whole heap.  But that's not enough:
because of alignment changes between levels the sub-blocks may be
adjusted forward.  It needs to fit inside the PARENT block that it was
split from.

What could happen at runtime is that the last subblocks of a
misaligned parent block would overlap memory from subsequent blocks,
or even run off the end of the heap.  That's bad.

Change the API of block_fits() a little so it can extract the parent
region and do this properly.

Fixes zephyrproject-rtos#15279.  Passes test introduced in zephyrproject-rtos#16728 to demonstrate what
seems like the same issue.

Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
andrewboie pushed a commit that referenced this pull request Jun 26, 2019
@andrewboie
lib/os/mempool: Fix corruption case with block splitting
d0490fe 
The block_fits() predicate was borked.  It would check that a block
fits within the bounds of the whole heap.  But that's not enough:
because of alignment changes between levels the sub-blocks may be
adjusted forward.  It needs to fit inside the PARENT block that it was
split from.

What could happen at runtime is that the last subblocks of a
misaligned parent block would overlap memory from subsequent blocks,
or even run off the end of the heap.  That's bad.

Change the API of block_fits() a little so it can extract the parent
region and do this properly.

Fixes #15279.  Passes test introduced in #16728 to demonstrate what
seems like the same issue.

Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
test/mempool: bug demonstration test
eb595df 
This test demonstrates a serious bugs that exist in the mem-pool code
as ovf Zephyr v1.14.0, and probably earlier versions too. This bug is
fixed with PR zephyrproject-rtos#16966.

Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
npitre pushed a commit to npitre/zephyr that referenced this pull request Jul 18, 2019
lib/os/mempool: Fix corruption case with block splitting
62c4c37 
The block_fits() predicate was borked.  It would check that a block
fits within the bounds of the whole heap.  But that's not enough:
because of alignment changes between levels the sub-blocks may be
adjusted forward.  It needs to fit inside the PARENT block that it was
split from.

What could happen at runtime is that the last subblocks of a
misaligned parent block would overlap memory from subsequent blocks,
or even run off the end of the heap.  That's bad.

Change the API of block_fits() a little so it can extract the parent
region and do this properly.

Fixes zephyrproject-rtos#15279.  Passes test introduced in zephyrproject-rtos#16728 to demonstrate what
seems like the same issue.

Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
@npitre npitre closed this Jul 19, 2019
@npitre npitre deleted the mempoolbroken branch July 19, 2019 15:43
@npitre npitre restored the mempoolbroken branch July 19, 2019 16:00
andrewboie pushed a commit to andrewboie/zephyr that referenced this pull request Jul 24, 2019
lib/os/mempool: Fix corruption case with block splitting
8083813 
The block_fits() predicate was borked.  It would check that a block
fits within the bounds of the whole heap.  But that's not enough:
because of alignment changes between levels the sub-blocks may be
adjusted forward.  It needs to fit inside the PARENT block that it was
split from.

What could happen at runtime is that the last subblocks of a
misaligned parent block would overlap memory from subsequent blocks,
or even run off the end of the heap.  That's bad.

Change the API of block_fits() a little so it can extract the parent
region and do this properly.

Fixes zephyrproject-rtos#15279.  Passes test introduced in zephyrproject-rtos#16728 to demonstrate what
seems like the same issue.

Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
nashif pushed a commit that referenced this pull request Aug 14, 2019
@nashif
lib/os/mempool: Fix corruption case with block splitting
0000746 
The block_fits() predicate was borked.  It would check that a block
fits within the bounds of the whole heap.  But that's not enough:
because of alignment changes between levels the sub-blocks may be
adjusted forward.  It needs to fit inside the PARENT block that it was
split from.

What could happen at runtime is that the last subblocks of a
misaligned parent block would overlap memory from subsequent blocks,
or even run off the end of the heap.  That's bad.

Change the API of block_fits() a little so it can extract the parent
region and do this properly.

Fixes #15279.  Passes test introduced in #16728 to demonstrate what
seems like the same issue.

Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
@npitre npitre deleted the mempoolbroken branch March 5, 2021 21:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andyross andyross andyross approved these changes

@andrewboie andrewboie Awaiting requested review from andrewboie

@nashif nashif Awaiting requested review from nashif

Assignees

No one assigned

Labels

area: Kernel area: Tests Issues related to a particular existing or missing test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@npitre @zephyrbot @andyross