Surprisingly, the TLSF allocator is prone to overflow. Add some tests
that trigger this behavior. These tests run to success with dlmalloc,
but some of them fail under tlsf when compiled for 32-bit:
test_malloc:40: unexpectedly succeeded to malloc(SIZE_MAX)
test_malloc:61: unexpectedly succeeded to (tmp = realloc(p, 0xf0000000))
test_malloc:63: unexpectedly succeeded to tmp = realloc(p, SIZE_MAX)
ERROR: malloc: failed 3 out of 12 tests
Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
---
test/self/Kconfig | 5 +++
test/self/Makefile | 1 +
test/self/malloc.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 97 insertions(+)
create mode 100644 test/self/malloc.c
diff --git a/test/self/Kconfig b/test/self/Kconfig
index 3340a9146ee2..cf11efe54486 100644
--- a/test/self/Kconfig
+++ b/test/self/Kconfig
@@ -32,6 +32,11 @@ config SELFTEST_ENABLE_ALL
help
Selects all self-tests compatible with current configuration
+config SELFTEST_MALLOC
+ bool "malloc() selftest"
+ help
+ Tests barebox memory allocator
+
config SELFTEST_PRINTF
bool "printf selftest"
help
diff --git a/test/self/Makefile b/test/self/Makefile
index 05a2a6a236ec..65d01596b806 100644
--- a/test/self/Makefile
+++ b/test/self/Makefile
@@ -1,6 +1,7 @@
# SPDX-License-Identifier: GPL-2.0
obj-$(CONFIG_SELFTEST) += core.o
+obj-$(CONFIG_SELFTEST_MALLOC) += malloc.o
obj-$(CONFIG_SELFTEST_PRINTF) += printf.o
obj-$(CONFIG_SELFTEST_PROGRESS_NOTIFIER) += progress-notifier.o
obj-$(CONFIG_SELFTEST_OF_MANIPULATION) += of_manipulation.o of_manipulation.dtb.o
diff --git a/test/self/malloc.c b/test/self/malloc.c
new file mode 100644
index 000000000000..c25b416b9751
--- /dev/null
+++ b/test/self/malloc.c
@@ -0,0 +1,91 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <common.h>
+#include <bselftest.h>
+#include <malloc.h>
+#include <memory.h>
+#include <linux/sizes.h>
+
+BSELFTEST_GLOBALS();
+
+static void __expect(bool cond, bool expect,
+ const char *condstr, const char *func, int line)
+{
+ total_tests++;
+ if (cond != expect) {
+ failed_tests++;
+ printf("%s:%d: %s to %s\n", func, line,
+ expect ? "failed" : "unexpectedly succeeded",
+ condstr);
+ }
+}
+
+#define expect_alloc_ok(cond) \
+ __expect((cond), true, #cond, __func__, __LINE__)
+
+#define expect_alloc_fail(cond) \
+ __expect((cond), false, #cond, __func__, __LINE__)
+
+static void test_malloc(void)
+{
+ size_t mem_malloc_size = mem_malloc_end() - mem_malloc_start();
+ u8 *p, *tmp;
+
+ pr_debug("mem_malloc_size = %zu\n", mem_malloc_size);
+
+ /* System libc when built for sandbox may have overcommit, so
+ * doing very big allocations without actual use may succeed
+ * unlike in-barebox allocators, so skip these tests in that
+ * case
+ */
+ if (IS_ENABLED(CONFIG_MALLOC_LIBC)) {
+ pr_info("built with host libc allocator: Skipping tests that may trigger overcommit\n");
+ mem_malloc_size = 0;
+ }
+
+ expect_alloc_ok(p = malloc(1));
+ free(p);
+
+ if (mem_malloc_size) {
+ expect_alloc_fail(malloc(SIZE_MAX));
+
+ if (0xf0000000 > mem_malloc_size) {
+ expect_alloc_fail((tmp = malloc(0xf0000000)));
+ free(tmp);
+ }
+ } else {
+ skipped_tests += 2;
+ }
+
+ p = realloc(NULL, 1);
+ expect_alloc_ok(p = realloc(NULL, 1));
+
+ *p = 0x42;
+
+ expect_alloc_ok(tmp = realloc(p, 2));
+
+ p = tmp;
+ __expect(*p == 0x42, true, "reread after realloc", __func__, __LINE__);
+
+ if (mem_malloc_size) {
+ expect_alloc_fail(tmp = realloc(p, mem_malloc_size));
+
+ if (0xf0000000 > mem_malloc_size)
+ expect_alloc_fail((tmp = realloc(p, 0xf0000000)));
+
+ expect_alloc_fail(tmp = realloc(p, SIZE_MAX));
+
+ } else {
+ skipped_tests += 3;
+ }
+
+ free(p);
+
+ expect_alloc_ok(p = malloc(0));
+ expect_alloc_ok(tmp = malloc(0));
+
+ __expect(p != tmp, true, "allocate distinct 0-size buffers", __func__, __LINE__);
+}
+bselftest(core, test_malloc);
--
2.30.2
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
