generic/211: completely remove obsolete test and related code

This was a regression test for a bug in fs/aio.c kernel code that could
cause kernel crashing and was fixed in commit 3e45a10919b3 ("aio: remove
incorrect initialization of "nr_pages"") more than 20 years ago (in
v2.6.10).

The test code was basically trying to trigger the bug by doing repeated
mmaps until it would exhaust the vm.max_map_count limit, after which the
aio_setup_ring() would fail its own internal mmap and branch into
aio_free_ring() where it would attempt to free pages that were not
allocated and crash the kernel.

The bug is was not really relevant to filesystems in the first place,
and further to its fix it was made not possible to trigger due to commit
3dc9acb67600 ("aio: clean up and fix aio_setup_ring page mapping").

The test currently triggers the oom killer on systems where the
vm.max_map_count limit has been increased significantly from the default
as it eventually exhausts the available memory. This could be trivially
fixed by lowering and then restoring the limit just for the duration of
the test, but since it no longer serves any purpose let's drop it
completely.

Signed-off-by: Anthony Iliopoulos <ailiop@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Zorro Lang <zlang@kernel.org>

diff --git a/.gitignore b/.gitignore
index f22cff8fb6c4cf51e9b654dc714068f2a4019594..58dc2a63e0c122a430383e7d9d5eba46aca5750f 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -198,7 +198,6 @@ tags
 /src/aio-dio-regress/aio-dio-invalidate-readahead
 /src/aio-dio-regress/aio-dio-subblock-eof-read
 /src/aio-dio-regress/aio-dio-write-verify
-/src/aio-dio-regress/aio-free-ring-with-bogus-nr-pages
 /src/aio-dio-regress/aio-io-setup-with-nonwritable-context-pointer
 /src/aio-dio-regress/aio-last-ref-held-by-io
 /src/aio-dio-regress/aiocp

diff --git a/src/aio-dio-regress/aio-free-ring-with-bogus-nr-pages.c b/src/aio-dio-regress/aio-free-ring-with-bogus-nr-pages.c
deleted file mode 100644 (file)
index 7e8189f..0000000
--- a/src/aio-dio-regress/aio-free-ring-with-bogus-nr-pages.c
+++ /dev/null
@@ -1,72 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0+
-/*
- * Copyright (C) 2006 Kostantin Khorenko
- * Copyright (C) 2006 Jeff Moyer
- */
-
-/*
- *  Test aio_setup_ring with bad nr_pages
- *
- *  Code taken from an example posted to Red Hat bugzilla #220971
- *  Original Author: Kostantin Khorenko from OpenVZ/Virtuozzo
- *  Munged by Jeff Moyer.
- *
- *  Description: "aio_setup_ring() function initializes info->nr_pages
- *    variable incorrectly, then this variable can be used in error path
- *    to free the allocated resources. By this way an unprivileged user
- *    can crash the node."
- *
- *  At the beginning of aio_setup_ring, info->nr_pages is initialized
- *  to the requested number of pages.  However, it is supposed to
- *  indicate how many pages are mapped in info->ring_pages.  Thus, if
- *  the call to do_mmap fails:
- *
- *     info->mmap_base = do_mmap(NULL, 0, info->mmap_size, 
- *                               PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE,
- *                               0);
- *     if (IS_ERR((void *)info->mmap_base)) {
- *             up_write(&ctx->mm->mmap_sem);
- *             printk("mmap err: %ld\n", -info->mmap_base);
- *             info->mmap_size = 0;
- *             aio_free_ring(ctx);    <---------
- *             return -EAGAIN;
- *     }
- *
- *  we end up calling aio_free_ring with a bogus array and cause an oops.
- *
- *  This is a destructive test.
- */
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/mman.h>
-#include <errno.h>
-#include <libgen.h>
-#include <libaio.h>
-
-int main(int __attribute__((unused)) argc, char **argv)
-{
-       long res;
-       io_context_t ctx;
-       void* map;
-
-       while (1) {
-               map = mmap(NULL, 100, PROT_READ, MAP_ANONYMOUS|MAP_PRIVATE,
-                          0, 0);
-               if (map == MAP_FAILED)
-                       break;
-               map = mmap(NULL, 100, PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE,
-                          0, 0);
-               if (map == MAP_FAILED)
-                       break;
-       }
-
-       memset(&ctx, 0, sizeof(ctx));
-       res = io_setup(10000, &ctx);
-       if (res != -ENOMEM) {
-               printf("%s: Error: io_setup returned %ld, expected -ENOMEM\n",
-                      basename(argv[0]), res);
-               return 1;
-       } else
-               printf("%s: Success!\n", basename(argv[0]));
-       return 0;
-}

diff --git a/tests/generic/211 b/tests/generic/211
deleted file mode 100755 (executable)
index 9868c60..0000000
--- a/tests/generic/211
+++ /dev/null
@@ -1,20 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: GPL-2.0
-# Copyright (c) 2009 Eric Sandeen.  All Rights Reserved.
-#
-# FS QA Test No. 211
-#
-# Run aio-free-ring-with-bogus-nr-pages - test aio_setup_ring with bad nr_pages
-#
-. ./common/preamble
-_begin_fstest auto aio quick
-
-# Import common functions.
-. ./common/filter
-
-
-_require_test
-
-_run_aiodio aio-free-ring-with-bogus-nr-pages
-
-exit $status

diff --git a/tests/generic/211.out b/tests/generic/211.out
deleted file mode 100644 (file)
index 08be2c5..0000000
--- a/tests/generic/211.out
+++ /dev/null
@@ -1,2 +0,0 @@
-QA output created by 211
-aio-free-ring-with-bogus-nr-pages: Success!