[PATCH liburing v1 00/10] liburing test fixes

[PATCH liburing v1 00/10] liburing test fixes

[Ammar Faizi]

From: Ammar Faizi <ammarfaizi2@gnuweeb.org>

Hi Jens,

All test fixes of "reading uninitialized memory" bug. Mostly just a
one liner change.

Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---

Ammar Faizi (10):
  test/cq-overflow: Don't call `io_uring_queue_exit()` if the ring is not initialized
  test/eeed8b54e0df: Initialize the `malloc()`ed buffer before `write()`
  test/file-verify: Fix reading from uninitialized buffer
  test/fixed-reuse: Fix reading from uninitialized array
  test/fpos: Fix reading from uninitialized buffer
  test/statx: Fix reading from uninitialized buffer
  test/submit-link-fail: Initialize the buffer before `write()`
  test/232c93d07b74: Fix reading from uninitialized buffer
  test/eventfd-disable: Fix reading uninitialized variable
  test/file-register: Fix reading from uninitialized buffer

 test/232c93d07b74.c     | 2 +-
 test/cq-overflow.c      | 5 +++--
 test/eeed8b54e0df.c     | 1 +
 test/eventfd-disable.c  | 2 +-
 test/file-register.c    | 2 +-
 test/file-verify.c      | 5 ++++-
 test/fixed-reuse.c      | 2 +-
 test/fpos.c             | 3 +++
 test/statx.c            | 2 +-
 test/submit-link-fail.c | 2 +-
 10 files changed, 17 insertions(+), 9 deletions(-)


base-commit: 2757d61fa222739f77b014810894b9ccea79d7f3
-- 
Ammar Faizi

[PATCH liburing v1 01/10] test/cq-overflow: Don't call `io_uring_queue_exit()` if the ring is not initialized

[Ammar Faizi]

From: Ammar Faizi <ammarfaizi2@gnuweeb.org>

Don't call `io_uring_queue_exit()` if the ring is not initialized.

Fix this:

  + valgrind -q ./cq-overflow.t
  file open: Invalid argument
  ==3054159== Use of uninitialised value of size 8
  ==3054159==    at 0x10A863: io_uring_queue_exit (setup.c:183)
  ==3054159==    by 0x1095DE: test_io.constprop.0 (cq-overflow.c:148)
  ==3054159==    by 0x109266: main (cq-overflow.c:269)
  ==3054159==
  ==3054159== Invalid read of size 4
  ==3054159==    at 0x10A863: io_uring_queue_exit (setup.c:183)
  ==3054159==    by 0x1095DE: test_io.constprop.0 (cq-overflow.c:148)
  ==3054159==    by 0x109266: main (cq-overflow.c:269)
  ==3054159==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
  ==3054159==
  ==3054159==
  ==3054159== Process terminating with default action of signal 11 (SIGSEGV): dumping core
  ==3054159==  Access not within mapped region at address 0x0

Link: https://github.com/axboe/liburing/issues/640
Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
 test/cq-overflow.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/test/cq-overflow.c b/test/cq-overflow.c
index 0018081..312b414 100644
--- a/test/cq-overflow.c
+++ b/test/cq-overflow.c
@@ -33,14 +33,15 @@ static int test_io(const char *file, unsigned long usecs, unsigned *drops, int f
 	fd = open(file, O_RDONLY | O_DIRECT);
 	if (fd < 0) {
 		perror("file open");
-		goto err;
+		return 1;
 	}
 
 	memset(&p, 0, sizeof(p));
 	ret = io_uring_queue_init_params(ENTRIES, &ring, &p);
 	if (ret) {
+		close(fd);
 		fprintf(stderr, "ring create failed: %d\n", ret);
-		goto err;
+		return 1;
 	}
 	nodrop = 0;
 	if (p.features & IORING_FEAT_NODROP)
-- 
Ammar Faizi

[PATCH liburing v1 02/10] test/eeed8b54e0df: Initialize the `malloc()`ed buffer before `write()`

[Ammar Faizi]

From: Ammar Faizi <ammarfaizi2@gnuweeb.org>

... to avoid valgrind's complaint:

  ==3054187== Syscall param write(buf) points to uninitialised byte(s)
  ==3054187==    at 0x4958E63: write (write.c:26)
  ==3054187==    by 0x109283: get_file_fd (eeed8b54e0df.c:36)
  ==3054187==    by 0x109283: main (eeed8b54e0df.c:85)
  ==3054187==  Address 0x4a63080 is 0 bytes inside a block of size 4,096 alloc'd
  ==3054187==    at 0x484479B: malloc (vg_replace_malloc.c:380)
  ==3054187==    by 0x109698: t_malloc (helpers.c:22)
  ==3054187==    by 0x109270: get_file_fd (eeed8b54e0df.c:35)
  ==3054187==    by 0x109270: main (eeed8b54e0df.c:85)

Link: https://github.com/axboe/liburing/issues/640
Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
 test/eeed8b54e0df.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/eeed8b54e0df.c b/test/eeed8b54e0df.c
index b388b12..b8149f2 100644
--- a/test/eeed8b54e0df.c
+++ b/test/eeed8b54e0df.c
@@ -33,6 +33,7 @@ static int get_file_fd(void)
 	}
 
 	buf = t_malloc(BLOCK);
+	memset(buf, 0, BLOCK);
 	ret = write(fd, buf, BLOCK);
 	if (ret != BLOCK) {
 		if (ret < 0)
-- 
Ammar Faizi

[PATCH liburing v1 03/10] test/file-verify: Fix reading from uninitialized buffer

[Ammar Faizi]

From: Ammar Faizi <ammarfaizi2@gnuweeb.org>

Fix this:

  ==3054556== Conditional jump or move depends on uninitialised value(s)
  ==3054556==    at 0x1099DB: verify_buf (file-verify.c:48)
  ==3054556==    by 0x10A506: test (file-verify.c:449)
  ==3054556==    by 0x109353: main (file-verify.c:538)

Link: https://github.com/axboe/liburing/issues/640
Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
 test/file-verify.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/test/file-verify.c b/test/file-verify.c
index 595dafd..b1a8fd4 100644
--- a/test/file-verify.c
+++ b/test/file-verify.c
@@ -347,13 +347,16 @@ static int test(struct io_uring *ring, const char *fname, int buffered,
 				void *ptr;
 
 				t_posix_memalign(&ptr, 4096, CHUNK_SIZE / nr_vecs);
+				memset(ptr, 0, CHUNK_SIZE / nr_vecs);
 				vecs[j][i].iov_base = ptr;
 				vecs[j][i].iov_len = CHUNK_SIZE / nr_vecs;
 			}
 		}
 	} else {
-		for (j = 0; j < READ_BATCH; j++)
+		for (j = 0; j < READ_BATCH; j++) {
 			t_posix_memalign(&buf[j], 4096, CHUNK_SIZE);
+			memset(buf[j], 0, CHUNK_SIZE);
+		}
 		nr_vecs = 0;
 	}
 
-- 
Ammar Faizi

[PATCH liburing v1 04/10] test/fixed-reuse: Fix reading from uninitialized array

[Ammar Faizi]

From: Ammar Faizi <ammarfaizi2@gnuweeb.org>

Fix this:

  ==2253268== Conditional jump or move depends on uninitialised value(s)
  ==2253268==    at 0x109F0E: test (fixed-reuse.c:109)
  ==2253268==    by 0x109A62: main (fixed-reuse.c:147)

Link: https://github.com/axboe/liburing/issues/640
Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
 test/fixed-reuse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/fixed-reuse.c b/test/fixed-reuse.c
index 401251a..a248e35 100644
--- a/test/fixed-reuse.c
+++ b/test/fixed-reuse.c
@@ -26,7 +26,7 @@ static int test(struct io_uring *ring)
 {
 	struct io_uring_cqe *cqe;
 	struct io_uring_sqe *sqe;
-	char buf[BSIZE];
+	char buf[BSIZE] = { };
 	int ret, i;
 
 	/* open FNAME1 in slot 0 */
-- 
Ammar Faizi

[PATCH liburing v1 05/10] test/fpos: Fix reading from uninitialized buffer

[Ammar Faizi]

From: Ammar Faizi <ammarfaizi2@gnuweeb.org>

Fix this:

  ==3054875== Conditional jump or move depends on uninitialised value(s)
  ==3054875==    at 0x109898: test_read (fpos.c:109)
  ==3054875==    by 0x109898: main (fpos.c:243)
  ==3054875==
  ==3054875== Conditional jump or move depends on uninitialised value(s)
  ==3054875==    at 0x10987B: test_read (fpos.c:111)
  ==3054875==    by 0x10987B: main (fpos.c:243)

Link: https://github.com/axboe/liburing/issues/640
Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
 test/fpos.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/test/fpos.c b/test/fpos.c
index 4ffa22d..4c36f11 100644
--- a/test/fpos.c
+++ b/test/fpos.c
@@ -52,6 +52,9 @@ static int test_read(struct io_uring *ring, bool async, int blocksize)
 	unsigned char buff[QUEUE_SIZE * blocksize];
 	unsigned char reordered[QUEUE_SIZE * blocksize];
 
+	memset(buff, 0, QUEUE_SIZE * blocksize);
+	memset(reordered, 0, QUEUE_SIZE * blocksize);
+
 	create_file(".test_fpos_read", FILE_SIZE);
 	fd = open(".test_fpos_read", O_RDONLY);
 	unlink(".test_fpos_read");
-- 
Ammar Faizi

[PATCH liburing v1 06/10] test/statx: Fix reading from uninitialized buffer

[Ammar Faizi]

From: Ammar Faizi <ammarfaizi2@gnuweeb.org>

Fix this:

  ==3062618== Conditional jump or move depends on uninitialised value(s)
  ==3062618==    at 0x484D65E: bcmp (vg_replace_strmem.c:1129)
  ==3062618==    by 0x109304: test_statx (statx.c:71)
  ==3062618==    by 0x109304: main (statx.c:149)

Link: https://github.com/axboe/liburing/issues/640
Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
 test/statx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/statx.c b/test/statx.c
index 5fa086e..4ae3452 100644
--- a/test/statx.c
+++ b/test/statx.c
@@ -40,7 +40,7 @@ static int test_statx(struct io_uring *ring, const char *path)
 {
 	struct io_uring_cqe *cqe;
 	struct io_uring_sqe *sqe;
-	struct statx x1, x2;
+	struct statx x1 = { }, x2 = { };
 	int ret;
 
 	sqe = io_uring_get_sqe(ring);
-- 
Ammar Faizi

[PATCH liburing v1 07/10] test/submit-link-fail: Initialize the buffer before `write()`

[Ammar Faizi]

From: Ammar Faizi <ammarfaizi2@gnuweeb.org>

... to avoid valgrind's complaint:

  ==2254978== Syscall param write(buf) points to uninitialised byte(s)
  ==2254978==    at 0x498EA37: write (write.c:26)
  ==2254978==    by 0x109F17: test_underprep_fail (submit-link-fail.c:82)
  ==2254978==    by 0x109F17: main (submit-link-fail.c:141)
  ==2254978==  Address 0x1ffefffb07 is on thread 1's stack
  ==2254978==  in frame #1, created by main (submit-link-fail.c:123)

Link: https://github.com/axboe/liburing/issues/640
Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
 test/submit-link-fail.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/submit-link-fail.c b/test/submit-link-fail.c
index 45f6976..e62f793 100644
--- a/test/submit-link-fail.c
+++ b/test/submit-link-fail.c
@@ -23,7 +23,7 @@ static int test_underprep_fail(bool hardlink, bool drain, bool link_last,
 	struct io_uring ring;
 	struct io_uring_sqe *sqe;
 	struct io_uring_cqe *cqe;
-	char buffer[1];
+	char buffer[1] = { };
 	int i, ret, fds[2];
 
 	if (drain)
-- 
Ammar Faizi

[PATCH liburing v1 08/10] test/232c93d07b74: Fix reading from uninitialized buffer

[Ammar Faizi]

From: Ammar Faizi <ammarfaizi2@gnuweeb.org>

Fix this:

  ==2255860== Thread 2:
  ==2255860== Conditional jump or move depends on uninitialised value(s)
  ==2255860==    at 0x10A073: rcv (232c93d07b74.c:150)
  ==2255860==    by 0x490EB42: start_thread (pthread_create.c:442)
  ==2255860==    by 0x499FBB3: clone (clone.S:100)
  ==2255860==
  ==2255860== Conditional jump or move depends on uninitialised value(s)
  ==2255860==    at 0x10A0B6: rcv (232c93d07b74.c:150)
  ==2255860==    by 0x490EB42: start_thread (pthread_create.c:442)
  ==2255860==    by 0x499FBB3: clone (clone.S:100)

Link: https://github.com/axboe/liburing/issues/640
Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
 test/232c93d07b74.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/232c93d07b74.c b/test/232c93d07b74.c
index c99491f..4dc12c1 100644
--- a/test/232c93d07b74.c
+++ b/test/232c93d07b74.c
@@ -121,7 +121,7 @@ static void *rcv(void *arg)
 	int done = 0;
 
 	while (!done && bytes_read != 33) {
-		char buff[RECV_BUFF_SIZE];
+		char buff[RECV_BUFF_SIZE] = { };
 		struct iovec iov;
 
 		iov.iov_base = buff;
-- 
Ammar Faizi

[PATCH liburing v1 09/10] test/eventfd-disable: Fix reading uninitialized variable

[Ammar Faizi]

From: Ammar Faizi <ammarfaizi2@gnuweeb.org>

Fix this:

  ==2256099== Conditional jump or move depends on uninitialised value(s)
  ==2256099==    at 0x109DF5: main (eventfd-disable.c:136)

Link: https://github.com/axboe/liburing/issues/640
Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
 test/eventfd-disable.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/eventfd-disable.c b/test/eventfd-disable.c
index 2c8cf6d..9de2465 100644
--- a/test/eventfd-disable.c
+++ b/test/eventfd-disable.c
@@ -21,7 +21,7 @@ int main(int argc, char *argv[])
 	struct io_uring_sqe *sqe;
 	struct io_uring_cqe *cqe;
 	struct io_uring ring;
-	uint64_t ptr;
+	uint64_t ptr = 0;
 	struct iovec vec = {
 		.iov_base = &ptr,
 		.iov_len = sizeof(ptr)
-- 
Ammar Faizi

[PATCH liburing v1 10/10] test/file-register: Fix reading from uninitialized buffer

[Ammar Faizi]

From: Ammar Faizi <ammarfaizi2@gnuweeb.org>

Fix this:

  ==2256677== Conditional jump or move depends on uninitialised value(s)
  ==2256677==    at 0x485207E: bcmp (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==2256677==    by 0x10BEAE: test_fixed_read_write (file-register.c:489)
  ==2256677==    by 0x10AED2: test_skip (file-register.c:595)
  ==2256677==    by 0x10AED2: main (file-register.c:1087)

Link: https://github.com/axboe/liburing/issues/640
Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
 test/file-register.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/file-register.c b/test/file-register.c
index 634ef81..0a8aa57 100644
--- a/test/file-register.c
+++ b/test/file-register.c
@@ -431,7 +431,7 @@ static int test_fixed_read_write(struct io_uring *ring, int index)
 	iov[0].iov_len = 4096;
 	memset(iov[0].iov_base, 0x5a, 4096);
 
-	iov[1].iov_base = t_malloc(4096);
+	iov[1].iov_base = t_calloc(1, 4096);
 	iov[1].iov_len = 4096;
 
 	sqe = io_uring_get_sqe(ring);
-- 
Ammar Faizi

Re: [PATCH liburing v1 00/10] liburing test fixes

[Jens Axboe]

On Wed, 10 Aug 2022 07:31:49 +0700, Ammar Faizi wrote:
> From: Ammar Faizi <ammarfaizi2@gnuweeb.org>
> 
> Hi Jens,
> 
> All test fixes of "reading uninitialized memory" bug. Mostly just a
> one liner change.
> 
> [...]

Applied, thanks!

[01/10] test/cq-overflow: Don't call `io_uring_queue_exit()` if the ring is not initialized
        commit: f5c96cb63b6f412e08b41d6cb8188da1535e70cd
[02/10] test/eeed8b54e0df: Initialize the `malloc()`ed buffer before `write()`
        commit: 397f5444bc442e566dd826466048a428f066a1eb
[03/10] test/file-verify: Fix reading from uninitialized buffer
        commit: d8efaf3df0abbda513af142da3ee6ff41955bdda
[04/10] test/fixed-reuse: Fix reading from uninitialized array
        commit: e1b740d46b08766da9d1dfe9ce88f051a238724e
[05/10] test/fpos: Fix reading from uninitialized buffer
        commit: 5ce220568c07b34766b5410e4cfee7ccd672e33b
[06/10] test/statx: Fix reading from uninitialized buffer
        commit: 776ac6cb9e6320feaf3ce516ae2e64d49ed4de37
[07/10] test/submit-link-fail: Initialize the buffer before `write()`
        commit: a97696720c41e7602c3ae5715b826fa3b566034b
[08/10] test/232c93d07b74: Fix reading from uninitialized buffer
        commit: c340e89671933bb13f0add1e04c5a350a03c672b
[09/10] test/eventfd-disable: Fix reading uninitialized variable
        commit: d879fbf9134e04f1e34e56b3575f9fafe9949c2d
[10/10] test/file-register: Fix reading from uninitialized buffer
        commit: 3bfe26a0c6e400d15060c8331ebc4280f01da4ca

Best regards,
-- 
Jens Axboe