yet another sbrk() bug fix, and usertest

2019-09-20 12:13:57 -04:00 · 2019-09-20 12:13:57 -04:00 · e1a37303c8
parent 4de161f973
commit e1a37303c8
2 changed files with 24 additions and 4 deletions
--- a/kernel/vm.c
+++ b/kernel/vm.c
@ -270,7 +270,8 @@ uvmdealloc(pagetable_t pagetable, uint64 oldsz, uint64 newsz)
    return oldsz;

  uint64 newup = PGROUNDUP(newsz);
-  uvmunmap(pagetable, newup, oldsz - newup, 1);
+  if(newup < PGROUNDUP(oldsz))
+    uvmunmap(pagetable, newup, oldsz - newup, 1);

  return newsz;
 }
--- a/user/usertests.c
+++ b/user/usertests.c
@ -1924,9 +1924,10 @@ pgbug(char *s)
 }

 // does the kernel panic if a process sbrk()s its size to be less than
-// a page, or zero?
+// a page, or zero, or reduces the break by an amount too small to
+// cause a page to be freed?
 void
-zerosize(char *s)
+sbrkbugs(char *s)
 {
  int pid = fork();
  if(pid < 0){
@ -1959,6 +1960,24 @@ zerosize(char *s)
  }
  wait(0);

+  pid = fork();
+  if(pid < 0){
+    printf("fork failed\n");
+    exit(1);
+  }
+  if(pid == 0){
+    // set the break in the middle of a page.
+    sbrk((10*4096 + 2048) - (uint64)sbrk(0));
+
+    // reduce the break a bit, but not enough to
+    // cause a page to be freed. this used to cause
+    // a panic.
+    sbrk(-10);
+
+    exit(0);
+  }
+  wait(0);
+
  exit(0);
 }

@ -2000,7 +2019,7 @@ main(int argc, char *argv[])
    char *s;
  } tests[] = {
    {pgbug, "pgbug" },
-    {zerosize, "zerosize" },
+    {sbrkbugs, "sbrkbugs" },
    {reparent, "reparent" },
    {twochildren, "twochildren"},
    {forkfork, "forkfork"},