Martin Cermak [Fri, 8 Aug 2025 21:38:33 +0000 (23:38 +0200)]
Review the vmsplice syscall wrapper
Reuse the vmsplice syscall wrapper in coregrind/m_syswrap/syswrap-linux.c
for mips64 as well. And make sure arm64-linux and riscv64-linux also use
the POST vmsplice wrapper.
Mark Wielaard [Wed, 6 Aug 2025 22:21:42 +0000 (00:21 +0200)]
Distribute auxprogs scripts and data files
Make sure pybuild.sh, ltp-tester.sh, ltp-apply-patches.sh,
s390-check-opcodes.pl, s390-runone scripts, ltp filters, ltp patches
and pylintrc are added to the dist.
This makes sure users can run the scripts and make ltpchecks not just
from a git checkout, but also from a release or snapshots tar.
Also use the ustar format to package files, the path under
valgrind-x.yy.z/auxprogs/ltp-patches might be larger than 99
chars. automake 1.18 already defaults to the ustar format.
Martin Cermak [Tue, 5 Aug 2025 16:06:08 +0000 (18:06 +0200)]
Allow for patching LTP sources
Sometimes there's an upstream LTP patch that helps testing
valgrind, but it's not yet part of the official LTP tarball.
In such cases it's helpful to be able to patch the LTP sources.
Attached patch allows for that. It comes with a real life
example patch: LTP commit b62b831cf.
Florian Krohm [Sat, 2 Aug 2025 12:43:54 +0000 (12:43 +0000)]
mips specific changes for BZ 507033
Rework code to use Iop_ClzNat32 instead of the deprecated Iop_Clz32.
Likewise for Iop_Clz64.
For Iop_Clz32 a CLZ insn will be emitted which behaves naturally when
its input is 0. That is: CLZ(0) == 32.
Similarly, for Iop_Clz64 a DCLZ will be emitted with DCLZ(0) == 64.
That means we can replace Iop_Clz32/64 with Iop_ClzNat32/64 and remove
any IR that handles the input-is-zero case.
See also commit a5c48217e94.
Part of fixing https://bugs.kde.org/show_bug.cgi?id=507033
Martin Cermak [Fri, 1 Aug 2025 13:35:04 +0000 (15:35 +0200)]
Fix execveat() with AT_FDCWD and relative path, add more checks
This update does address two closely related problems:
1) In case execveat() is called with a special file descriptor value
of AT_FDCWD (-100), it should accept this special value, and
interpret the provided pathname as relative to the current working
directory of the calling process (like execve(2)) instead of
failing with EBADF, as it does without this patch.
Covered by LTP testcase execveat01.
https://bugs.kde.org/show_bug.cgi?id=506806
2) Add checks preventing execveat() of symlinked programs in case
AT_SYMLINK_NOFOLLOW was specified.
Add checks preventing execveat() from passing in case invalid
flag was specified.
Martin Cermak [Fri, 1 Aug 2025 12:04:24 +0000 (14:04 +0200)]
Wrap linux specific syscall sysfs
The sysfs syscall is deprecated, but in some cases it may still
be used. The Linux Test Project covers it.
The (obsolete) sysfs() system call returns information about the
filesystem types currently present in the kernel. The specific
form of the sysfs() call and the information returned depends on
the option in effect:
1 Translate the filesystem identifier string fsname into a
filesystem type index.
2 Translate the filesystem type index fs_index into a null-
terminated filesystem identifier string. This string will be
written to the buffer pointed to by buf. Make sure that buf
has enough space to accept the string.
3 Return the total number of filesystem types currently present
in the kernel.
Declare a sys_sysfs wrapper in priv_syswrap-linux.h and hook it
for {amd64,arm,mips32,mips64,ppc32,ppc64,s390x,x86}-linux
using LINXY with PRE and POST handler in syswrap-linux.c
Rework code to use Iop_ClzNat32 instead of the deprecated Iop_Clz32.
Iop_Clz32 is used to implement the CLZ insn which behaves naturally
when the input is 0: CLZ(0) == 32
So it seems as if using Iop_Clz32 is wrong because it has undefined
behaviour when the input value is 0. However, the VEX pipeline
does this:
Add fd_allowed and POST_newFd_RES to all syscalls that use or return fds
This makes sure all file descriptors that take a file descriptor check
that the file descriptor is valid. Also makes sure that the
--modify-fds=high option affects all sycalls that return a file
descriptor.
Refactor code in preparation for running each testcase twice: once
with constant folding and once without.
- remove function print_opnd
- remove function complain
- factor out function get_expected_value
- checking the result moved to valgrind_execute_test
- make IRICB a static global in valgrind.c
- new_iricb now returns a pointer to it
Paul Floyd [Thu, 24 Jul 2025 20:45:01 +0000 (22:45 +0200)]
FreeBSD syscall: improve sigwait and sigwaitinfo wrapper.
Both take two pointers. We were allowing null pointers for all
of them. Only the 2nd argument of sigwaitinfo, info, is
allowed to be NULL. Update the scalar test with some NULL
arguments for these syscalls.
s390x: Fix crash when constant folding is disabled (BZ 507173)
Followup to 942a48c1d which fixed the register usage of conditional
moves for s390_insn_get_reg_usage. A similar fix is needed for
s390_insn_map_regs considering the case when the condition is
S390_CC_NEVER.
Paul Floyd [Sat, 19 Jul 2025 13:10:31 +0000 (15:10 +0200)]
Bug 505673 - Valgrind crashes with an internal error and SIGBUS when the guest tries to open its own file with O_WRONLY|O_CREAT|O_TRUNC
This is all quite messy.
It affects open() openat() and openat2() (the last of which is Linux only).
On Linux we also need to check for /proc/self/exe and /proc/PID/exe.
On Linux there are also a couple of RESOLVE flags for openat2() that
mean _don't_ check /proc magic links.
In the general case we need to have some reference to check whether
the filename matches the guest filename. So I've added that as
VG_(resolved_exename) (which I was already using on FreeBSD).
The pathname also needs to be canonicalised. It may be a
relative path, symlink or use RESOLVE_IN_ROOT. That uses
VG_(realpath) (again which was already present for FreBSD).
On illumos the man page says that opening running binaries for
writing failes with errno set to ETXTBSY but that's not what
the open functions do - they just open the file. So I've done nothing
for illumos or Solaris. Maybe I'll open an illumos ticket.
I haven't tried on Darwin.
The Linux open functions with /proc/self/exe and /proc/PID/exe
were just calling dup on the fd that we hold for the client exe.
That means that we were ignoring any other flags. That has now changed.
If the open doesn't fail because the WRONLY/RDWR flags are set then
the syscall gets called from the PRE wrapper using VG_(resolved_exename)
instewad of the /proc pathname.
I haven't tried to handle all of the Linux openat2 RESOLVE*
flags. RESOLVE_NO_MAGICLINKS is handled and I see the LTS test
openat202 now passing, so this should also fix Bug 506910.
I'm not sure that VG_(realpath) handles all forms of weird path
resolution on Linux (on FreeBSD it uses a syscall so that should
work OK).
Paul Floyd [Fri, 18 Jul 2025 11:21:26 +0000 (13:21 +0200)]
FreeBSD: fix check for mmap flags
On FreeBSD, mmap also has MAP_STACK and MAP_GUARD that can
be mapped without a backing file referred to by fd.
As a result during ld.so startup and thread creation mmap for
stacks was failing. So no guest could be load and execute,
with errors like
ld-elf.so.1: /home/paulf/scratch/valgrind_nightly/nightly/valgrind-new/.in_place/vgpreload_core-amd64-freebsd.so: mmap of entire address space failed: Bad file descriptor
Paul Floyd [Thu, 17 Jul 2025 18:38:54 +0000 (20:38 +0200)]
iropt regtest: use mrand32() instead of rand()
On illumos rand() has a RAND_MAX of 32k only. That's not enough to
generate 64bit values easily. So use mrand48() which genrerates
the full range of 32bit int values.
Martin Cermak [Thu, 17 Jul 2025 07:16:53 +0000 (09:16 +0200)]
Wrap linux specific syscall 22 (ustat)
The ustat syscall comes from pre-git linux history. It is
deprecated in favor of statfs. But in some cases it may
still be used.
int ustat(dev_t dev, struct ustat *ubuf); returns information
about a mounted filesystem. dev is a device number identifying
a device containing a mounted filesystem. ubuf is a pointer to
a ustat structure.
Declare a sys_ustat wrapper in priv_syswrap-linux.h and hook
it for {amd64,arm,arm64,mips64,nanomips,ppc32,ppc64,riscv64,\
s390x,x86}-linux using LINXY with PRE and POST handler in
syswrap-linux.c
Mark Wielaard [Wed, 16 Jul 2025 00:45:39 +0000 (02:45 +0200)]
Check mmap fd is valid, if used, and fail early with EBADF if not
mmap should fail with EBADF if the given fd is bad (or used by valgrind
itself) when used (flags does not contain MAP_ANONYMOUS).
Check both with ML_(fd_allowed) (which might only warn) and fcntl
(VKI_F_GETFD) to see if the file descriptor is valid. Fail early so
the address space manager and the actual mmap call don't do
unnecessary work (and might fail with a different error code).
Mark Wielaard [Tue, 15 Jul 2025 21:49:36 +0000 (23:49 +0200)]
Support mmap MAP_FIXED_NOREPLACE if defined
Define VKI_MAP_FIXED_NOREPLACE for amd64-linux, arm-linux,
arm64-linux, mips32-linux, mips64-linux, riscv64-linux and x86-linux.
If it is defined then ML_(generic_PRE_sys_mmap) will also interpret
VKI_MAP_FIXED_NOREPLACE as an MFixed hint. If the aspace manager
doesn't find a MAP_FIXED_NOREPLACE ok, then fail with EEXIST. If the
actual kernel mmap request fails and MAP_FIXED_NOREPLACE is set also
immediately fail with EEXIST without retrying.
Mark Wielaard [Mon, 14 Jul 2025 22:00:44 +0000 (00:00 +0200)]
Handle SIGSYS and SIGSTKFLT when defined
Both signals were already partially handled. But calculate_SKSS_from_SCSS
only handled SIGSYS on freebsd. default_action didn't handle SIGSTKFLT.
And sync_signalhandler didn't expect to have to handle SIGSYS.
Mark Wielaard [Mon, 14 Jul 2025 21:23:23 +0000 (23:23 +0200)]
Reject any attempt to set the handler for SIGKILL/STOP
Even though resetting SIGKILL or SIGSTOP to SIG_DFL would be a noop it
isn't allowed. Just always return EINVAL if an attempt is made to set
the signal handler for SIGKILL or SIGSTOP. There is an LTP test for
this signal01.
Add program to double-check VEX constant folding. BZ 506211
Using IR injection. Essentially:
- prepare input values for an IROp
- create an IRExpr for the IRop
- constant fold the expression
- make sure the result is an IRConst with the expected value
Only IROps with integer operands and result are supported.
No vector and floating point IROps. Maximum bit width is 64.
Part of fixing https://bugs.kde.org/show_bug.cgi?id=506211
Mark Wielaard [Fri, 11 Jul 2025 17:58:53 +0000 (19:58 +0200)]
linux mseal PRE wrapper should First check for overflow
According to https://docs.kernel.org/next/userspace-api/mseal.html
mseal returns -EINVAL when Address range (addr + len) overflow. The
LTP test mseal02 checks this. So do this check first before checking
for valid_client_addr (which returns -ENOMEM).
Mark Wielaard [Fri, 11 Jul 2025 15:18:47 +0000 (17:18 +0200)]
Check ppoll ufds array is safe to deref before checking fd members
LTP ppoll01 provides a bad fds array to ppoll as a testcase.
memcheck should warn (through PRE_MEM_READ) this array is bad.
But it shouldn't try to derefence anything if is isn't safe.
Mark Wielaard [Thu, 10 Jul 2025 21:09:18 +0000 (23:09 +0200)]
Add fcntl14{,_64}, fcntl34{,_64} and fcntl36{,_64} to ltp-excludes.txt
These fcntl syscall tests time out and would need at least
LTP_TIMEOUT_MUL=5 when run under memcheck, which is several minutes,
so exclude them for now.
Mark Wielaard [Wed, 9 Jul 2025 16:27:17 +0000 (18:27 +0200)]
Suppress unimplemented fcntl command warning with -q
LTP tests fcntl13 and fcntl13_64 fail because even with -q valgrind
emits warnings about unknown (999) fcntl commands. Don't emit that
message with -q, just fail with EINVAL.
Fix operand / result types of Iop_DivU128[E], Iop_ModU128 and their signed counterparts
In libvex_ir.h these IROps are described to operate on Ity_I128 operands and produce a like typed result. This contradicts the specification in ir_defs.c
(function typeOfprimop) which claims Ity_V128 for operands and result.
Above IROps are used exclusively by ppc for the following opcodes:
Iop_DivU128 --> vdivuq Vector Divide Unsigned Quadword
Iop_DivS128 --> vdivsq Vector Divide Signed Quadword
Iop_DivU128E --> vdiveuq Vector Divide Extended Unsigned Quadword
Iop_DivS128E --> vdivesq Vector Divide Extended Signed Quadword
Iop_ModU128 --> vmoduq Vector Modulo Unsigned Quadword
Iop_ModS128 --> vmodsq Vector Modulo Signed Quadword
Reading the ISA document, it is clear, that those opcodes perform an
integer division / modulo operation. Technically, they work on vector
registers, presumably because vector registers are the only resource
wide enough to store a quadword. Perhaps that is where the confusion
comes from.
So Ity_I128 it is.
So far there was only one application of IR injection, namely vbit-test.
Soonish there will be another.
Refactor the IRICB to separate out the structure for the application's
payload.
Paul Floyd [Tue, 8 Jul 2025 06:14:56 +0000 (08:14 +0200)]
Fix VEX/useful/Makefile-vex
This uses hard coded 'make' which may mean Solaris make or
BSD make ratheer than the initial invokation (e.g., gmake or some
other make that is not first inthe PATH). Use ${MAKE} instead
so that the same make is used for the second invokation.
Compile errors because config.h not found. Turns out libvex_inner.h
Also missing was priv/host_generic_reg_alloc3.o causing linking to fail.
Now fixed.
Mark Wielaard [Fri, 4 Jul 2025 22:51:36 +0000 (00:51 +0200)]
Check dup2 oldfd before allowing the syscall
The dup201 LTP test fails with TFAIL: dup2(1024, 5) succeeded
That is because 1024 here is the soft file limit (so one higher than
the max number of fds). Valgrind raises the soft limit a little
internally to have a few private fds for itself. So this dup2 call
succeeds (and possibly dups and internal valgrind fd into the
newfd). We should check the oldfd before allowing the dup2 syscall,
like we already check the newfd.
Mark Wielaard [Fri, 4 Jul 2025 21:14:18 +0000 (23:14 +0200)]
Sanity check io_submit addresses before dereferencing
The LTP io_submit03 test fails under valgrind memcheck because it
tests bad struct iocb attay addresses. Fix this by explicitly checking
the struct iocb pointer and each array element pointer are safe to
deref in the linux sys_io_submit PRE handler.
Define VKI_F_CREATED_QUERY in vki-linux.h.
Recognize it in PRE(sys_fcntl).
This fixes ltp tests failures. When running:
make ltpchecks TESTS="fcntl40 fcntl40_64
the tests would fail with:
fcntl40: unempty log2.filtered:
==1809471== Warning: unimplemented fcntl command: 1028
Florian Krohm [Mon, 30 Jun 2025 19:31:33 +0000 (19:31 +0000)]
s390x: Fix diagnostic for S390_DECODE_UNKNOWN_SPECIAL_INSN
When decoding fails the insn bytes (at most 6) are shown. However,
"special insns" are 10 bytes with the last 2 bytes being the interesting
ones. Print them all.
Mark Wielaard [Sat, 28 Jun 2025 16:33:29 +0000 (18:33 +0200)]
mips32: Use LINXY for statmount and listmount
commit 57152acfc6a8 "Wrap linux specific syscalls 457 (listmount) and
458 (statmount)" added LINXY wrappers for all arches, except for
mips32 where it used LINX_. This was a typo/mistake. Make sure mips32
also uses LINXY wrappers.
Martin Cermak [Fri, 27 Jun 2025 20:36:03 +0000 (22:36 +0200)]
Wrap linux specific syscalls 457 (listmount) and 458 (statmount)
The listmount syscall returns a list of mount IDs under the req.mnt_id.
This is meant to be used in conjunction with statmount(2) in order to
provide a way to iterate and discover mounted file systems.
The statmount syscall returns information about a mount, storing it in
the buffer pointed to by smbuf. The returned buffer is a struct
statmount which is of size bufsize.
Declare a sys_{lis,sta}tmount wrapper in priv_syswrap-linux.h and hook it
for {amd64,arm,arm64,mips64,nanomips,ppc32,ppc64,riscv64,s390x,x86}-linux
using LINXY with PRE and POST handler in syswrap-linux.c
Both syscalls need CAP_SYS_ADMIN, to successfully test.
When --track-fds=bad is specified, do not warn about
leaked file descriptors and only warn about file decriptors
which was not opened or already closed.
Update the documentation in docs/xml/manual-core.xml.
Add none/tests/track_bad test to test the new option.
Adjust none/tests/cmdline1 and none/tests/cmdline2 expected
outputs.
Mark Wielaard [Sat, 21 Jun 2025 21:04:04 +0000 (23:04 +0200)]
Update DW_TAG_subprogram parsing for clang
Clang doesn't give a name for some artificial subprograms. In that
case just use "<artificial>" as the name of the DW_TAG_subprogram.
Clang also sometimes generates a DW_TAG_subprogram without any
attributes. These aren't really useful for us. So just silently skip
them.
If we warn about subprograms without a name, specification or abstract
origin, also emit the index in the .debug_info section to make it
easier to look them up.
projects / thirdparty / valgrind.git / log
