From e1a37303c89696a110c61a156768ea15cc03a246 Mon Sep 17 00:00:00 2001
From: Robert Morris <rtm@csail.mit.edu>
Date: Fri, 20 Sep 2019 12:13:57 -0400
Subject: yet another sbrk() bug fix, and usertest

---
 user/usertests.c | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

(limited to 'user')

diff --git a/user/usertests.c b/user/usertests.c
index 0f4a443..608cd3f 100644
--- a/user/usertests.c
+++ b/user/usertests.c
@@ -1924,9 +1924,10 @@ pgbug(char *s)
 }
 
 // does the kernel panic if a process sbrk()s its size to be less than
-// a page, or zero?
+// a page, or zero, or reduces the break by an amount too small to
+// cause a page to be freed?
 void
-zerosize(char *s)
+sbrkbugs(char *s)
 {
   int pid = fork();
   if(pid < 0){
@@ -1959,6 +1960,24 @@ zerosize(char *s)
   }
   wait(0);
 
+  pid = fork();
+  if(pid < 0){
+    printf("fork failed\n");
+    exit(1);
+  }
+  if(pid == 0){
+    // set the break in the middle of a page.
+    sbrk((10*4096 + 2048) - (uint64)sbrk(0));
+
+    // reduce the break a bit, but not enough to
+    // cause a page to be freed. this used to cause
+    // a panic.
+    sbrk(-10);
+
+    exit(0);
+  }
+  wait(0);
+
   exit(0);
 }
 
@@ -2000,7 +2019,7 @@ main(int argc, char *argv[])
     char *s;
   } tests[] = {
     {pgbug, "pgbug" },
-    {zerosize, "zerosize" },
+    {sbrkbugs, "sbrkbugs" },
     {reparent, "reparent" },
     {twochildren, "twochildren"},
     {forkfork, "forkfork"},
-- 
cgit v1.2.3