mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-22 18:44:44 +08:00
380 lines
8.8 KiB
C
380 lines
8.8 KiB
C
|
// SPDX-License-Identifier: GPL-2.0-only
|
||
|
/*
|
||
|
* Test handling of code that might set PTE/PMD dirty in read-only VMAs.
|
||
|
* Setting a PTE/PMD dirty must not accidentally set the PTE/PMD writable.
|
||
|
*
|
||
|
* Copyright 2023, Red Hat, Inc.
|
||
|
*
|
||
|
* Author(s): David Hildenbrand <david@redhat.com>
|
||
|
*/
|
||
|
#include <fcntl.h>
|
||
|
#include <signal.h>
|
||
|
#include <unistd.h>
|
||
|
#include <string.h>
|
||
|
#include <errno.h>
|
||
|
#include <stdlib.h>
|
||
|
#include <stdbool.h>
|
||
|
#include <stdint.h>
|
||
|
#include <sys/mman.h>
|
||
|
#include <setjmp.h>
|
||
|
#include <sys/syscall.h>
|
||
|
#include <sys/ioctl.h>
|
||
|
#include <linux/userfaultfd.h>
|
||
|
#include <linux/mempolicy.h>
|
||
|
|
||
|
#include "../kselftest.h"
|
||
|
#include "vm_util.h"
|
||
|
|
||
|
static size_t pagesize;
|
||
|
static size_t thpsize;
|
||
|
static int mem_fd;
|
||
|
static int pagemap_fd;
|
||
|
static sigjmp_buf env;
|
||
|
|
||
|
static void signal_handler(int sig)
|
||
|
{
|
||
|
if (sig == SIGSEGV)
|
||
|
siglongjmp(env, 1);
|
||
|
siglongjmp(env, 2);
|
||
|
}
|
||
|
|
||
|
static void do_test_write_sigsegv(char *mem)
|
||
|
{
|
||
|
char orig = *mem;
|
||
|
int ret;
|
||
|
|
||
|
if (signal(SIGSEGV, signal_handler) == SIG_ERR) {
|
||
|
ksft_test_result_fail("signal() failed\n");
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
ret = sigsetjmp(env, 1);
|
||
|
if (!ret)
|
||
|
*mem = orig + 1;
|
||
|
|
||
|
if (signal(SIGSEGV, SIG_DFL) == SIG_ERR)
|
||
|
ksft_test_result_fail("signal() failed\n");
|
||
|
|
||
|
ksft_test_result(ret == 1 && *mem == orig,
|
||
|
"SIGSEGV generated, page not modified\n");
|
||
|
}
|
||
|
|
||
|
static char *mmap_thp_range(int prot, char **_mmap_mem, size_t *_mmap_size)
|
||
|
{
|
||
|
const size_t mmap_size = 2 * thpsize;
|
||
|
char *mem, *mmap_mem;
|
||
|
|
||
|
mmap_mem = mmap(NULL, mmap_size, prot, MAP_PRIVATE|MAP_ANON,
|
||
|
-1, 0);
|
||
|
if (mmap_mem == MAP_FAILED) {
|
||
|
ksft_test_result_fail("mmap() failed\n");
|
||
|
return MAP_FAILED;
|
||
|
}
|
||
|
mem = (char *)(((uintptr_t)mmap_mem + thpsize) & ~(thpsize - 1));
|
||
|
|
||
|
if (madvise(mem, thpsize, MADV_HUGEPAGE)) {
|
||
|
ksft_test_result_skip("MADV_HUGEPAGE failed\n");
|
||
|
munmap(mmap_mem, mmap_size);
|
||
|
return MAP_FAILED;
|
||
|
}
|
||
|
|
||
|
*_mmap_mem = mmap_mem;
|
||
|
*_mmap_size = mmap_size;
|
||
|
return mem;
|
||
|
}
|
||
|
|
||
|
static void test_ptrace_write(void)
|
||
|
{
|
||
|
char data = 1;
|
||
|
char *mem;
|
||
|
int ret;
|
||
|
|
||
|
ksft_print_msg("[INFO] PTRACE write access\n");
|
||
|
|
||
|
mem = mmap(NULL, pagesize, PROT_READ, MAP_PRIVATE|MAP_ANON, -1, 0);
|
||
|
if (mem == MAP_FAILED) {
|
||
|
ksft_test_result_fail("mmap() failed\n");
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
/* Fault in the shared zeropage. */
|
||
|
if (*mem != 0) {
|
||
|
ksft_test_result_fail("Memory not zero\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Unshare the page (populating a fresh anon page that might be set
|
||
|
* dirty in the PTE) in the read-only VMA using ptrace (FOLL_FORCE).
|
||
|
*/
|
||
|
lseek(mem_fd, (uintptr_t) mem, SEEK_SET);
|
||
|
ret = write(mem_fd, &data, 1);
|
||
|
if (ret != 1 || *mem != data) {
|
||
|
ksft_test_result_fail("write() failed\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
do_test_write_sigsegv(mem);
|
||
|
munmap:
|
||
|
munmap(mem, pagesize);
|
||
|
}
|
||
|
|
||
|
static void test_ptrace_write_thp(void)
|
||
|
{
|
||
|
char *mem, *mmap_mem;
|
||
|
size_t mmap_size;
|
||
|
char data = 1;
|
||
|
int ret;
|
||
|
|
||
|
ksft_print_msg("[INFO] PTRACE write access to THP\n");
|
||
|
|
||
|
mem = mmap_thp_range(PROT_READ, &mmap_mem, &mmap_size);
|
||
|
if (mem == MAP_FAILED)
|
||
|
return;
|
||
|
|
||
|
/*
|
||
|
* Write to the first subpage in the read-only VMA using
|
||
|
* ptrace(FOLL_FORCE), eventually placing a fresh THP that is marked
|
||
|
* dirty in the PMD.
|
||
|
*/
|
||
|
lseek(mem_fd, (uintptr_t) mem, SEEK_SET);
|
||
|
ret = write(mem_fd, &data, 1);
|
||
|
if (ret != 1 || *mem != data) {
|
||
|
ksft_test_result_fail("write() failed\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
/* MM populated a THP if we got the last subpage populated as well. */
|
||
|
if (!pagemap_is_populated(pagemap_fd, mem + thpsize - pagesize)) {
|
||
|
ksft_test_result_skip("Did not get a THP populated\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
do_test_write_sigsegv(mem);
|
||
|
munmap:
|
||
|
munmap(mmap_mem, mmap_size);
|
||
|
}
|
||
|
|
||
|
static void test_page_migration(void)
|
||
|
{
|
||
|
char *mem;
|
||
|
|
||
|
ksft_print_msg("[INFO] Page migration\n");
|
||
|
|
||
|
mem = mmap(NULL, pagesize, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON,
|
||
|
-1, 0);
|
||
|
if (mem == MAP_FAILED) {
|
||
|
ksft_test_result_fail("mmap() failed\n");
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
/* Populate a fresh page and dirty it. */
|
||
|
memset(mem, 1, pagesize);
|
||
|
if (mprotect(mem, pagesize, PROT_READ)) {
|
||
|
ksft_test_result_fail("mprotect() failed\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
/* Trigger page migration. Might not be available or fail. */
|
||
|
if (syscall(__NR_mbind, mem, pagesize, MPOL_LOCAL, NULL, 0x7fful,
|
||
|
MPOL_MF_MOVE)) {
|
||
|
ksft_test_result_skip("mbind() failed\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
do_test_write_sigsegv(mem);
|
||
|
munmap:
|
||
|
munmap(mem, pagesize);
|
||
|
}
|
||
|
|
||
|
static void test_page_migration_thp(void)
|
||
|
{
|
||
|
char *mem, *mmap_mem;
|
||
|
size_t mmap_size;
|
||
|
|
||
|
ksft_print_msg("[INFO] Page migration of THP\n");
|
||
|
|
||
|
mem = mmap_thp_range(PROT_READ|PROT_WRITE, &mmap_mem, &mmap_size);
|
||
|
if (mem == MAP_FAILED)
|
||
|
return;
|
||
|
|
||
|
/*
|
||
|
* Write to the first page, which might populate a fresh anon THP
|
||
|
* and dirty it.
|
||
|
*/
|
||
|
memset(mem, 1, pagesize);
|
||
|
if (mprotect(mem, thpsize, PROT_READ)) {
|
||
|
ksft_test_result_fail("mprotect() failed\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
/* MM populated a THP if we got the last subpage populated as well. */
|
||
|
if (!pagemap_is_populated(pagemap_fd, mem + thpsize - pagesize)) {
|
||
|
ksft_test_result_skip("Did not get a THP populated\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
/* Trigger page migration. Might not be available or fail. */
|
||
|
if (syscall(__NR_mbind, mem, thpsize, MPOL_LOCAL, NULL, 0x7fful,
|
||
|
MPOL_MF_MOVE)) {
|
||
|
ksft_test_result_skip("mbind() failed\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
do_test_write_sigsegv(mem);
|
||
|
munmap:
|
||
|
munmap(mmap_mem, mmap_size);
|
||
|
}
|
||
|
|
||
|
static void test_pte_mapped_thp(void)
|
||
|
{
|
||
|
char *mem, *mmap_mem;
|
||
|
size_t mmap_size;
|
||
|
|
||
|
ksft_print_msg("[INFO] PTE-mapping a THP\n");
|
||
|
|
||
|
mem = mmap_thp_range(PROT_READ|PROT_WRITE, &mmap_mem, &mmap_size);
|
||
|
if (mem == MAP_FAILED)
|
||
|
return;
|
||
|
|
||
|
/*
|
||
|
* Write to the first page, which might populate a fresh anon THP
|
||
|
* and dirty it.
|
||
|
*/
|
||
|
memset(mem, 1, pagesize);
|
||
|
if (mprotect(mem, thpsize, PROT_READ)) {
|
||
|
ksft_test_result_fail("mprotect() failed\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
/* MM populated a THP if we got the last subpage populated as well. */
|
||
|
if (!pagemap_is_populated(pagemap_fd, mem + thpsize - pagesize)) {
|
||
|
ksft_test_result_skip("Did not get a THP populated\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
/* Trigger PTE-mapping the THP by mprotect'ing the last subpage. */
|
||
|
if (mprotect(mem + thpsize - pagesize, pagesize,
|
||
|
PROT_READ|PROT_WRITE)) {
|
||
|
ksft_test_result_fail("mprotect() failed\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
do_test_write_sigsegv(mem);
|
||
|
munmap:
|
||
|
munmap(mmap_mem, mmap_size);
|
||
|
}
|
||
|
|
||
|
#ifdef __NR_userfaultfd
|
||
|
static void test_uffdio_copy(void)
|
||
|
{
|
||
|
struct uffdio_register uffdio_register;
|
||
|
struct uffdio_copy uffdio_copy;
|
||
|
struct uffdio_api uffdio_api;
|
||
|
char *dst, *src;
|
||
|
int uffd;
|
||
|
|
||
|
ksft_print_msg("[INFO] UFFDIO_COPY\n");
|
||
|
|
||
|
src = malloc(pagesize);
|
||
|
memset(src, 1, pagesize);
|
||
|
dst = mmap(NULL, pagesize, PROT_READ, MAP_PRIVATE|MAP_ANON, -1, 0);
|
||
|
if (dst == MAP_FAILED) {
|
||
|
ksft_test_result_fail("mmap() failed\n");
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
uffd = syscall(__NR_userfaultfd, O_CLOEXEC | O_NONBLOCK);
|
||
|
if (uffd < 0) {
|
||
|
ksft_test_result_skip("__NR_userfaultfd failed\n");
|
||
|
goto munmap;
|
||
|
}
|
||
|
|
||
|
uffdio_api.api = UFFD_API;
|
||
|
uffdio_api.features = 0;
|
||
|
if (ioctl(uffd, UFFDIO_API, &uffdio_api) < 0) {
|
||
|
ksft_test_result_fail("UFFDIO_API failed\n");
|
||
|
goto close_uffd;
|
||
|
}
|
||
|
|
||
|
uffdio_register.range.start = (unsigned long) dst;
|
||
|
uffdio_register.range.len = pagesize;
|
||
|
uffdio_register.mode = UFFDIO_REGISTER_MODE_MISSING;
|
||
|
if (ioctl(uffd, UFFDIO_REGISTER, &uffdio_register)) {
|
||
|
ksft_test_result_fail("UFFDIO_REGISTER failed\n");
|
||
|
goto close_uffd;
|
||
|
}
|
||
|
|
||
|
/* Place a page in a read-only VMA, which might set the PTE dirty. */
|
||
|
uffdio_copy.dst = (unsigned long) dst;
|
||
|
uffdio_copy.src = (unsigned long) src;
|
||
|
uffdio_copy.len = pagesize;
|
||
|
uffdio_copy.mode = 0;
|
||
|
if (ioctl(uffd, UFFDIO_COPY, &uffdio_copy)) {
|
||
|
ksft_test_result_fail("UFFDIO_COPY failed\n");
|
||
|
goto close_uffd;
|
||
|
}
|
||
|
|
||
|
do_test_write_sigsegv(dst);
|
||
|
close_uffd:
|
||
|
close(uffd);
|
||
|
munmap:
|
||
|
munmap(dst, pagesize);
|
||
|
free(src);
|
||
|
#endif /* __NR_userfaultfd */
|
||
|
}
|
||
|
|
||
|
int main(void)
|
||
|
{
|
||
|
int err, tests = 2;
|
||
|
|
||
|
pagesize = getpagesize();
|
||
|
thpsize = read_pmd_pagesize();
|
||
|
if (thpsize) {
|
||
|
ksft_print_msg("[INFO] detected THP size: %zu KiB\n",
|
||
|
thpsize / 1024);
|
||
|
tests += 3;
|
||
|
}
|
||
|
#ifdef __NR_userfaultfd
|
||
|
tests += 1;
|
||
|
#endif /* __NR_userfaultfd */
|
||
|
|
||
|
ksft_print_header();
|
||
|
ksft_set_plan(tests);
|
||
|
|
||
|
mem_fd = open("/proc/self/mem", O_RDWR);
|
||
|
if (mem_fd < 0)
|
||
|
ksft_exit_fail_msg("opening /proc/self/mem failed\n");
|
||
|
pagemap_fd = open("/proc/self/pagemap", O_RDONLY);
|
||
|
if (pagemap_fd < 0)
|
||
|
ksft_exit_fail_msg("opening /proc/self/pagemap failed\n");
|
||
|
|
||
|
/*
|
||
|
* On some ptrace(FOLL_FORCE) write access via /proc/self/mem in
|
||
|
* read-only VMAs, the kernel may set the PTE/PMD dirty.
|
||
|
*/
|
||
|
test_ptrace_write();
|
||
|
if (thpsize)
|
||
|
test_ptrace_write_thp();
|
||
|
/*
|
||
|
* On page migration, the kernel may set the PTE/PMD dirty when
|
||
|
* remapping the page.
|
||
|
*/
|
||
|
test_page_migration();
|
||
|
if (thpsize)
|
||
|
test_page_migration_thp();
|
||
|
/* PTE-mapping a THP might propagate the dirty PMD bit to the PTEs. */
|
||
|
if (thpsize)
|
||
|
test_pte_mapped_thp();
|
||
|
/* Placing a fresh page via userfaultfd may set the PTE dirty. */
|
||
|
#ifdef __NR_userfaultfd
|
||
|
test_uffdio_copy();
|
||
|
#endif /* __NR_userfaultfd */
|
||
|
|
||
|
err = ksft_get_fail_cnt();
|
||
|
if (err)
|
||
|
ksft_exit_fail_msg("%d out of %d tests failed\n",
|
||
|
err, ksft_test_num());
|
||
|
return ksft_exit_pass();
|
||
|
}
|