kernel/kcsan/selftest.c

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  * KCSAN short boot-time selftests.
0004  *
0005  * Copyright (C) 2019, Google LLC.
0006  */
0007
0008 #define pr_fmt(fmt) "kcsan: " fmt
0009
0010 #include <linux/atomic.h>
0011 #include <linux/bitops.h>
0012 #include <linux/init.h>
0013 #include <linux/kcsan-checks.h>
0014 #include <linux/kernel.h>
0015 #include <linux/printk.h>
0016 #include <linux/random.h>
0017 #include <linux/sched.h>
0018 #include <linux/spinlock.h>
0019 #include <linux/types.h>
0020
0021 #include "encoding.h"
0022
0023 #define ITERS_PER_TEST 2000
0024
0025 /* Test requirements. */
0026 static bool __init test_requires(void)
0027 {
0028     /* random should be initialized for the below tests */
0029     return prandom_u32() + prandom_u32() != 0;
0030 }
0031
0032 /*
0033  * Test watchpoint encode and decode: check that encoding some access's info,
0034  * and then subsequent decode preserves the access's info.
0035  */
0036 static bool __init test_encode_decode(void)
0037 {
0038     int i;
0039
0040     for (i = 0; i < ITERS_PER_TEST; ++i) {
0041         size_t size = prandom_u32_max(MAX_ENCODABLE_SIZE) + 1;
0042         bool is_write = !!prandom_u32_max(2);
0043         unsigned long verif_masked_addr;
0044         long encoded_watchpoint;
0045         bool verif_is_write;
0046         unsigned long addr;
0047         size_t verif_size;
0048
0049         prandom_bytes(&addr, sizeof(addr));
0050         if (addr < PAGE_SIZE)
0051             addr = PAGE_SIZE;
0052
0053         if (WARN_ON(!check_encodable(addr, size)))
0054             return false;
0055
0056         encoded_watchpoint = encode_watchpoint(addr, size, is_write);
0057
0058         /* Check special watchpoints */
0059         if (WARN_ON(decode_watchpoint(INVALID_WATCHPOINT, &verif_masked_addr, &verif_size, &verif_is_write)))
0060             return false;
0061         if (WARN_ON(decode_watchpoint(CONSUMED_WATCHPOINT, &verif_masked_addr, &verif_size, &verif_is_write)))
0062             return false;
0063
0064         /* Check decoding watchpoint returns same data */
0065         if (WARN_ON(!decode_watchpoint(encoded_watchpoint, &verif_masked_addr, &verif_size, &verif_is_write)))
0066             return false;
0067         if (WARN_ON(verif_masked_addr != (addr & WATCHPOINT_ADDR_MASK)))
0068             goto fail;
0069         if (WARN_ON(verif_size != size))
0070             goto fail;
0071         if (WARN_ON(is_write != verif_is_write))
0072             goto fail;
0073
0074         continue;
0075 fail:
0076         pr_err("%s fail: %s %zu bytes @ %lx -> encoded: %lx -> %s %zu bytes @ %lx\n",
0077                __func__, is_write ? "write" : "read", size, addr, encoded_watchpoint,
0078                verif_is_write ? "write" : "read", verif_size, verif_masked_addr);
0079         return false;
0080     }
0081
0082     return true;
0083 }
0084
0085 /* Test access matching function. */
0086 static bool __init test_matching_access(void)
0087 {
0088     if (WARN_ON(!matching_access(10, 1, 10, 1)))
0089         return false;
0090     if (WARN_ON(!matching_access(10, 2, 11, 1)))
0091         return false;
0092     if (WARN_ON(!matching_access(10, 1, 9, 2)))
0093         return false;
0094     if (WARN_ON(matching_access(10, 1, 11, 1)))
0095         return false;
0096     if (WARN_ON(matching_access(9, 1, 10, 1)))
0097         return false;
0098
0099     /*
0100      * An access of size 0 could match another access, as demonstrated here.
0101      * Rather than add more comparisons to 'matching_access()', which would
0102      * end up in the fast-path for *all* checks, check_access() simply
0103      * returns for all accesses of size 0.
0104      */
0105     if (WARN_ON(!matching_access(8, 8, 12, 0)))
0106         return false;
0107
0108     return true;
0109 }
0110
0111 /*
0112  * Correct memory barrier instrumentation is critical to avoiding false
0113  * positives: simple test to check at boot certain barriers are always properly
0114  * instrumented. See kcsan_test for a more complete test.
0115  */
0116 static DEFINE_SPINLOCK(test_spinlock);
0117 static bool __init test_barrier(void)
0118 {
0119 #ifdef CONFIG_KCSAN_WEAK_MEMORY
0120     struct kcsan_scoped_access *reorder_access = &current->kcsan_ctx.reorder_access;
0121 #else
0122     struct kcsan_scoped_access *reorder_access = NULL;
0123 #endif
0124     bool ret = true;
0125     arch_spinlock_t arch_spinlock = __ARCH_SPIN_LOCK_UNLOCKED;
0126     atomic_t dummy;
0127     long test_var;
0128
0129     if (!reorder_access || !IS_ENABLED(CONFIG_SMP))
0130         return true;
0131
0132 #define __KCSAN_CHECK_BARRIER(access_type, barrier, name)                   \
0133     do {                                            \
0134         reorder_access->type = (access_type) | KCSAN_ACCESS_SCOPED;         \
0135         reorder_access->size = 1;                           \
0136         barrier;                                    \
0137         if (reorder_access->size != 0) {                        \
0138             pr_err("improperly instrumented type=(" #access_type "): " name "\n");  \
0139             ret = false;                                \
0140         }                                       \
0141     } while (0)
0142 #define KCSAN_CHECK_READ_BARRIER(b)  __KCSAN_CHECK_BARRIER(0, b, #b)
0143 #define KCSAN_CHECK_WRITE_BARRIER(b) __KCSAN_CHECK_BARRIER(KCSAN_ACCESS_WRITE, b, #b)
0144 #define KCSAN_CHECK_RW_BARRIER(b)    __KCSAN_CHECK_BARRIER(KCSAN_ACCESS_WRITE | KCSAN_ACCESS_COMPOUND, b, #b)
0145
0146     kcsan_nestable_atomic_begin(); /* No watchpoints in called functions. */
0147
0148     KCSAN_CHECK_READ_BARRIER(mb());
0149     KCSAN_CHECK_READ_BARRIER(rmb());
0150     KCSAN_CHECK_READ_BARRIER(smp_mb());
0151     KCSAN_CHECK_READ_BARRIER(smp_rmb());
0152     KCSAN_CHECK_READ_BARRIER(dma_rmb());
0153     KCSAN_CHECK_READ_BARRIER(smp_mb__before_atomic());
0154     KCSAN_CHECK_READ_BARRIER(smp_mb__after_atomic());
0155     KCSAN_CHECK_READ_BARRIER(smp_mb__after_spinlock());
0156     KCSAN_CHECK_READ_BARRIER(smp_store_mb(test_var, 0));
0157     KCSAN_CHECK_READ_BARRIER(smp_store_release(&test_var, 0));
0158     KCSAN_CHECK_READ_BARRIER(xchg(&test_var, 0));
0159     KCSAN_CHECK_READ_BARRIER(xchg_release(&test_var, 0));
0160     KCSAN_CHECK_READ_BARRIER(cmpxchg(&test_var, 0,  0));
0161     KCSAN_CHECK_READ_BARRIER(cmpxchg_release(&test_var, 0,  0));
0162     KCSAN_CHECK_READ_BARRIER(atomic_set_release(&dummy, 0));
0163     KCSAN_CHECK_READ_BARRIER(atomic_add_return(1, &dummy));
0164     KCSAN_CHECK_READ_BARRIER(atomic_add_return_release(1, &dummy));
0165     KCSAN_CHECK_READ_BARRIER(atomic_fetch_add(1, &dummy));
0166     KCSAN_CHECK_READ_BARRIER(atomic_fetch_add_release(1, &dummy));
0167     KCSAN_CHECK_READ_BARRIER(test_and_set_bit(0, &test_var));
0168     KCSAN_CHECK_READ_BARRIER(test_and_clear_bit(0, &test_var));
0169     KCSAN_CHECK_READ_BARRIER(test_and_change_bit(0, &test_var));
0170     KCSAN_CHECK_READ_BARRIER(clear_bit_unlock(0, &test_var));
0171     KCSAN_CHECK_READ_BARRIER(__clear_bit_unlock(0, &test_var));
0172     arch_spin_lock(&arch_spinlock);
0173     KCSAN_CHECK_READ_BARRIER(arch_spin_unlock(&arch_spinlock));
0174     spin_lock(&test_spinlock);
0175     KCSAN_CHECK_READ_BARRIER(spin_unlock(&test_spinlock));
0176
0177     KCSAN_CHECK_WRITE_BARRIER(mb());
0178     KCSAN_CHECK_WRITE_BARRIER(wmb());
0179     KCSAN_CHECK_WRITE_BARRIER(smp_mb());
0180     KCSAN_CHECK_WRITE_BARRIER(smp_wmb());
0181     KCSAN_CHECK_WRITE_BARRIER(dma_wmb());
0182     KCSAN_CHECK_WRITE_BARRIER(smp_mb__before_atomic());
0183     KCSAN_CHECK_WRITE_BARRIER(smp_mb__after_atomic());
0184     KCSAN_CHECK_WRITE_BARRIER(smp_mb__after_spinlock());
0185     KCSAN_CHECK_WRITE_BARRIER(smp_store_mb(test_var, 0));
0186     KCSAN_CHECK_WRITE_BARRIER(smp_store_release(&test_var, 0));
0187     KCSAN_CHECK_WRITE_BARRIER(xchg(&test_var, 0));
0188     KCSAN_CHECK_WRITE_BARRIER(xchg_release(&test_var, 0));
0189     KCSAN_CHECK_WRITE_BARRIER(cmpxchg(&test_var, 0,  0));
0190     KCSAN_CHECK_WRITE_BARRIER(cmpxchg_release(&test_var, 0,  0));
0191     KCSAN_CHECK_WRITE_BARRIER(atomic_set_release(&dummy, 0));
0192     KCSAN_CHECK_WRITE_BARRIER(atomic_add_return(1, &dummy));
0193     KCSAN_CHECK_WRITE_BARRIER(atomic_add_return_release(1, &dummy));
0194     KCSAN_CHECK_WRITE_BARRIER(atomic_fetch_add(1, &dummy));
0195     KCSAN_CHECK_WRITE_BARRIER(atomic_fetch_add_release(1, &dummy));
0196     KCSAN_CHECK_WRITE_BARRIER(test_and_set_bit(0, &test_var));
0197     KCSAN_CHECK_WRITE_BARRIER(test_and_clear_bit(0, &test_var));
0198     KCSAN_CHECK_WRITE_BARRIER(test_and_change_bit(0, &test_var));
0199     KCSAN_CHECK_WRITE_BARRIER(clear_bit_unlock(0, &test_var));
0200     KCSAN_CHECK_WRITE_BARRIER(__clear_bit_unlock(0, &test_var));
0201     arch_spin_lock(&arch_spinlock);
0202     KCSAN_CHECK_WRITE_BARRIER(arch_spin_unlock(&arch_spinlock));
0203     spin_lock(&test_spinlock);
0204     KCSAN_CHECK_WRITE_BARRIER(spin_unlock(&test_spinlock));
0205
0206     KCSAN_CHECK_RW_BARRIER(mb());
0207     KCSAN_CHECK_RW_BARRIER(wmb());
0208     KCSAN_CHECK_RW_BARRIER(rmb());
0209     KCSAN_CHECK_RW_BARRIER(smp_mb());
0210     KCSAN_CHECK_RW_BARRIER(smp_wmb());
0211     KCSAN_CHECK_RW_BARRIER(smp_rmb());
0212     KCSAN_CHECK_RW_BARRIER(dma_wmb());
0213     KCSAN_CHECK_RW_BARRIER(dma_rmb());
0214     KCSAN_CHECK_RW_BARRIER(smp_mb__before_atomic());
0215     KCSAN_CHECK_RW_BARRIER(smp_mb__after_atomic());
0216     KCSAN_CHECK_RW_BARRIER(smp_mb__after_spinlock());
0217     KCSAN_CHECK_RW_BARRIER(smp_store_mb(test_var, 0));
0218     KCSAN_CHECK_RW_BARRIER(smp_store_release(&test_var, 0));
0219     KCSAN_CHECK_RW_BARRIER(xchg(&test_var, 0));
0220     KCSAN_CHECK_RW_BARRIER(xchg_release(&test_var, 0));
0221     KCSAN_CHECK_RW_BARRIER(cmpxchg(&test_var, 0,  0));
0222     KCSAN_CHECK_RW_BARRIER(cmpxchg_release(&test_var, 0,  0));
0223     KCSAN_CHECK_RW_BARRIER(atomic_set_release(&dummy, 0));
0224     KCSAN_CHECK_RW_BARRIER(atomic_add_return(1, &dummy));
0225     KCSAN_CHECK_RW_BARRIER(atomic_add_return_release(1, &dummy));
0226     KCSAN_CHECK_RW_BARRIER(atomic_fetch_add(1, &dummy));
0227     KCSAN_CHECK_RW_BARRIER(atomic_fetch_add_release(1, &dummy));
0228     KCSAN_CHECK_RW_BARRIER(test_and_set_bit(0, &test_var));
0229     KCSAN_CHECK_RW_BARRIER(test_and_clear_bit(0, &test_var));
0230     KCSAN_CHECK_RW_BARRIER(test_and_change_bit(0, &test_var));
0231     KCSAN_CHECK_RW_BARRIER(clear_bit_unlock(0, &test_var));
0232     KCSAN_CHECK_RW_BARRIER(__clear_bit_unlock(0, &test_var));
0233     arch_spin_lock(&arch_spinlock);
0234     KCSAN_CHECK_RW_BARRIER(arch_spin_unlock(&arch_spinlock));
0235     spin_lock(&test_spinlock);
0236     KCSAN_CHECK_RW_BARRIER(spin_unlock(&test_spinlock));
0237
0238 #ifdef clear_bit_unlock_is_negative_byte
0239     KCSAN_CHECK_RW_BARRIER(clear_bit_unlock_is_negative_byte(0, &test_var));
0240     KCSAN_CHECK_READ_BARRIER(clear_bit_unlock_is_negative_byte(0, &test_var));
0241     KCSAN_CHECK_WRITE_BARRIER(clear_bit_unlock_is_negative_byte(0, &test_var));
0242 #endif
0243     kcsan_nestable_atomic_end();
0244
0245     return ret;
0246 }
0247
0248 static int __init kcsan_selftest(void)
0249 {
0250     int passed = 0;
0251     int total = 0;
0252
0253 #define RUN_TEST(do_test)                                                      \
0254     do {                                                                   \
0255         ++total;                                                       \
0256         if (do_test())                                                 \
0257             ++passed;                                              \
0258         else                                                           \
0259             pr_err("selftest: " #do_test " failed");               \
0260     } while (0)
0261
0262     RUN_TEST(test_requires);
0263     RUN_TEST(test_encode_decode);
0264     RUN_TEST(test_matching_access);
0265     RUN_TEST(test_barrier);
0266
0267     pr_info("selftest: %d/%d tests passed\n", passed, total);
0268     if (passed != total)
0269         panic("selftests failed");
0270     return 0;
0271 }
0272 postcore_initcall(kcsan_selftest);