OSCL-LXR linux-6.0.1/​tools/​testing/​selftests/​powerpc/​mm/​pkey_exec_prot.c	Source navigation Diff markup Identifier search General search
	Version: linux-6.0.1 spark-3.0.0 hadoop-3.2.0-src hadoop-3.3.0-src spark-2.4.7 linux-4.15.13 hadoop-2.7.4-src Revert   Change

 // SPDX-License-Identifier: GPL-2.0+
 
 /*
  * Copyright 2020, Sandipan Das, IBM Corp.
  *
  * Test if applying execute protection on pages using memory
  * protection keys works as expected.
  */
 
 #define _GNU_SOURCE
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <signal.h>
 
 #include <unistd.h>
 
 #include "pkeys.h"
 
 #define PPC_INST_NOP    0x60000000
 #define PPC_INST_TRAP   0x7fe00008
 #define PPC_INST_BLR    0x4e800020
 
 static volatile sig_atomic_t fault_pkey, fault_code, fault_type;
 static volatile sig_atomic_t remaining_faults;
 static volatile unsigned int *fault_addr;
 static unsigned long pgsize, numinsns;
 static unsigned int *insns;
 
 static void trap_handler(int signum, siginfo_t *sinfo, void *ctx)
 {
     /* Check if this fault originated from the expected address */
     if (sinfo->si_addr != (void *) fault_addr)
         sigsafe_err("got a fault for an unexpected address\n");
 
     _exit(1);
 }
 
 static void segv_handler(int signum, siginfo_t *sinfo, void *ctx)
 {
     int signal_pkey;
 
     signal_pkey = siginfo_pkey(sinfo);
     fault_code = sinfo->si_code;
 
     /* Check if this fault originated from the expected address */
     if (sinfo->si_addr != (void *) fault_addr) {
         sigsafe_err("got a fault for an unexpected address\n");
         _exit(1);
     }
 
     /* Check if too many faults have occurred for a single test case */
     if (!remaining_faults) {
         sigsafe_err("got too many faults for the same address\n");
         _exit(1);
     }
 
 
     /* Restore permissions in order to continue */
     switch (fault_code) {
     case SEGV_ACCERR:
         if (mprotect(insns, pgsize, PROT_READ | PROT_WRITE)) {
             sigsafe_err("failed to set access permissions\n");
             _exit(1);
         }
         break;
     case SEGV_PKUERR:
         if (signal_pkey != fault_pkey) {
             sigsafe_err("got a fault for an unexpected pkey\n");
             _exit(1);
         }
 
         switch (fault_type) {
         case PKEY_DISABLE_ACCESS:
             pkey_set_rights(fault_pkey, 0);
             break;
         case PKEY_DISABLE_EXECUTE:
             /*
              * Reassociate the exec-only pkey with the region
              * to be able to continue. Unlike AMR, we cannot
              * set IAMR directly from userspace to restore the
              * permissions.
              */
             if (mprotect(insns, pgsize, PROT_EXEC)) {
                 sigsafe_err("failed to set execute permissions\n");
                 _exit(1);
             }
             break;
         default:
             sigsafe_err("got a fault with an unexpected type\n");
             _exit(1);
         }
         break;
     default:
         sigsafe_err("got a fault with an unexpected code\n");
         _exit(1);
     }
 
     remaining_faults--;
 }
 
 static int test(void)
 {
     struct sigaction segv_act, trap_act;
     unsigned long rights;
     int pkey, ret, i;
 
     ret = pkeys_unsupported();
     if (ret)
         return ret;
 
     /* Setup SIGSEGV handler */
     segv_act.sa_handler = 0;
     segv_act.sa_sigaction = segv_handler;
     FAIL_IF(sigprocmask(SIG_SETMASK, 0, &segv_act.sa_mask) != 0);
     segv_act.sa_flags = SA_SIGINFO;
     segv_act.sa_restorer = 0;
     FAIL_IF(sigaction(SIGSEGV, &segv_act, NULL) != 0);
 
     /* Setup SIGTRAP handler */
     trap_act.sa_handler = 0;
     trap_act.sa_sigaction = trap_handler;
     FAIL_IF(sigprocmask(SIG_SETMASK, 0, &trap_act.sa_mask) != 0);
     trap_act.sa_flags = SA_SIGINFO;
     trap_act.sa_restorer = 0;
     FAIL_IF(sigaction(SIGTRAP, &trap_act, NULL) != 0);
 
     /* Setup executable region */
     pgsize = getpagesize();
     numinsns = pgsize / sizeof(unsigned int);
     insns = (unsigned int *) mmap(NULL, pgsize, PROT_READ | PROT_WRITE,
                       MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
     FAIL_IF(insns == MAP_FAILED);
 
     /* Write the instruction words */
     for (i = 1; i < numinsns - 1; i++)
         insns[i] = PPC_INST_NOP;
 
     /*
      * Set the first instruction as an unconditional trap. If
      * the last write to this address succeeds, this should
      * get overwritten by a no-op.
      */
     insns[0] = PPC_INST_TRAP;
 
     /*
      * Later, to jump to the executable region, we use a branch
      * and link instruction (bctrl) which sets the return address
      * automatically in LR. Use that to return back.
      */
     insns[numinsns - 1] = PPC_INST_BLR;
 
     /* Allocate a pkey that restricts execution */
     rights = PKEY_DISABLE_EXECUTE;
     pkey = sys_pkey_alloc(0, rights);
     FAIL_IF(pkey < 0);
 
     /*
      * Pick the first instruction's address from the executable
      * region.
      */
     fault_addr = insns;
 
     /* The following two cases will avoid SEGV_PKUERR */
     fault_type = -1;
     fault_pkey = -1;
 
     /*
      * Read an instruction word from the address when AMR bits
      * are not set i.e. the pkey permits both read and write
      * access.
      *
      * This should not generate a fault as having PROT_EXEC
      * implies PROT_READ on GNU systems. The pkey currently
      * restricts execution only based on the IAMR bits. The
      * AMR bits are cleared.
      */
     remaining_faults = 0;
     FAIL_IF(sys_pkey_mprotect(insns, pgsize, PROT_EXEC, pkey) != 0);
     printf("read from %p, pkey permissions are %s\n", fault_addr,
            pkey_rights(rights));
     i = *fault_addr;
     FAIL_IF(remaining_faults != 0);
 
     /*
      * Write an instruction word to the address when AMR bits
      * are not set i.e. the pkey permits both read and write
      * access.
      *
      * This should generate an access fault as having just
      * PROT_EXEC also restricts writes. The pkey currently
      * restricts execution only based on the IAMR bits. The
      * AMR bits are cleared.
      */
     remaining_faults = 1;
     FAIL_IF(sys_pkey_mprotect(insns, pgsize, PROT_EXEC, pkey) != 0);
     printf("write to %p, pkey permissions are %s\n", fault_addr,
            pkey_rights(rights));
     *fault_addr = PPC_INST_TRAP;
     FAIL_IF(remaining_faults != 0 || fault_code != SEGV_ACCERR);
 
     /* The following three cases will generate SEGV_PKUERR */
     rights |= PKEY_DISABLE_ACCESS;
     fault_type = PKEY_DISABLE_ACCESS;
     fault_pkey = pkey;
 
     /*
      * Read an instruction word from the address when AMR bits
      * are set i.e. the pkey permits neither read nor write
      * access.
      *
      * This should generate a pkey fault based on AMR bits only
      * as having PROT_EXEC implicitly allows reads.
      */
     remaining_faults = 1;
     FAIL_IF(sys_pkey_mprotect(insns, pgsize, PROT_EXEC, pkey) != 0);
     pkey_set_rights(pkey, rights);
     printf("read from %p, pkey permissions are %s\n", fault_addr,
            pkey_rights(rights));
     i = *fault_addr;
     FAIL_IF(remaining_faults != 0 || fault_code != SEGV_PKUERR);
 
     /*
      * Write an instruction word to the address when AMR bits
      * are set i.e. the pkey permits neither read nor write
      * access.
      *
      * This should generate two faults. First, a pkey fault
      * based on AMR bits and then an access fault since
      * PROT_EXEC does not allow writes.
      */
     remaining_faults = 2;
     FAIL_IF(sys_pkey_mprotect(insns, pgsize, PROT_EXEC, pkey) != 0);
     pkey_set_rights(pkey, rights);
     printf("write to %p, pkey permissions are %s\n", fault_addr,
            pkey_rights(rights));
     *fault_addr = PPC_INST_NOP;
     FAIL_IF(remaining_faults != 0 || fault_code != SEGV_ACCERR);
 
     /* Free the current pkey */
     sys_pkey_free(pkey);
 
     rights = 0;
     do {
         /*
          * Allocate pkeys with all valid combinations of read,
          * write and execute restrictions.
          */
         pkey = sys_pkey_alloc(0, rights);
         FAIL_IF(pkey < 0);
 
         /*
          * Jump to the executable region. AMR bits may or may not
          * be set but they should not affect execution.
          *
          * This should generate pkey faults based on IAMR bits which
          * may be set to restrict execution.
          *
          * The first iteration also checks if the overwrite of the
          * first instruction word from a trap to a no-op succeeded.
          */
         fault_pkey = pkey;
         fault_type = -1;
         remaining_faults = 0;
         if (rights & PKEY_DISABLE_EXECUTE) {
             fault_type = PKEY_DISABLE_EXECUTE;
             remaining_faults = 1;
         }
 
         FAIL_IF(sys_pkey_mprotect(insns, pgsize, PROT_EXEC, pkey) != 0);
         printf("execute at %p, pkey permissions are %s\n", fault_addr,
                pkey_rights(rights));
         asm volatile("mtctr %0; bctrl" : : "r"(insns));
         FAIL_IF(remaining_faults != 0);
         if (rights & PKEY_DISABLE_EXECUTE)
             FAIL_IF(fault_code != SEGV_PKUERR);
 
         /* Free the current pkey */
         sys_pkey_free(pkey);
 
         /* Find next valid combination of pkey rights */
         rights = next_pkey_rights(rights);
     } while (rights);
 
     /* Cleanup */
     munmap((void *) insns, pgsize);
 
     return 0;
 }
 
 int main(void)
 {
     return test_harness(test, "pkey_exec_prot");
 }

This page was automatically generated by the 2.1.0 LXR engine. The LXR team