1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright Intel Corporation, 2023 4 * 5 * Author: Chao Peng <chao.p.peng@linux.intel.com> 6 */ 7 #include <stdlib.h> 8 #include <string.h> 9 #include <unistd.h> 10 #include <errno.h> 11 #include <stdio.h> 12 #include <fcntl.h> 13 14 #include <linux/bitmap.h> 15 #include <linux/falloc.h> 16 #include <linux/sizes.h> 17 #include <setjmp.h> 18 #include <signal.h> 19 #include <sys/mman.h> 20 #include <sys/types.h> 21 #include <sys/stat.h> 22 23 #include "kvm_util.h" 24 #include "test_util.h" 25 #include "ucall_common.h" 26 27 static void test_file_read_write(int fd) 28 { 29 char buf[64]; 30 31 TEST_ASSERT(read(fd, buf, sizeof(buf)) < 0, 32 "read on a guest_mem fd should fail"); 33 TEST_ASSERT(write(fd, buf, sizeof(buf)) < 0, 34 "write on a guest_mem fd should fail"); 35 TEST_ASSERT(pread(fd, buf, sizeof(buf), 0) < 0, 36 "pread on a guest_mem fd should fail"); 37 TEST_ASSERT(pwrite(fd, buf, sizeof(buf), 0) < 0, 38 "pwrite on a guest_mem fd should fail"); 39 } 40 41 static void test_mmap_supported(int fd, size_t page_size, size_t total_size) 42 { 43 const char val = 0xaa; 44 char *mem; 45 size_t i; 46 int ret; 47 48 mem = mmap(NULL, total_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); 49 TEST_ASSERT(mem == MAP_FAILED, "Copy-on-write not allowed by guest_memfd."); 50 51 mem = mmap(NULL, total_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); 52 TEST_ASSERT(mem != MAP_FAILED, "mmap() for guest_memfd should succeed."); 53 54 memset(mem, val, total_size); 55 for (i = 0; i < total_size; i++) 56 TEST_ASSERT_EQ(READ_ONCE(mem[i]), val); 57 58 ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, 0, 59 page_size); 60 TEST_ASSERT(!ret, "fallocate the first page should succeed."); 61 62 for (i = 0; i < page_size; i++) 63 TEST_ASSERT_EQ(READ_ONCE(mem[i]), 0x00); 64 for (; i < total_size; i++) 65 TEST_ASSERT_EQ(READ_ONCE(mem[i]), val); 66 67 memset(mem, val, page_size); 68 for (i = 0; i < total_size; i++) 69 TEST_ASSERT_EQ(READ_ONCE(mem[i]), val); 70 71 ret = munmap(mem, total_size); 72 TEST_ASSERT(!ret, "munmap() should succeed."); 73 } 74 75 static sigjmp_buf jmpbuf; 76 void fault_sigbus_handler(int signum) 77 { 78 siglongjmp(jmpbuf, 1); 79 } 80 81 static void test_fault_overflow(int fd, size_t page_size, size_t total_size) 82 { 83 struct sigaction sa_old, sa_new = { 84 .sa_handler = fault_sigbus_handler, 85 }; 86 size_t map_size = total_size * 4; 87 const char val = 0xaa; 88 char *mem; 89 size_t i; 90 int ret; 91 92 mem = mmap(NULL, map_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); 93 TEST_ASSERT(mem != MAP_FAILED, "mmap() for guest_memfd should succeed."); 94 95 sigaction(SIGBUS, &sa_new, &sa_old); 96 if (sigsetjmp(jmpbuf, 1) == 0) { 97 memset(mem, 0xaa, map_size); 98 TEST_ASSERT(false, "memset() should have triggered SIGBUS."); 99 } 100 sigaction(SIGBUS, &sa_old, NULL); 101 102 for (i = 0; i < total_size; i++) 103 TEST_ASSERT_EQ(READ_ONCE(mem[i]), val); 104 105 ret = munmap(mem, map_size); 106 TEST_ASSERT(!ret, "munmap() should succeed."); 107 } 108 109 static void test_mmap_not_supported(int fd, size_t page_size, size_t total_size) 110 { 111 char *mem; 112 113 mem = mmap(NULL, page_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); 114 TEST_ASSERT_EQ(mem, MAP_FAILED); 115 116 mem = mmap(NULL, total_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); 117 TEST_ASSERT_EQ(mem, MAP_FAILED); 118 } 119 120 static void test_file_size(int fd, size_t page_size, size_t total_size) 121 { 122 struct stat sb; 123 int ret; 124 125 ret = fstat(fd, &sb); 126 TEST_ASSERT(!ret, "fstat should succeed"); 127 TEST_ASSERT_EQ(sb.st_size, total_size); 128 TEST_ASSERT_EQ(sb.st_blksize, page_size); 129 } 130 131 static void test_fallocate(int fd, size_t page_size, size_t total_size) 132 { 133 int ret; 134 135 ret = fallocate(fd, FALLOC_FL_KEEP_SIZE, 0, total_size); 136 TEST_ASSERT(!ret, "fallocate with aligned offset and size should succeed"); 137 138 ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, 139 page_size - 1, page_size); 140 TEST_ASSERT(ret, "fallocate with unaligned offset should fail"); 141 142 ret = fallocate(fd, FALLOC_FL_KEEP_SIZE, total_size, page_size); 143 TEST_ASSERT(ret, "fallocate beginning at total_size should fail"); 144 145 ret = fallocate(fd, FALLOC_FL_KEEP_SIZE, total_size + page_size, page_size); 146 TEST_ASSERT(ret, "fallocate beginning after total_size should fail"); 147 148 ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, 149 total_size, page_size); 150 TEST_ASSERT(!ret, "fallocate(PUNCH_HOLE) at total_size should succeed"); 151 152 ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, 153 total_size + page_size, page_size); 154 TEST_ASSERT(!ret, "fallocate(PUNCH_HOLE) after total_size should succeed"); 155 156 ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, 157 page_size, page_size - 1); 158 TEST_ASSERT(ret, "fallocate with unaligned size should fail"); 159 160 ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, 161 page_size, page_size); 162 TEST_ASSERT(!ret, "fallocate(PUNCH_HOLE) with aligned offset and size should succeed"); 163 164 ret = fallocate(fd, FALLOC_FL_KEEP_SIZE, page_size, page_size); 165 TEST_ASSERT(!ret, "fallocate to restore punched hole should succeed"); 166 } 167 168 static void test_invalid_punch_hole(int fd, size_t page_size, size_t total_size) 169 { 170 struct { 171 off_t offset; 172 off_t len; 173 } testcases[] = { 174 {0, 1}, 175 {0, page_size - 1}, 176 {0, page_size + 1}, 177 178 {1, 1}, 179 {1, page_size - 1}, 180 {1, page_size}, 181 {1, page_size + 1}, 182 183 {page_size, 1}, 184 {page_size, page_size - 1}, 185 {page_size, page_size + 1}, 186 }; 187 int ret, i; 188 189 for (i = 0; i < ARRAY_SIZE(testcases); i++) { 190 ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, 191 testcases[i].offset, testcases[i].len); 192 TEST_ASSERT(ret == -1 && errno == EINVAL, 193 "PUNCH_HOLE with !PAGE_SIZE offset (%lx) and/or length (%lx) should fail", 194 testcases[i].offset, testcases[i].len); 195 } 196 } 197 198 static void test_create_guest_memfd_invalid_sizes(struct kvm_vm *vm, 199 uint64_t guest_memfd_flags, 200 size_t page_size) 201 { 202 size_t size; 203 int fd; 204 205 for (size = 1; size < page_size; size++) { 206 fd = __vm_create_guest_memfd(vm, size, guest_memfd_flags); 207 TEST_ASSERT(fd < 0 && errno == EINVAL, 208 "guest_memfd() with non-page-aligned page size '0x%lx' should fail with EINVAL", 209 size); 210 } 211 } 212 213 static void test_create_guest_memfd_multiple(struct kvm_vm *vm) 214 { 215 int fd1, fd2, ret; 216 struct stat st1, st2; 217 size_t page_size = getpagesize(); 218 219 fd1 = __vm_create_guest_memfd(vm, page_size, 0); 220 TEST_ASSERT(fd1 != -1, "memfd creation should succeed"); 221 222 ret = fstat(fd1, &st1); 223 TEST_ASSERT(ret != -1, "memfd fstat should succeed"); 224 TEST_ASSERT(st1.st_size == page_size, "memfd st_size should match requested size"); 225 226 fd2 = __vm_create_guest_memfd(vm, page_size * 2, 0); 227 TEST_ASSERT(fd2 != -1, "memfd creation should succeed"); 228 229 ret = fstat(fd2, &st2); 230 TEST_ASSERT(ret != -1, "memfd fstat should succeed"); 231 TEST_ASSERT(st2.st_size == page_size * 2, "second memfd st_size should match requested size"); 232 233 ret = fstat(fd1, &st1); 234 TEST_ASSERT(ret != -1, "memfd fstat should succeed"); 235 TEST_ASSERT(st1.st_size == page_size, "first memfd st_size should still match requested size"); 236 TEST_ASSERT(st1.st_ino != st2.st_ino, "different memfd should have different inode numbers"); 237 238 close(fd2); 239 close(fd1); 240 } 241 242 static void test_guest_memfd_flags(struct kvm_vm *vm, uint64_t valid_flags) 243 { 244 size_t page_size = getpagesize(); 245 uint64_t flag; 246 int fd; 247 248 for (flag = BIT(0); flag; flag <<= 1) { 249 fd = __vm_create_guest_memfd(vm, page_size, flag); 250 if (flag & valid_flags) { 251 TEST_ASSERT(fd >= 0, 252 "guest_memfd() with flag '0x%lx' should succeed", 253 flag); 254 close(fd); 255 } else { 256 TEST_ASSERT(fd < 0 && errno == EINVAL, 257 "guest_memfd() with flag '0x%lx' should fail with EINVAL", 258 flag); 259 } 260 } 261 } 262 263 static void test_guest_memfd(unsigned long vm_type) 264 { 265 uint64_t flags = 0; 266 struct kvm_vm *vm; 267 size_t total_size; 268 size_t page_size; 269 int fd; 270 271 page_size = getpagesize(); 272 total_size = page_size * 4; 273 274 vm = vm_create_barebones_type(vm_type); 275 276 if (vm_check_cap(vm, KVM_CAP_GUEST_MEMFD_MMAP)) 277 flags |= GUEST_MEMFD_FLAG_MMAP; 278 279 test_create_guest_memfd_multiple(vm); 280 test_create_guest_memfd_invalid_sizes(vm, flags, page_size); 281 282 fd = vm_create_guest_memfd(vm, total_size, flags); 283 284 test_file_read_write(fd); 285 286 if (flags & GUEST_MEMFD_FLAG_MMAP) { 287 test_mmap_supported(fd, page_size, total_size); 288 test_fault_overflow(fd, page_size, total_size); 289 } else { 290 test_mmap_not_supported(fd, page_size, total_size); 291 } 292 293 test_file_size(fd, page_size, total_size); 294 test_fallocate(fd, page_size, total_size); 295 test_invalid_punch_hole(fd, page_size, total_size); 296 297 test_guest_memfd_flags(vm, flags); 298 299 close(fd); 300 kvm_vm_free(vm); 301 } 302 303 static void guest_code(uint8_t *mem, uint64_t size) 304 { 305 size_t i; 306 307 for (i = 0; i < size; i++) 308 __GUEST_ASSERT(mem[i] == 0xaa, 309 "Guest expected 0xaa at offset %lu, got 0x%x", i, mem[i]); 310 311 memset(mem, 0xff, size); 312 GUEST_DONE(); 313 } 314 315 static void test_guest_memfd_guest(void) 316 { 317 /* 318 * Skip the first 4gb and slot0. slot0 maps <1gb and is used to back 319 * the guest's code, stack, and page tables, and low memory contains 320 * the PCI hole and other MMIO regions that need to be avoided. 321 */ 322 const uint64_t gpa = SZ_4G; 323 const int slot = 1; 324 325 struct kvm_vcpu *vcpu; 326 struct kvm_vm *vm; 327 uint8_t *mem; 328 size_t size; 329 int fd, i; 330 331 if (!kvm_has_cap(KVM_CAP_GUEST_MEMFD_MMAP)) 332 return; 333 334 vm = __vm_create_shape_with_one_vcpu(VM_SHAPE_DEFAULT, &vcpu, 1, guest_code); 335 336 TEST_ASSERT(vm_check_cap(vm, KVM_CAP_GUEST_MEMFD_MMAP), 337 "Default VM type should always support guest_memfd mmap()"); 338 339 size = vm->page_size; 340 fd = vm_create_guest_memfd(vm, size, GUEST_MEMFD_FLAG_MMAP); 341 vm_set_user_memory_region2(vm, slot, KVM_MEM_GUEST_MEMFD, gpa, size, NULL, fd, 0); 342 343 mem = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); 344 TEST_ASSERT(mem != MAP_FAILED, "mmap() on guest_memfd failed"); 345 memset(mem, 0xaa, size); 346 munmap(mem, size); 347 348 virt_pg_map(vm, gpa, gpa); 349 vcpu_args_set(vcpu, 2, gpa, size); 350 vcpu_run(vcpu); 351 352 TEST_ASSERT_EQ(get_ucall(vcpu, NULL), UCALL_DONE); 353 354 mem = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); 355 TEST_ASSERT(mem != MAP_FAILED, "mmap() on guest_memfd failed"); 356 for (i = 0; i < size; i++) 357 TEST_ASSERT_EQ(mem[i], 0xff); 358 359 close(fd); 360 kvm_vm_free(vm); 361 } 362 363 int main(int argc, char *argv[]) 364 { 365 unsigned long vm_types, vm_type; 366 367 TEST_REQUIRE(kvm_has_cap(KVM_CAP_GUEST_MEMFD)); 368 369 /* 370 * Not all architectures support KVM_CAP_VM_TYPES. However, those that 371 * support guest_memfd have that support for the default VM type. 372 */ 373 vm_types = kvm_check_cap(KVM_CAP_VM_TYPES); 374 if (!vm_types) 375 vm_types = BIT(VM_TYPE_DEFAULT); 376 377 for_each_set_bit(vm_type, &vm_types, BITS_PER_TYPE(vm_types)) 378 test_guest_memfd(vm_type); 379 380 test_guest_memfd_guest(); 381 } 382