1 // SPDX-License-Identifier: GPL-2.0-or-later 2 3 #define _GNU_SOURCE 4 #include "kselftest_harness.h" 5 #include <asm-generic/mman.h> /* Force the import of the tools version. */ 6 #include <assert.h> 7 #include <errno.h> 8 #include <fcntl.h> 9 #include <linux/limits.h> 10 #include <linux/userfaultfd.h> 11 #include <linux/fs.h> 12 #include <setjmp.h> 13 #include <signal.h> 14 #include <stdbool.h> 15 #include <stdio.h> 16 #include <stdlib.h> 17 #include <string.h> 18 #include <sys/ioctl.h> 19 #include <sys/mman.h> 20 #include <sys/syscall.h> 21 #include <sys/uio.h> 22 #include <unistd.h> 23 #include "vm_util.h" 24 #include "thp_settings.h" 25 26 #include "../pidfd/pidfd.h" 27 28 /* 29 * Ignore the checkpatch warning, as per the C99 standard, section 7.14.1.1: 30 * 31 * "If the signal occurs other than as the result of calling the abort or raise 32 * function, the behavior is undefined if the signal handler refers to any 33 * object with static storage duration other than by assigning a value to an 34 * object declared as volatile sig_atomic_t" 35 */ 36 static volatile sig_atomic_t signal_jump_set; 37 static sigjmp_buf signal_jmp_buf; 38 39 /* 40 * How is the test backing the mapping being tested? 41 */ 42 enum backing_type { 43 ANON_BACKED, 44 SHMEM_BACKED, 45 LOCAL_FILE_BACKED, 46 }; 47 48 FIXTURE(guard_regions) 49 { 50 unsigned long page_size; 51 char path[PATH_MAX]; 52 int fd; 53 }; 54 55 FIXTURE_VARIANT(guard_regions) 56 { 57 enum backing_type backing; 58 }; 59 60 FIXTURE_VARIANT_ADD(guard_regions, anon) 61 { 62 .backing = ANON_BACKED, 63 }; 64 65 FIXTURE_VARIANT_ADD(guard_regions, shmem) 66 { 67 .backing = SHMEM_BACKED, 68 }; 69 70 FIXTURE_VARIANT_ADD(guard_regions, file) 71 { 72 .backing = LOCAL_FILE_BACKED, 73 }; 74 75 static bool is_anon_backed(const FIXTURE_VARIANT(guard_regions) * variant) 76 { 77 switch (variant->backing) { 78 case ANON_BACKED: 79 case SHMEM_BACKED: 80 return true; 81 default: 82 return false; 83 } 84 } 85 86 static void *mmap_(FIXTURE_DATA(guard_regions) * self, 87 const FIXTURE_VARIANT(guard_regions) * variant, 88 void *addr, size_t length, int prot, int extra_flags, 89 off_t offset) 90 { 91 int fd; 92 int flags = extra_flags; 93 94 switch (variant->backing) { 95 case ANON_BACKED: 96 flags |= MAP_PRIVATE | MAP_ANON; 97 fd = -1; 98 offset = 0; 99 break; 100 case SHMEM_BACKED: 101 case LOCAL_FILE_BACKED: 102 flags |= MAP_SHARED; 103 fd = self->fd; 104 break; 105 default: 106 ksft_exit_fail(); 107 break; 108 } 109 110 return mmap(addr, length, prot, flags, fd, offset); 111 } 112 113 static int userfaultfd(int flags) 114 { 115 return syscall(SYS_userfaultfd, flags); 116 } 117 118 static void handle_fatal(int c) 119 { 120 if (!signal_jump_set) 121 return; 122 123 siglongjmp(signal_jmp_buf, c); 124 } 125 126 static ssize_t sys_process_madvise(int pidfd, const struct iovec *iovec, 127 size_t n, int advice, unsigned int flags) 128 { 129 return syscall(__NR_process_madvise, pidfd, iovec, n, advice, flags); 130 } 131 132 /* 133 * Enable our signal catcher and try to read/write the specified buffer. The 134 * return value indicates whether the read/write succeeds without a fatal 135 * signal. 136 */ 137 static bool try_access_buf(char *ptr, bool write) 138 { 139 bool failed; 140 141 /* Tell signal handler to jump back here on fatal signal. */ 142 signal_jump_set = true; 143 /* If a fatal signal arose, we will jump back here and failed is set. */ 144 failed = sigsetjmp(signal_jmp_buf, 0) != 0; 145 146 if (!failed) { 147 if (write) 148 *ptr = 'x'; 149 else 150 FORCE_READ(*ptr); 151 } 152 153 signal_jump_set = false; 154 return !failed; 155 } 156 157 /* Try and read from a buffer, return true if no fatal signal. */ 158 static bool try_read_buf(char *ptr) 159 { 160 return try_access_buf(ptr, false); 161 } 162 163 /* Try and write to a buffer, return true if no fatal signal. */ 164 static bool try_write_buf(char *ptr) 165 { 166 return try_access_buf(ptr, true); 167 } 168 169 /* 170 * Try and BOTH read from AND write to a buffer, return true if BOTH operations 171 * succeed. 172 */ 173 static bool try_read_write_buf(char *ptr) 174 { 175 return try_read_buf(ptr) && try_write_buf(ptr); 176 } 177 178 static void setup_sighandler(void) 179 { 180 struct sigaction act = { 181 .sa_handler = &handle_fatal, 182 .sa_flags = SA_NODEFER, 183 }; 184 185 sigemptyset(&act.sa_mask); 186 if (sigaction(SIGSEGV, &act, NULL)) 187 ksft_exit_fail_perror("sigaction"); 188 } 189 190 static void teardown_sighandler(void) 191 { 192 struct sigaction act = { 193 .sa_handler = SIG_DFL, 194 .sa_flags = SA_NODEFER, 195 }; 196 197 sigemptyset(&act.sa_mask); 198 sigaction(SIGSEGV, &act, NULL); 199 } 200 201 static int open_file(const char *prefix, char *path) 202 { 203 int fd; 204 205 snprintf(path, PATH_MAX, "%sguard_regions_test_file_XXXXXX", prefix); 206 fd = mkstemp(path); 207 if (fd < 0) 208 ksft_exit_fail_perror("mkstemp"); 209 210 return fd; 211 } 212 213 /* Establish a varying pattern in a buffer. */ 214 static void set_pattern(char *ptr, size_t num_pages, size_t page_size) 215 { 216 size_t i; 217 218 for (i = 0; i < num_pages; i++) { 219 char *ptr2 = &ptr[i * page_size]; 220 221 memset(ptr2, 'a' + (i % 26), page_size); 222 } 223 } 224 225 /* 226 * Check that a buffer contains the pattern set by set_pattern(), starting at a 227 * page offset of pgoff within the buffer. 228 */ 229 static bool check_pattern_offset(char *ptr, size_t num_pages, size_t page_size, 230 size_t pgoff) 231 { 232 size_t i; 233 234 for (i = 0; i < num_pages * page_size; i++) { 235 size_t offset = pgoff * page_size + i; 236 char actual = ptr[offset]; 237 char expected = 'a' + ((offset / page_size) % 26); 238 239 if (actual != expected) 240 return false; 241 } 242 243 return true; 244 } 245 246 /* Check that a buffer contains the pattern set by set_pattern(). */ 247 static bool check_pattern(char *ptr, size_t num_pages, size_t page_size) 248 { 249 return check_pattern_offset(ptr, num_pages, page_size, 0); 250 } 251 252 /* Determine if a buffer contains only repetitions of a specified char. */ 253 static bool is_buf_eq(char *buf, size_t size, char chr) 254 { 255 size_t i; 256 257 for (i = 0; i < size; i++) { 258 if (buf[i] != chr) 259 return false; 260 } 261 262 return true; 263 } 264 265 /* 266 * Some file systems have issues with merging due to changing merge-sensitive 267 * parameters in the .mmap callback, and prior to .mmap_prepare being 268 * implemented everywhere this will now result in an unexpected failure to 269 * merge (e.g. - overlayfs). 270 * 271 * Perform a simple test to see if the local file system suffers from this, if 272 * it does then we can skip test logic that assumes local file system merging is 273 * sane. 274 */ 275 static bool local_fs_has_sane_mmap(FIXTURE_DATA(guard_regions) * self, 276 const FIXTURE_VARIANT(guard_regions) * variant) 277 { 278 const unsigned long page_size = self->page_size; 279 char *ptr, *ptr2; 280 struct procmap_fd procmap; 281 282 if (variant->backing != LOCAL_FILE_BACKED) 283 return true; 284 285 /* Map 10 pages. */ 286 ptr = mmap_(self, variant, NULL, 10 * page_size, PROT_READ | PROT_WRITE, 0, 0); 287 if (ptr == MAP_FAILED) 288 return false; 289 /* Unmap the middle. */ 290 munmap(&ptr[5 * page_size], page_size); 291 292 /* Map again. */ 293 ptr2 = mmap_(self, variant, &ptr[5 * page_size], page_size, PROT_READ | PROT_WRITE, 294 MAP_FIXED, 5 * page_size); 295 296 if (ptr2 == MAP_FAILED) 297 return false; 298 299 /* Now make sure they all merged. */ 300 if (open_self_procmap(&procmap) != 0) 301 return false; 302 if (!find_vma_procmap(&procmap, ptr)) 303 return false; 304 if (procmap.query.vma_start != (unsigned long)ptr) 305 return false; 306 if (procmap.query.vma_end != (unsigned long)ptr + 10 * page_size) 307 return false; 308 close_procmap(&procmap); 309 310 return true; 311 } 312 313 FIXTURE_SETUP(guard_regions) 314 { 315 self->page_size = (unsigned long)sysconf(_SC_PAGESIZE); 316 setup_sighandler(); 317 318 switch (variant->backing) { 319 case ANON_BACKED: 320 return; 321 case LOCAL_FILE_BACKED: 322 self->fd = open_file("", self->path); 323 break; 324 case SHMEM_BACKED: 325 self->fd = memfd_create(self->path, 0); 326 break; 327 } 328 329 /* We truncate file to at least 100 pages, tests can modify as needed. */ 330 ASSERT_EQ(ftruncate(self->fd, 100 * self->page_size), 0); 331 }; 332 333 FIXTURE_TEARDOWN_PARENT(guard_regions) 334 { 335 teardown_sighandler(); 336 337 if (variant->backing == ANON_BACKED) 338 return; 339 340 if (self->fd >= 0) 341 close(self->fd); 342 343 if (self->path[0] != '\0') 344 unlink(self->path); 345 } 346 347 TEST_F(guard_regions, basic) 348 { 349 const unsigned long NUM_PAGES = 10; 350 const unsigned long page_size = self->page_size; 351 char *ptr; 352 int i; 353 354 ptr = mmap_(self, variant, NULL, NUM_PAGES * page_size, 355 PROT_READ | PROT_WRITE, 0, 0); 356 ASSERT_NE(ptr, MAP_FAILED); 357 358 /* Trivially assert we can touch the first page. */ 359 ASSERT_TRUE(try_read_write_buf(ptr)); 360 361 ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0); 362 363 /* Establish that 1st page SIGSEGV's. */ 364 ASSERT_FALSE(try_read_write_buf(ptr)); 365 366 /* Ensure we can touch everything else.*/ 367 for (i = 1; i < NUM_PAGES; i++) { 368 char *curr = &ptr[i * page_size]; 369 370 ASSERT_TRUE(try_read_write_buf(curr)); 371 } 372 373 /* Establish a guard page at the end of the mapping. */ 374 ASSERT_EQ(madvise(&ptr[(NUM_PAGES - 1) * page_size], page_size, 375 MADV_GUARD_INSTALL), 0); 376 377 /* Check that both guard pages result in SIGSEGV. */ 378 ASSERT_FALSE(try_read_write_buf(ptr)); 379 ASSERT_FALSE(try_read_write_buf(&ptr[(NUM_PAGES - 1) * page_size])); 380 381 /* Remove the first guard page. */ 382 ASSERT_FALSE(madvise(ptr, page_size, MADV_GUARD_REMOVE)); 383 384 /* Make sure we can touch it. */ 385 ASSERT_TRUE(try_read_write_buf(ptr)); 386 387 /* Remove the last guard page. */ 388 ASSERT_FALSE(madvise(&ptr[(NUM_PAGES - 1) * page_size], page_size, 389 MADV_GUARD_REMOVE)); 390 391 /* Make sure we can touch it. */ 392 ASSERT_TRUE(try_read_write_buf(&ptr[(NUM_PAGES - 1) * page_size])); 393 394 /* 395 * Test setting a _range_ of pages, namely the first 3. The first of 396 * these be faulted in, so this also tests that we can install guard 397 * pages over backed pages. 398 */ 399 ASSERT_EQ(madvise(ptr, 3 * page_size, MADV_GUARD_INSTALL), 0); 400 401 /* Make sure they are all guard pages. */ 402 for (i = 0; i < 3; i++) { 403 char *curr = &ptr[i * page_size]; 404 405 ASSERT_FALSE(try_read_write_buf(curr)); 406 } 407 408 /* Make sure the rest are not. */ 409 for (i = 3; i < NUM_PAGES; i++) { 410 char *curr = &ptr[i * page_size]; 411 412 ASSERT_TRUE(try_read_write_buf(curr)); 413 } 414 415 /* Remove guard pages. */ 416 ASSERT_EQ(madvise(ptr, NUM_PAGES * page_size, MADV_GUARD_REMOVE), 0); 417 418 /* Now make sure we can touch everything. */ 419 for (i = 0; i < NUM_PAGES; i++) { 420 char *curr = &ptr[i * page_size]; 421 422 ASSERT_TRUE(try_read_write_buf(curr)); 423 } 424 425 /* 426 * Now remove all guard pages, make sure we don't remove existing 427 * entries. 428 */ 429 ASSERT_EQ(madvise(ptr, NUM_PAGES * page_size, MADV_GUARD_REMOVE), 0); 430 431 for (i = 0; i < NUM_PAGES * page_size; i += page_size) { 432 char chr = ptr[i]; 433 434 ASSERT_EQ(chr, 'x'); 435 } 436 437 ASSERT_EQ(munmap(ptr, NUM_PAGES * page_size), 0); 438 } 439 440 /* Assert that operations applied across multiple VMAs work as expected. */ 441 TEST_F(guard_regions, multi_vma) 442 { 443 const unsigned long page_size = self->page_size; 444 char *ptr_region, *ptr, *ptr1, *ptr2, *ptr3; 445 int i; 446 447 /* Reserve a 100 page region over which we can install VMAs. */ 448 ptr_region = mmap_(self, variant, NULL, 100 * page_size, 449 PROT_NONE, 0, 0); 450 ASSERT_NE(ptr_region, MAP_FAILED); 451 452 /* Place a VMA of 10 pages size at the start of the region. */ 453 ptr1 = mmap_(self, variant, ptr_region, 10 * page_size, 454 PROT_READ | PROT_WRITE, MAP_FIXED, 0); 455 ASSERT_NE(ptr1, MAP_FAILED); 456 457 /* Place a VMA of 5 pages size 50 pages into the region. */ 458 ptr2 = mmap_(self, variant, &ptr_region[50 * page_size], 5 * page_size, 459 PROT_READ | PROT_WRITE, MAP_FIXED, 0); 460 ASSERT_NE(ptr2, MAP_FAILED); 461 462 /* Place a VMA of 20 pages size at the end of the region. */ 463 ptr3 = mmap_(self, variant, &ptr_region[80 * page_size], 20 * page_size, 464 PROT_READ | PROT_WRITE, MAP_FIXED, 0); 465 ASSERT_NE(ptr3, MAP_FAILED); 466 467 /* Unmap gaps. */ 468 ASSERT_EQ(munmap(&ptr_region[10 * page_size], 40 * page_size), 0); 469 ASSERT_EQ(munmap(&ptr_region[55 * page_size], 25 * page_size), 0); 470 471 /* 472 * We end up with VMAs like this: 473 * 474 * 0 10 .. 50 55 .. 80 100 475 * [---] [---] [---] 476 */ 477 478 /* 479 * Now mark the whole range as guard pages and make sure all VMAs are as 480 * such. 481 */ 482 483 /* 484 * madvise() is certifiable and lets you perform operations over gaps, 485 * everything works, but it indicates an error and errno is set to 486 * -ENOMEM. Also if anything runs out of memory it is set to 487 * -ENOMEM. You are meant to guess which is which. 488 */ 489 ASSERT_EQ(madvise(ptr_region, 100 * page_size, MADV_GUARD_INSTALL), -1); 490 ASSERT_EQ(errno, ENOMEM); 491 492 for (i = 0; i < 10; i++) { 493 char *curr = &ptr1[i * page_size]; 494 495 ASSERT_FALSE(try_read_write_buf(curr)); 496 } 497 498 for (i = 0; i < 5; i++) { 499 char *curr = &ptr2[i * page_size]; 500 501 ASSERT_FALSE(try_read_write_buf(curr)); 502 } 503 504 for (i = 0; i < 20; i++) { 505 char *curr = &ptr3[i * page_size]; 506 507 ASSERT_FALSE(try_read_write_buf(curr)); 508 } 509 510 /* Now remove guar pages over range and assert the opposite. */ 511 512 ASSERT_EQ(madvise(ptr_region, 100 * page_size, MADV_GUARD_REMOVE), -1); 513 ASSERT_EQ(errno, ENOMEM); 514 515 for (i = 0; i < 10; i++) { 516 char *curr = &ptr1[i * page_size]; 517 518 ASSERT_TRUE(try_read_write_buf(curr)); 519 } 520 521 for (i = 0; i < 5; i++) { 522 char *curr = &ptr2[i * page_size]; 523 524 ASSERT_TRUE(try_read_write_buf(curr)); 525 } 526 527 for (i = 0; i < 20; i++) { 528 char *curr = &ptr3[i * page_size]; 529 530 ASSERT_TRUE(try_read_write_buf(curr)); 531 } 532 533 /* Now map incompatible VMAs in the gaps. */ 534 ptr = mmap_(self, variant, &ptr_region[10 * page_size], 40 * page_size, 535 PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED, 0); 536 ASSERT_NE(ptr, MAP_FAILED); 537 ptr = mmap_(self, variant, &ptr_region[55 * page_size], 25 * page_size, 538 PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED, 0); 539 ASSERT_NE(ptr, MAP_FAILED); 540 541 /* 542 * We end up with VMAs like this: 543 * 544 * 0 10 .. 50 55 .. 80 100 545 * [---][xxxx][---][xxxx][---] 546 * 547 * Where 'x' signifies VMAs that cannot be merged with those adjacent to 548 * them. 549 */ 550 551 /* Multiple VMAs adjacent to one another should result in no error. */ 552 ASSERT_EQ(madvise(ptr_region, 100 * page_size, MADV_GUARD_INSTALL), 0); 553 for (i = 0; i < 100; i++) { 554 char *curr = &ptr_region[i * page_size]; 555 556 ASSERT_FALSE(try_read_write_buf(curr)); 557 } 558 ASSERT_EQ(madvise(ptr_region, 100 * page_size, MADV_GUARD_REMOVE), 0); 559 for (i = 0; i < 100; i++) { 560 char *curr = &ptr_region[i * page_size]; 561 562 ASSERT_TRUE(try_read_write_buf(curr)); 563 } 564 565 /* Cleanup. */ 566 ASSERT_EQ(munmap(ptr_region, 100 * page_size), 0); 567 } 568 569 /* 570 * Assert that batched operations performed using process_madvise() work as 571 * expected. 572 */ 573 TEST_F(guard_regions, process_madvise) 574 { 575 const unsigned long page_size = self->page_size; 576 char *ptr_region, *ptr1, *ptr2, *ptr3; 577 ssize_t count; 578 struct iovec vec[6]; 579 580 /* Reserve region to map over. */ 581 ptr_region = mmap_(self, variant, NULL, 100 * page_size, 582 PROT_NONE, 0, 0); 583 ASSERT_NE(ptr_region, MAP_FAILED); 584 585 /* 586 * 10 pages offset 1 page into reserve region. We MAP_POPULATE so we 587 * overwrite existing entries and test this code path against 588 * overwriting existing entries. 589 */ 590 ptr1 = mmap_(self, variant, &ptr_region[page_size], 10 * page_size, 591 PROT_READ | PROT_WRITE, MAP_FIXED | MAP_POPULATE, 0); 592 ASSERT_NE(ptr1, MAP_FAILED); 593 /* We want guard markers at start/end of each VMA. */ 594 vec[0].iov_base = ptr1; 595 vec[0].iov_len = page_size; 596 vec[1].iov_base = &ptr1[9 * page_size]; 597 vec[1].iov_len = page_size; 598 599 /* 5 pages offset 50 pages into reserve region. */ 600 ptr2 = mmap_(self, variant, &ptr_region[50 * page_size], 5 * page_size, 601 PROT_READ | PROT_WRITE, MAP_FIXED, 0); 602 ASSERT_NE(ptr2, MAP_FAILED); 603 vec[2].iov_base = ptr2; 604 vec[2].iov_len = page_size; 605 vec[3].iov_base = &ptr2[4 * page_size]; 606 vec[3].iov_len = page_size; 607 608 /* 20 pages offset 79 pages into reserve region. */ 609 ptr3 = mmap_(self, variant, &ptr_region[79 * page_size], 20 * page_size, 610 PROT_READ | PROT_WRITE, MAP_FIXED, 0); 611 ASSERT_NE(ptr3, MAP_FAILED); 612 vec[4].iov_base = ptr3; 613 vec[4].iov_len = page_size; 614 vec[5].iov_base = &ptr3[19 * page_size]; 615 vec[5].iov_len = page_size; 616 617 /* Free surrounding VMAs. */ 618 ASSERT_EQ(munmap(ptr_region, page_size), 0); 619 ASSERT_EQ(munmap(&ptr_region[11 * page_size], 39 * page_size), 0); 620 ASSERT_EQ(munmap(&ptr_region[55 * page_size], 24 * page_size), 0); 621 ASSERT_EQ(munmap(&ptr_region[99 * page_size], page_size), 0); 622 623 /* Now guard in one step. */ 624 count = sys_process_madvise(PIDFD_SELF, vec, 6, MADV_GUARD_INSTALL, 0); 625 626 /* OK we don't have permission to do this, skip. */ 627 if (count == -1 && errno == EPERM) 628 SKIP(return, "No process_madvise() permissions, try running as root.\n"); 629 630 /* Returns the number of bytes advised. */ 631 ASSERT_EQ(count, 6 * page_size); 632 633 /* Now make sure the guarding was applied. */ 634 635 ASSERT_FALSE(try_read_write_buf(ptr1)); 636 ASSERT_FALSE(try_read_write_buf(&ptr1[9 * page_size])); 637 638 ASSERT_FALSE(try_read_write_buf(ptr2)); 639 ASSERT_FALSE(try_read_write_buf(&ptr2[4 * page_size])); 640 641 ASSERT_FALSE(try_read_write_buf(ptr3)); 642 ASSERT_FALSE(try_read_write_buf(&ptr3[19 * page_size])); 643 644 /* Now do the same with unguard... */ 645 count = sys_process_madvise(PIDFD_SELF, vec, 6, MADV_GUARD_REMOVE, 0); 646 647 /* ...and everything should now succeed. */ 648 649 ASSERT_TRUE(try_read_write_buf(ptr1)); 650 ASSERT_TRUE(try_read_write_buf(&ptr1[9 * page_size])); 651 652 ASSERT_TRUE(try_read_write_buf(ptr2)); 653 ASSERT_TRUE(try_read_write_buf(&ptr2[4 * page_size])); 654 655 ASSERT_TRUE(try_read_write_buf(ptr3)); 656 ASSERT_TRUE(try_read_write_buf(&ptr3[19 * page_size])); 657 658 /* Cleanup. */ 659 ASSERT_EQ(munmap(ptr1, 10 * page_size), 0); 660 ASSERT_EQ(munmap(ptr2, 5 * page_size), 0); 661 ASSERT_EQ(munmap(ptr3, 20 * page_size), 0); 662 } 663 664 /* Assert that unmapping ranges does not leave guard markers behind. */ 665 TEST_F(guard_regions, munmap) 666 { 667 const unsigned long page_size = self->page_size; 668 char *ptr, *ptr_new1, *ptr_new2; 669 670 ptr = mmap_(self, variant, NULL, 10 * page_size, 671 PROT_READ | PROT_WRITE, 0, 0); 672 ASSERT_NE(ptr, MAP_FAILED); 673 674 /* Guard first and last pages. */ 675 ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0); 676 ASSERT_EQ(madvise(&ptr[9 * page_size], page_size, MADV_GUARD_INSTALL), 0); 677 678 /* Assert that they are guarded. */ 679 ASSERT_FALSE(try_read_write_buf(ptr)); 680 ASSERT_FALSE(try_read_write_buf(&ptr[9 * page_size])); 681 682 /* Unmap them. */ 683 ASSERT_EQ(munmap(ptr, page_size), 0); 684 ASSERT_EQ(munmap(&ptr[9 * page_size], page_size), 0); 685 686 /* Map over them.*/ 687 ptr_new1 = mmap_(self, variant, ptr, page_size, PROT_READ | PROT_WRITE, 688 MAP_FIXED, 0); 689 ASSERT_NE(ptr_new1, MAP_FAILED); 690 ptr_new2 = mmap_(self, variant, &ptr[9 * page_size], page_size, 691 PROT_READ | PROT_WRITE, MAP_FIXED, 0); 692 ASSERT_NE(ptr_new2, MAP_FAILED); 693 694 /* Assert that they are now not guarded. */ 695 ASSERT_TRUE(try_read_write_buf(ptr_new1)); 696 ASSERT_TRUE(try_read_write_buf(ptr_new2)); 697 698 /* Cleanup. */ 699 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 700 } 701 702 /* Assert that mprotect() operations have no bearing on guard markers. */ 703 TEST_F(guard_regions, mprotect) 704 { 705 const unsigned long page_size = self->page_size; 706 char *ptr; 707 int i; 708 709 ptr = mmap_(self, variant, NULL, 10 * page_size, 710 PROT_READ | PROT_WRITE, 0, 0); 711 ASSERT_NE(ptr, MAP_FAILED); 712 713 /* Guard the middle of the range. */ 714 ASSERT_EQ(madvise(&ptr[5 * page_size], 2 * page_size, 715 MADV_GUARD_INSTALL), 0); 716 717 /* Assert that it is indeed guarded. */ 718 ASSERT_FALSE(try_read_write_buf(&ptr[5 * page_size])); 719 ASSERT_FALSE(try_read_write_buf(&ptr[6 * page_size])); 720 721 /* Now make these pages read-only. */ 722 ASSERT_EQ(mprotect(&ptr[5 * page_size], 2 * page_size, PROT_READ), 0); 723 724 /* Make sure the range is still guarded. */ 725 ASSERT_FALSE(try_read_buf(&ptr[5 * page_size])); 726 ASSERT_FALSE(try_read_buf(&ptr[6 * page_size])); 727 728 /* Make sure we can guard again without issue.*/ 729 ASSERT_EQ(madvise(&ptr[5 * page_size], 2 * page_size, 730 MADV_GUARD_INSTALL), 0); 731 732 /* Make sure the range is, yet again, still guarded. */ 733 ASSERT_FALSE(try_read_buf(&ptr[5 * page_size])); 734 ASSERT_FALSE(try_read_buf(&ptr[6 * page_size])); 735 736 /* Now unguard the whole range. */ 737 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0); 738 739 /* Make sure the whole range is readable. */ 740 for (i = 0; i < 10; i++) { 741 char *curr = &ptr[i * page_size]; 742 743 ASSERT_TRUE(try_read_buf(curr)); 744 } 745 746 /* Cleanup. */ 747 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 748 } 749 750 /* Split and merge VMAs and make sure guard pages still behave. */ 751 TEST_F(guard_regions, split_merge) 752 { 753 const unsigned long page_size = self->page_size; 754 char *ptr, *ptr_new; 755 int i; 756 757 ptr = mmap_(self, variant, NULL, 10 * page_size, 758 PROT_READ | PROT_WRITE, 0, 0); 759 ASSERT_NE(ptr, MAP_FAILED); 760 761 /* Guard the whole range. */ 762 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0); 763 764 /* Make sure the whole range is guarded. */ 765 for (i = 0; i < 10; i++) { 766 char *curr = &ptr[i * page_size]; 767 768 ASSERT_FALSE(try_read_write_buf(curr)); 769 } 770 771 /* Now unmap some pages in the range so we split. */ 772 ASSERT_EQ(munmap(&ptr[2 * page_size], page_size), 0); 773 ASSERT_EQ(munmap(&ptr[5 * page_size], page_size), 0); 774 ASSERT_EQ(munmap(&ptr[8 * page_size], page_size), 0); 775 776 /* Make sure the remaining ranges are guarded post-split. */ 777 for (i = 0; i < 2; i++) { 778 char *curr = &ptr[i * page_size]; 779 780 ASSERT_FALSE(try_read_write_buf(curr)); 781 } 782 for (i = 2; i < 5; i++) { 783 char *curr = &ptr[i * page_size]; 784 785 ASSERT_FALSE(try_read_write_buf(curr)); 786 } 787 for (i = 6; i < 8; i++) { 788 char *curr = &ptr[i * page_size]; 789 790 ASSERT_FALSE(try_read_write_buf(curr)); 791 } 792 for (i = 9; i < 10; i++) { 793 char *curr = &ptr[i * page_size]; 794 795 ASSERT_FALSE(try_read_write_buf(curr)); 796 } 797 798 /* Now map them again - the unmap will have cleared the guards. */ 799 ptr_new = mmap_(self, variant, &ptr[2 * page_size], page_size, 800 PROT_READ | PROT_WRITE, MAP_FIXED, 0); 801 ASSERT_NE(ptr_new, MAP_FAILED); 802 ptr_new = mmap_(self, variant, &ptr[5 * page_size], page_size, 803 PROT_READ | PROT_WRITE, MAP_FIXED, 0); 804 ASSERT_NE(ptr_new, MAP_FAILED); 805 ptr_new = mmap_(self, variant, &ptr[8 * page_size], page_size, 806 PROT_READ | PROT_WRITE, MAP_FIXED, 0); 807 ASSERT_NE(ptr_new, MAP_FAILED); 808 809 /* Now make sure guard pages are established. */ 810 for (i = 0; i < 10; i++) { 811 char *curr = &ptr[i * page_size]; 812 bool result = try_read_write_buf(curr); 813 bool expect_true = i == 2 || i == 5 || i == 8; 814 815 ASSERT_TRUE(expect_true ? result : !result); 816 } 817 818 /* Now guard everything again. */ 819 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0); 820 821 /* Make sure the whole range is guarded. */ 822 for (i = 0; i < 10; i++) { 823 char *curr = &ptr[i * page_size]; 824 825 ASSERT_FALSE(try_read_write_buf(curr)); 826 } 827 828 /* Now split the range into three. */ 829 ASSERT_EQ(mprotect(ptr, 3 * page_size, PROT_READ), 0); 830 ASSERT_EQ(mprotect(&ptr[7 * page_size], 3 * page_size, PROT_READ), 0); 831 832 /* Make sure the whole range is guarded for read. */ 833 for (i = 0; i < 10; i++) { 834 char *curr = &ptr[i * page_size]; 835 836 ASSERT_FALSE(try_read_buf(curr)); 837 } 838 839 /* Now reset protection bits so we merge the whole thing. */ 840 ASSERT_EQ(mprotect(ptr, 3 * page_size, PROT_READ | PROT_WRITE), 0); 841 ASSERT_EQ(mprotect(&ptr[7 * page_size], 3 * page_size, 842 PROT_READ | PROT_WRITE), 0); 843 844 /* Make sure the whole range is still guarded. */ 845 for (i = 0; i < 10; i++) { 846 char *curr = &ptr[i * page_size]; 847 848 ASSERT_FALSE(try_read_write_buf(curr)); 849 } 850 851 /* Split range into 3 again... */ 852 ASSERT_EQ(mprotect(ptr, 3 * page_size, PROT_READ), 0); 853 ASSERT_EQ(mprotect(&ptr[7 * page_size], 3 * page_size, PROT_READ), 0); 854 855 /* ...and unguard the whole range. */ 856 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0); 857 858 /* Make sure the whole range is remedied for read. */ 859 for (i = 0; i < 10; i++) { 860 char *curr = &ptr[i * page_size]; 861 862 ASSERT_TRUE(try_read_buf(curr)); 863 } 864 865 /* Merge them again. */ 866 ASSERT_EQ(mprotect(ptr, 3 * page_size, PROT_READ | PROT_WRITE), 0); 867 ASSERT_EQ(mprotect(&ptr[7 * page_size], 3 * page_size, 868 PROT_READ | PROT_WRITE), 0); 869 870 /* Now ensure the merged range is remedied for read/write. */ 871 for (i = 0; i < 10; i++) { 872 char *curr = &ptr[i * page_size]; 873 874 ASSERT_TRUE(try_read_write_buf(curr)); 875 } 876 877 /* Cleanup. */ 878 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 879 } 880 881 /* Assert that MADV_DONTNEED does not remove guard markers. */ 882 TEST_F(guard_regions, dontneed) 883 { 884 const unsigned long page_size = self->page_size; 885 char *ptr; 886 int i; 887 888 ptr = mmap_(self, variant, NULL, 10 * page_size, 889 PROT_READ | PROT_WRITE, 0, 0); 890 ASSERT_NE(ptr, MAP_FAILED); 891 892 /* Back the whole range. */ 893 for (i = 0; i < 10; i++) { 894 char *curr = &ptr[i * page_size]; 895 896 *curr = 'y'; 897 } 898 899 /* Guard every other page. */ 900 for (i = 0; i < 10; i += 2) { 901 char *curr = &ptr[i * page_size]; 902 int res = madvise(curr, page_size, MADV_GUARD_INSTALL); 903 904 ASSERT_EQ(res, 0); 905 } 906 907 /* Indicate that we don't need any of the range. */ 908 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_DONTNEED), 0); 909 910 /* Check to ensure guard markers are still in place. */ 911 for (i = 0; i < 10; i++) { 912 char *curr = &ptr[i * page_size]; 913 bool result = try_read_buf(curr); 914 915 if (i % 2 == 0) { 916 ASSERT_FALSE(result); 917 } else { 918 ASSERT_TRUE(result); 919 switch (variant->backing) { 920 case ANON_BACKED: 921 /* If anon, then we get a zero page. */ 922 ASSERT_EQ(*curr, '\0'); 923 break; 924 default: 925 /* Otherwise, we get the file data. */ 926 ASSERT_EQ(*curr, 'y'); 927 break; 928 } 929 } 930 931 /* Now write... */ 932 result = try_write_buf(&ptr[i * page_size]); 933 934 /* ...and make sure same result. */ 935 ASSERT_TRUE(i % 2 != 0 ? result : !result); 936 } 937 938 /* Cleanup. */ 939 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 940 } 941 942 /* Assert that mlock()'ed pages work correctly with guard markers. */ 943 TEST_F(guard_regions, mlock) 944 { 945 const unsigned long page_size = self->page_size; 946 char *ptr; 947 int i; 948 949 ptr = mmap_(self, variant, NULL, 10 * page_size, 950 PROT_READ | PROT_WRITE, 0, 0); 951 ASSERT_NE(ptr, MAP_FAILED); 952 953 /* Populate. */ 954 for (i = 0; i < 10; i++) { 955 char *curr = &ptr[i * page_size]; 956 957 *curr = 'y'; 958 } 959 960 /* Lock. */ 961 ASSERT_EQ(mlock(ptr, 10 * page_size), 0); 962 963 /* Now try to guard, should fail with EINVAL. */ 964 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), -1); 965 ASSERT_EQ(errno, EINVAL); 966 967 /* OK unlock. */ 968 ASSERT_EQ(munlock(ptr, 10 * page_size), 0); 969 970 /* Guard first half of range, should now succeed. */ 971 ASSERT_EQ(madvise(ptr, 5 * page_size, MADV_GUARD_INSTALL), 0); 972 973 /* Make sure guard works. */ 974 for (i = 0; i < 10; i++) { 975 char *curr = &ptr[i * page_size]; 976 bool result = try_read_write_buf(curr); 977 978 if (i < 5) { 979 ASSERT_FALSE(result); 980 } else { 981 ASSERT_TRUE(result); 982 ASSERT_EQ(*curr, 'x'); 983 } 984 } 985 986 /* 987 * Now lock the latter part of the range. We can't lock the guard pages, 988 * as this would result in the pages being populated and the guarding 989 * would cause this to error out. 990 */ 991 ASSERT_EQ(mlock(&ptr[5 * page_size], 5 * page_size), 0); 992 993 /* 994 * Now remove guard pages, we permit mlock()'d ranges to have guard 995 * pages removed as it is a non-destructive operation. 996 */ 997 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0); 998 999 /* Now check that no guard pages remain. */ 1000 for (i = 0; i < 10; i++) { 1001 char *curr = &ptr[i * page_size]; 1002 1003 ASSERT_TRUE(try_read_write_buf(curr)); 1004 } 1005 1006 /* Cleanup. */ 1007 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1008 } 1009 1010 /* 1011 * Assert that moving, extending and shrinking memory via mremap() retains 1012 * guard markers where possible. 1013 * 1014 * - Moving a mapping alone should retain markers as they are. 1015 */ 1016 TEST_F(guard_regions, mremap_move) 1017 { 1018 const unsigned long page_size = self->page_size; 1019 char *ptr, *ptr_new; 1020 1021 /* Map 5 pages. */ 1022 ptr = mmap_(self, variant, NULL, 5 * page_size, 1023 PROT_READ | PROT_WRITE, 0, 0); 1024 ASSERT_NE(ptr, MAP_FAILED); 1025 1026 /* Place guard markers at both ends of the 5 page span. */ 1027 ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0); 1028 ASSERT_EQ(madvise(&ptr[4 * page_size], page_size, MADV_GUARD_INSTALL), 0); 1029 1030 /* Make sure the guard pages are in effect. */ 1031 ASSERT_FALSE(try_read_write_buf(ptr)); 1032 ASSERT_FALSE(try_read_write_buf(&ptr[4 * page_size])); 1033 1034 /* Map a new region we will move this range into. Doing this ensures 1035 * that we have reserved a range to map into. 1036 */ 1037 ptr_new = mmap_(self, variant, NULL, 5 * page_size, PROT_NONE, 0, 0); 1038 ASSERT_NE(ptr_new, MAP_FAILED); 1039 1040 ASSERT_EQ(mremap(ptr, 5 * page_size, 5 * page_size, 1041 MREMAP_MAYMOVE | MREMAP_FIXED, ptr_new), ptr_new); 1042 1043 /* Make sure the guard markers are retained. */ 1044 ASSERT_FALSE(try_read_write_buf(ptr_new)); 1045 ASSERT_FALSE(try_read_write_buf(&ptr_new[4 * page_size])); 1046 1047 /* 1048 * Clean up - we only need reference the new pointer as we overwrote the 1049 * PROT_NONE range and moved the existing one. 1050 */ 1051 munmap(ptr_new, 5 * page_size); 1052 } 1053 1054 /* 1055 * Assert that moving, extending and shrinking memory via mremap() retains 1056 * guard markers where possible. 1057 * 1058 * Expanding should retain guard pages, only now in different position. The user 1059 * will have to remove guard pages manually to fix up (they'd have to do the 1060 * same if it were a PROT_NONE mapping). 1061 */ 1062 TEST_F(guard_regions, mremap_expand) 1063 { 1064 const unsigned long page_size = self->page_size; 1065 char *ptr, *ptr_new; 1066 1067 /* Map 10 pages... */ 1068 ptr = mmap_(self, variant, NULL, 10 * page_size, 1069 PROT_READ | PROT_WRITE, 0, 0); 1070 ASSERT_NE(ptr, MAP_FAILED); 1071 /* ...But unmap the last 5 so we can ensure we can expand into them. */ 1072 ASSERT_EQ(munmap(&ptr[5 * page_size], 5 * page_size), 0); 1073 1074 /* Place guard markers at both ends of the 5 page span. */ 1075 ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0); 1076 ASSERT_EQ(madvise(&ptr[4 * page_size], page_size, MADV_GUARD_INSTALL), 0); 1077 1078 /* Make sure the guarding is in effect. */ 1079 ASSERT_FALSE(try_read_write_buf(ptr)); 1080 ASSERT_FALSE(try_read_write_buf(&ptr[4 * page_size])); 1081 1082 /* Now expand to 10 pages. */ 1083 ptr = mremap(ptr, 5 * page_size, 10 * page_size, 0); 1084 ASSERT_NE(ptr, MAP_FAILED); 1085 1086 /* 1087 * Make sure the guard markers are retained in their original positions. 1088 */ 1089 ASSERT_FALSE(try_read_write_buf(ptr)); 1090 ASSERT_FALSE(try_read_write_buf(&ptr[4 * page_size])); 1091 1092 /* Reserve a region which we can move to and expand into. */ 1093 ptr_new = mmap_(self, variant, NULL, 20 * page_size, PROT_NONE, 0, 0); 1094 ASSERT_NE(ptr_new, MAP_FAILED); 1095 1096 /* Now move and expand into it. */ 1097 ptr = mremap(ptr, 10 * page_size, 20 * page_size, 1098 MREMAP_MAYMOVE | MREMAP_FIXED, ptr_new); 1099 ASSERT_EQ(ptr, ptr_new); 1100 1101 /* 1102 * Again, make sure the guard markers are retained in their original positions. 1103 */ 1104 ASSERT_FALSE(try_read_write_buf(ptr)); 1105 ASSERT_FALSE(try_read_write_buf(&ptr[4 * page_size])); 1106 1107 /* 1108 * A real user would have to remove guard markers, but would reasonably 1109 * expect all characteristics of the mapping to be retained, including 1110 * guard markers. 1111 */ 1112 1113 /* Cleanup. */ 1114 munmap(ptr, 20 * page_size); 1115 } 1116 /* 1117 * Assert that moving, extending and shrinking memory via mremap() retains 1118 * guard markers where possible. 1119 * 1120 * Shrinking will result in markers that are shrunk over being removed. Again, 1121 * if the user were using a PROT_NONE mapping they'd have to manually fix this 1122 * up also so this is OK. 1123 */ 1124 TEST_F(guard_regions, mremap_shrink) 1125 { 1126 const unsigned long page_size = self->page_size; 1127 char *ptr; 1128 int i; 1129 1130 /* Map 5 pages. */ 1131 ptr = mmap_(self, variant, NULL, 5 * page_size, 1132 PROT_READ | PROT_WRITE, 0, 0); 1133 ASSERT_NE(ptr, MAP_FAILED); 1134 1135 /* Place guard markers at both ends of the 5 page span. */ 1136 ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0); 1137 ASSERT_EQ(madvise(&ptr[4 * page_size], page_size, MADV_GUARD_INSTALL), 0); 1138 1139 /* Make sure the guarding is in effect. */ 1140 ASSERT_FALSE(try_read_write_buf(ptr)); 1141 ASSERT_FALSE(try_read_write_buf(&ptr[4 * page_size])); 1142 1143 /* Now shrink to 3 pages. */ 1144 ptr = mremap(ptr, 5 * page_size, 3 * page_size, MREMAP_MAYMOVE); 1145 ASSERT_NE(ptr, MAP_FAILED); 1146 1147 /* We expect the guard marker at the start to be retained... */ 1148 ASSERT_FALSE(try_read_write_buf(ptr)); 1149 1150 /* ...But remaining pages will not have guard markers. */ 1151 for (i = 1; i < 3; i++) { 1152 char *curr = &ptr[i * page_size]; 1153 1154 ASSERT_TRUE(try_read_write_buf(curr)); 1155 } 1156 1157 /* 1158 * As with expansion, a real user would have to remove guard pages and 1159 * fixup. But you'd have to do similar manual things with PROT_NONE 1160 * mappings too. 1161 */ 1162 1163 /* 1164 * If we expand back to the original size, the end marker will, of 1165 * course, no longer be present. 1166 */ 1167 ptr = mremap(ptr, 3 * page_size, 5 * page_size, 0); 1168 ASSERT_NE(ptr, MAP_FAILED); 1169 1170 /* Again, we expect the guard marker at the start to be retained... */ 1171 ASSERT_FALSE(try_read_write_buf(ptr)); 1172 1173 /* ...But remaining pages will not have guard markers. */ 1174 for (i = 1; i < 5; i++) { 1175 char *curr = &ptr[i * page_size]; 1176 1177 ASSERT_TRUE(try_read_write_buf(curr)); 1178 } 1179 1180 /* Cleanup. */ 1181 munmap(ptr, 5 * page_size); 1182 } 1183 1184 /* 1185 * Assert that forking a process with VMAs that do not have VM_WIPEONFORK set 1186 * retain guard pages. 1187 */ 1188 TEST_F(guard_regions, fork) 1189 { 1190 const unsigned long page_size = self->page_size; 1191 char *ptr; 1192 pid_t pid; 1193 int i; 1194 1195 /* Map 10 pages. */ 1196 ptr = mmap_(self, variant, NULL, 10 * page_size, 1197 PROT_READ | PROT_WRITE, 0, 0); 1198 ASSERT_NE(ptr, MAP_FAILED); 1199 1200 /* Establish guard pages in the first 5 pages. */ 1201 ASSERT_EQ(madvise(ptr, 5 * page_size, MADV_GUARD_INSTALL), 0); 1202 1203 pid = fork(); 1204 ASSERT_NE(pid, -1); 1205 if (!pid) { 1206 /* This is the child process now. */ 1207 1208 /* Assert that the guarding is in effect. */ 1209 for (i = 0; i < 10; i++) { 1210 char *curr = &ptr[i * page_size]; 1211 bool result = try_read_write_buf(curr); 1212 1213 ASSERT_TRUE(i >= 5 ? result : !result); 1214 } 1215 1216 /* Now unguard the range.*/ 1217 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0); 1218 1219 exit(0); 1220 } 1221 1222 /* Parent process. */ 1223 1224 /* Parent simply waits on child. */ 1225 waitpid(pid, NULL, 0); 1226 1227 /* Child unguard does not impact parent page table state. */ 1228 for (i = 0; i < 10; i++) { 1229 char *curr = &ptr[i * page_size]; 1230 bool result = try_read_write_buf(curr); 1231 1232 ASSERT_TRUE(i >= 5 ? result : !result); 1233 } 1234 1235 /* Cleanup. */ 1236 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1237 } 1238 1239 /* 1240 * Assert expected behaviour after we fork populated ranges of anonymous memory 1241 * and then guard and unguard the range. 1242 */ 1243 TEST_F(guard_regions, fork_cow) 1244 { 1245 const unsigned long page_size = self->page_size; 1246 char *ptr; 1247 pid_t pid; 1248 int i; 1249 1250 if (variant->backing != ANON_BACKED) 1251 SKIP(return, "CoW only supported on anon mappings"); 1252 1253 /* Map 10 pages. */ 1254 ptr = mmap_(self, variant, NULL, 10 * page_size, 1255 PROT_READ | PROT_WRITE, 0, 0); 1256 ASSERT_NE(ptr, MAP_FAILED); 1257 1258 /* Populate range. */ 1259 for (i = 0; i < 10 * page_size; i++) { 1260 char chr = 'a' + (i % 26); 1261 1262 ptr[i] = chr; 1263 } 1264 1265 pid = fork(); 1266 ASSERT_NE(pid, -1); 1267 if (!pid) { 1268 /* This is the child process now. */ 1269 1270 /* Ensure the range is as expected. */ 1271 for (i = 0; i < 10 * page_size; i++) { 1272 char expected = 'a' + (i % 26); 1273 char actual = ptr[i]; 1274 1275 ASSERT_EQ(actual, expected); 1276 } 1277 1278 /* Establish guard pages across the whole range. */ 1279 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0); 1280 /* Remove it. */ 1281 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0); 1282 1283 /* 1284 * By removing the guard pages, the page tables will be 1285 * cleared. Assert that we are looking at the zero page now. 1286 */ 1287 for (i = 0; i < 10 * page_size; i++) { 1288 char actual = ptr[i]; 1289 1290 ASSERT_EQ(actual, '\0'); 1291 } 1292 1293 exit(0); 1294 } 1295 1296 /* Parent process. */ 1297 1298 /* Parent simply waits on child. */ 1299 waitpid(pid, NULL, 0); 1300 1301 /* Ensure the range is unchanged in parent anon range. */ 1302 for (i = 0; i < 10 * page_size; i++) { 1303 char expected = 'a' + (i % 26); 1304 char actual = ptr[i]; 1305 1306 ASSERT_EQ(actual, expected); 1307 } 1308 1309 /* Cleanup. */ 1310 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1311 } 1312 1313 /* 1314 * Assert that forking a process with VMAs that do have VM_WIPEONFORK set 1315 * behave as expected. 1316 */ 1317 TEST_F(guard_regions, fork_wipeonfork) 1318 { 1319 const unsigned long page_size = self->page_size; 1320 char *ptr; 1321 pid_t pid; 1322 int i; 1323 1324 if (variant->backing != ANON_BACKED) 1325 SKIP(return, "Wipe on fork only supported on anon mappings"); 1326 1327 /* Map 10 pages. */ 1328 ptr = mmap_(self, variant, NULL, 10 * page_size, 1329 PROT_READ | PROT_WRITE, 0, 0); 1330 ASSERT_NE(ptr, MAP_FAILED); 1331 1332 /* Mark wipe on fork. */ 1333 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_WIPEONFORK), 0); 1334 1335 /* Guard the first 5 pages. */ 1336 ASSERT_EQ(madvise(ptr, 5 * page_size, MADV_GUARD_INSTALL), 0); 1337 1338 pid = fork(); 1339 ASSERT_NE(pid, -1); 1340 if (!pid) { 1341 /* This is the child process now. */ 1342 1343 /* Guard will have been wiped. */ 1344 for (i = 0; i < 10; i++) { 1345 char *curr = &ptr[i * page_size]; 1346 1347 ASSERT_TRUE(try_read_write_buf(curr)); 1348 } 1349 1350 exit(0); 1351 } 1352 1353 /* Parent process. */ 1354 1355 waitpid(pid, NULL, 0); 1356 1357 /* Guard markers should be in effect.*/ 1358 for (i = 0; i < 10; i++) { 1359 char *curr = &ptr[i * page_size]; 1360 bool result = try_read_write_buf(curr); 1361 1362 ASSERT_TRUE(i >= 5 ? result : !result); 1363 } 1364 1365 /* Cleanup. */ 1366 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1367 } 1368 1369 /* Ensure that MADV_FREE retains guard entries as expected. */ 1370 TEST_F(guard_regions, lazyfree) 1371 { 1372 const unsigned long page_size = self->page_size; 1373 char *ptr; 1374 int i; 1375 1376 if (variant->backing != ANON_BACKED) 1377 SKIP(return, "MADV_FREE only supported on anon mappings"); 1378 1379 /* Map 10 pages. */ 1380 ptr = mmap_(self, variant, NULL, 10 * page_size, 1381 PROT_READ | PROT_WRITE, 0, 0); 1382 ASSERT_NE(ptr, MAP_FAILED); 1383 1384 /* Guard range. */ 1385 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0); 1386 1387 /* Ensure guarded. */ 1388 for (i = 0; i < 10; i++) { 1389 char *curr = &ptr[i * page_size]; 1390 1391 ASSERT_FALSE(try_read_write_buf(curr)); 1392 } 1393 1394 /* Lazyfree range. */ 1395 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_FREE), 0); 1396 1397 /* This should leave the guard markers in place. */ 1398 for (i = 0; i < 10; i++) { 1399 char *curr = &ptr[i * page_size]; 1400 1401 ASSERT_FALSE(try_read_write_buf(curr)); 1402 } 1403 1404 /* Cleanup. */ 1405 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1406 } 1407 1408 /* Ensure that MADV_POPULATE_READ, MADV_POPULATE_WRITE behave as expected. */ 1409 TEST_F(guard_regions, populate) 1410 { 1411 const unsigned long page_size = self->page_size; 1412 char *ptr; 1413 1414 /* Map 10 pages. */ 1415 ptr = mmap_(self, variant, NULL, 10 * page_size, 1416 PROT_READ | PROT_WRITE, 0, 0); 1417 ASSERT_NE(ptr, MAP_FAILED); 1418 1419 /* Guard range. */ 1420 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0); 1421 1422 /* Populate read should error out... */ 1423 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_POPULATE_READ), -1); 1424 ASSERT_EQ(errno, EFAULT); 1425 1426 /* ...as should populate write. */ 1427 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_POPULATE_WRITE), -1); 1428 ASSERT_EQ(errno, EFAULT); 1429 1430 /* Cleanup. */ 1431 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1432 } 1433 1434 /* Ensure that MADV_COLD, MADV_PAGEOUT do not remove guard markers. */ 1435 TEST_F(guard_regions, cold_pageout) 1436 { 1437 const unsigned long page_size = self->page_size; 1438 char *ptr; 1439 int i; 1440 1441 /* Map 10 pages. */ 1442 ptr = mmap_(self, variant, NULL, 10 * page_size, 1443 PROT_READ | PROT_WRITE, 0, 0); 1444 ASSERT_NE(ptr, MAP_FAILED); 1445 1446 /* Guard range. */ 1447 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0); 1448 1449 /* Ensured guarded. */ 1450 for (i = 0; i < 10; i++) { 1451 char *curr = &ptr[i * page_size]; 1452 1453 ASSERT_FALSE(try_read_write_buf(curr)); 1454 } 1455 1456 /* Now mark cold. This should have no impact on guard markers. */ 1457 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_COLD), 0); 1458 1459 /* Should remain guarded. */ 1460 for (i = 0; i < 10; i++) { 1461 char *curr = &ptr[i * page_size]; 1462 1463 ASSERT_FALSE(try_read_write_buf(curr)); 1464 } 1465 1466 /* OK, now page out. This should equally, have no effect on markers. */ 1467 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_PAGEOUT), 0); 1468 1469 /* Should remain guarded. */ 1470 for (i = 0; i < 10; i++) { 1471 char *curr = &ptr[i * page_size]; 1472 1473 ASSERT_FALSE(try_read_write_buf(curr)); 1474 } 1475 1476 /* Cleanup. */ 1477 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1478 } 1479 1480 /* Ensure that guard pages do not break userfaultd. */ 1481 TEST_F(guard_regions, uffd) 1482 { 1483 const unsigned long page_size = self->page_size; 1484 int uffd; 1485 char *ptr; 1486 int i; 1487 struct uffdio_api api = { 1488 .api = UFFD_API, 1489 .features = 0, 1490 }; 1491 struct uffdio_register reg; 1492 struct uffdio_range range; 1493 1494 if (!is_anon_backed(variant)) 1495 SKIP(return, "uffd only works on anon backing"); 1496 1497 /* Set up uffd. */ 1498 uffd = userfaultfd(0); 1499 if (uffd == -1) { 1500 switch (errno) { 1501 case EPERM: 1502 SKIP(return, "No userfaultfd permissions, try running as root."); 1503 break; 1504 case ENOSYS: 1505 SKIP(return, "userfaultfd is not supported/not enabled."); 1506 break; 1507 default: 1508 ksft_exit_fail_msg("userfaultfd failed with %s\n", 1509 strerror(errno)); 1510 break; 1511 } 1512 } 1513 1514 ASSERT_NE(uffd, -1); 1515 1516 ASSERT_EQ(ioctl(uffd, UFFDIO_API, &api), 0); 1517 1518 /* Map 10 pages. */ 1519 ptr = mmap_(self, variant, NULL, 10 * page_size, 1520 PROT_READ | PROT_WRITE, 0, 0); 1521 ASSERT_NE(ptr, MAP_FAILED); 1522 1523 /* Register the range with uffd. */ 1524 range.start = (unsigned long)ptr; 1525 range.len = 10 * page_size; 1526 reg.range = range; 1527 reg.mode = UFFDIO_REGISTER_MODE_MISSING; 1528 ASSERT_EQ(ioctl(uffd, UFFDIO_REGISTER, ®), 0); 1529 1530 /* Guard the range. This should not trigger the uffd. */ 1531 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0); 1532 1533 /* The guarding should behave as usual with no uffd intervention. */ 1534 for (i = 0; i < 10; i++) { 1535 char *curr = &ptr[i * page_size]; 1536 1537 ASSERT_FALSE(try_read_write_buf(curr)); 1538 } 1539 1540 /* Cleanup. */ 1541 ASSERT_EQ(ioctl(uffd, UFFDIO_UNREGISTER, &range), 0); 1542 close(uffd); 1543 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1544 } 1545 1546 /* 1547 * Mark a region within a file-backed mapping using MADV_SEQUENTIAL so we 1548 * aggressively read-ahead, then install guard regions and assert that it 1549 * behaves correctly. 1550 * 1551 * We page out using MADV_PAGEOUT before checking guard regions so we drop page 1552 * cache folios, meaning we maximise the possibility of some broken readahead. 1553 */ 1554 TEST_F(guard_regions, madvise_sequential) 1555 { 1556 char *ptr; 1557 int i; 1558 const unsigned long page_size = self->page_size; 1559 1560 if (variant->backing == ANON_BACKED) 1561 SKIP(return, "MADV_SEQUENTIAL meaningful only for file-backed"); 1562 1563 ptr = mmap_(self, variant, NULL, 10 * page_size, 1564 PROT_READ | PROT_WRITE, 0, 0); 1565 ASSERT_NE(ptr, MAP_FAILED); 1566 1567 /* Establish a pattern of data in the file. */ 1568 set_pattern(ptr, 10, page_size); 1569 ASSERT_TRUE(check_pattern(ptr, 10, page_size)); 1570 1571 /* Mark it as being accessed sequentially. */ 1572 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_SEQUENTIAL), 0); 1573 1574 /* Mark every other page a guard page. */ 1575 for (i = 0; i < 10; i += 2) { 1576 char *ptr2 = &ptr[i * page_size]; 1577 1578 ASSERT_EQ(madvise(ptr2, page_size, MADV_GUARD_INSTALL), 0); 1579 } 1580 1581 /* Now page it out. */ 1582 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_PAGEOUT), 0); 1583 1584 /* Now make sure pages are as expected. */ 1585 for (i = 0; i < 10; i++) { 1586 char *chrp = &ptr[i * page_size]; 1587 1588 if (i % 2 == 0) { 1589 bool result = try_read_write_buf(chrp); 1590 1591 ASSERT_FALSE(result); 1592 } else { 1593 ASSERT_EQ(*chrp, 'a' + i); 1594 } 1595 } 1596 1597 /* Now remove guard pages. */ 1598 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0); 1599 1600 /* Now make sure all data is as expected. */ 1601 if (!check_pattern(ptr, 10, page_size)) 1602 ASSERT_TRUE(false); 1603 1604 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1605 } 1606 1607 /* 1608 * Check that file-backed mappings implement guard regions with MAP_PRIVATE 1609 * correctly. 1610 */ 1611 TEST_F(guard_regions, map_private) 1612 { 1613 const unsigned long page_size = self->page_size; 1614 char *ptr_shared, *ptr_private; 1615 int i; 1616 1617 if (variant->backing == ANON_BACKED) 1618 SKIP(return, "MAP_PRIVATE test specific to file-backed"); 1619 1620 ptr_shared = mmap_(self, variant, NULL, 10 * page_size, PROT_READ | PROT_WRITE, 0, 0); 1621 ASSERT_NE(ptr_shared, MAP_FAILED); 1622 1623 /* Manually mmap(), do not use mmap_() wrapper so we can force MAP_PRIVATE. */ 1624 ptr_private = mmap(NULL, 10 * page_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, self->fd, 0); 1625 ASSERT_NE(ptr_private, MAP_FAILED); 1626 1627 /* Set pattern in shared mapping. */ 1628 set_pattern(ptr_shared, 10, page_size); 1629 1630 /* Install guard regions in every other page in the shared mapping. */ 1631 for (i = 0; i < 10; i += 2) { 1632 char *ptr = &ptr_shared[i * page_size]; 1633 1634 ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0); 1635 } 1636 1637 for (i = 0; i < 10; i++) { 1638 /* Every even shared page should be guarded. */ 1639 ASSERT_EQ(try_read_buf(&ptr_shared[i * page_size]), i % 2 != 0); 1640 /* Private mappings should always be readable. */ 1641 ASSERT_TRUE(try_read_buf(&ptr_private[i * page_size])); 1642 } 1643 1644 /* Install guard regions in every other page in the private mapping. */ 1645 for (i = 0; i < 10; i += 2) { 1646 char *ptr = &ptr_private[i * page_size]; 1647 1648 ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0); 1649 } 1650 1651 for (i = 0; i < 10; i++) { 1652 /* Every even shared page should be guarded. */ 1653 ASSERT_EQ(try_read_buf(&ptr_shared[i * page_size]), i % 2 != 0); 1654 /* Every odd private page should be guarded. */ 1655 ASSERT_EQ(try_read_buf(&ptr_private[i * page_size]), i % 2 != 0); 1656 } 1657 1658 /* Remove guard regions from shared mapping. */ 1659 ASSERT_EQ(madvise(ptr_shared, 10 * page_size, MADV_GUARD_REMOVE), 0); 1660 1661 for (i = 0; i < 10; i++) { 1662 /* Shared mappings should always be readable. */ 1663 ASSERT_TRUE(try_read_buf(&ptr_shared[i * page_size])); 1664 /* Every even private page should be guarded. */ 1665 ASSERT_EQ(try_read_buf(&ptr_private[i * page_size]), i % 2 != 0); 1666 } 1667 1668 /* Remove guard regions from private mapping. */ 1669 ASSERT_EQ(madvise(ptr_private, 10 * page_size, MADV_GUARD_REMOVE), 0); 1670 1671 for (i = 0; i < 10; i++) { 1672 /* Shared mappings should always be readable. */ 1673 ASSERT_TRUE(try_read_buf(&ptr_shared[i * page_size])); 1674 /* Private mappings should always be readable. */ 1675 ASSERT_TRUE(try_read_buf(&ptr_private[i * page_size])); 1676 } 1677 1678 /* Ensure patterns are intact. */ 1679 ASSERT_TRUE(check_pattern(ptr_shared, 10, page_size)); 1680 ASSERT_TRUE(check_pattern(ptr_private, 10, page_size)); 1681 1682 /* Now write out every other page to MAP_PRIVATE. */ 1683 for (i = 0; i < 10; i += 2) { 1684 char *ptr = &ptr_private[i * page_size]; 1685 1686 memset(ptr, 'a' + i, page_size); 1687 } 1688 1689 /* 1690 * At this point the mapping is: 1691 * 1692 * 0123456789 1693 * SPSPSPSPSP 1694 * 1695 * Where S = shared, P = private mappings. 1696 */ 1697 1698 /* Now mark the beginning of the mapping guarded. */ 1699 ASSERT_EQ(madvise(ptr_private, 5 * page_size, MADV_GUARD_INSTALL), 0); 1700 1701 /* 1702 * This renders the mapping: 1703 * 1704 * 0123456789 1705 * xxxxxPSPSP 1706 */ 1707 1708 for (i = 0; i < 10; i++) { 1709 char *ptr = &ptr_private[i * page_size]; 1710 1711 /* Ensure guard regions as expected. */ 1712 ASSERT_EQ(try_read_buf(ptr), i >= 5); 1713 /* The shared mapping should always succeed. */ 1714 ASSERT_TRUE(try_read_buf(&ptr_shared[i * page_size])); 1715 } 1716 1717 /* Remove the guard regions altogether. */ 1718 ASSERT_EQ(madvise(ptr_private, 10 * page_size, MADV_GUARD_REMOVE), 0); 1719 1720 /* 1721 * 1722 * We now expect the mapping to be: 1723 * 1724 * 0123456789 1725 * SSSSSPSPSP 1726 * 1727 * As we removed guard regions, the private pages from the first 5 will 1728 * have been zapped, so on fault will reestablish the shared mapping. 1729 */ 1730 1731 for (i = 0; i < 10; i++) { 1732 char *ptr = &ptr_private[i * page_size]; 1733 1734 /* 1735 * Assert that shared mappings in the MAP_PRIVATE mapping match 1736 * the shared mapping. 1737 */ 1738 if (i < 5 || i % 2 == 0) { 1739 char *ptr_s = &ptr_shared[i * page_size]; 1740 1741 ASSERT_EQ(memcmp(ptr, ptr_s, page_size), 0); 1742 continue; 1743 } 1744 1745 /* Everything else is a private mapping. */ 1746 ASSERT_TRUE(is_buf_eq(ptr, page_size, 'a' + i)); 1747 } 1748 1749 ASSERT_EQ(munmap(ptr_shared, 10 * page_size), 0); 1750 ASSERT_EQ(munmap(ptr_private, 10 * page_size), 0); 1751 } 1752 1753 /* Test that guard regions established over a read-only mapping function correctly. */ 1754 TEST_F(guard_regions, readonly_file) 1755 { 1756 const unsigned long page_size = self->page_size; 1757 char *ptr; 1758 int i; 1759 1760 if (variant->backing != LOCAL_FILE_BACKED) 1761 SKIP(return, "Read-only test specific to file-backed"); 1762 1763 /* Map shared so we can populate with pattern, populate it, unmap. */ 1764 ptr = mmap_(self, variant, NULL, 10 * page_size, 1765 PROT_READ | PROT_WRITE, 0, 0); 1766 ASSERT_NE(ptr, MAP_FAILED); 1767 set_pattern(ptr, 10, page_size); 1768 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1769 /* Close the fd so we can re-open read-only. */ 1770 ASSERT_EQ(close(self->fd), 0); 1771 1772 /* Re-open read-only. */ 1773 self->fd = open(self->path, O_RDONLY); 1774 ASSERT_NE(self->fd, -1); 1775 /* Re-map read-only. */ 1776 ptr = mmap_(self, variant, NULL, 10 * page_size, PROT_READ, 0, 0); 1777 ASSERT_NE(ptr, MAP_FAILED); 1778 1779 /* Mark every other page guarded. */ 1780 for (i = 0; i < 10; i += 2) { 1781 char *ptr_pg = &ptr[i * page_size]; 1782 1783 ASSERT_EQ(madvise(ptr_pg, page_size, MADV_GUARD_INSTALL), 0); 1784 } 1785 1786 /* Assert that the guard regions are in place.*/ 1787 for (i = 0; i < 10; i++) { 1788 char *ptr_pg = &ptr[i * page_size]; 1789 1790 ASSERT_EQ(try_read_buf(ptr_pg), i % 2 != 0); 1791 } 1792 1793 /* Remove guard regions. */ 1794 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0); 1795 1796 /* Ensure the data is as expected. */ 1797 ASSERT_TRUE(check_pattern(ptr, 10, page_size)); 1798 1799 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1800 } 1801 1802 TEST_F(guard_regions, fault_around) 1803 { 1804 const unsigned long page_size = self->page_size; 1805 char *ptr; 1806 int i; 1807 1808 if (variant->backing == ANON_BACKED) 1809 SKIP(return, "Fault-around test specific to file-backed"); 1810 1811 ptr = mmap_(self, variant, NULL, 10 * page_size, 1812 PROT_READ | PROT_WRITE, 0, 0); 1813 ASSERT_NE(ptr, MAP_FAILED); 1814 1815 /* Establish a pattern in the backing file. */ 1816 set_pattern(ptr, 10, page_size); 1817 1818 /* 1819 * Now drop it from the page cache so we get major faults when next we 1820 * map it. 1821 */ 1822 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_PAGEOUT), 0); 1823 1824 /* Unmap and remap 'to be sure'. */ 1825 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1826 ptr = mmap_(self, variant, NULL, 10 * page_size, 1827 PROT_READ | PROT_WRITE, 0, 0); 1828 ASSERT_NE(ptr, MAP_FAILED); 1829 1830 /* Now make every even page guarded. */ 1831 for (i = 0; i < 10; i += 2) { 1832 char *ptr_p = &ptr[i * page_size]; 1833 1834 ASSERT_EQ(madvise(ptr_p, page_size, MADV_GUARD_INSTALL), 0); 1835 } 1836 1837 /* Now fault in every odd page. This should trigger fault-around. */ 1838 for (i = 1; i < 10; i += 2) { 1839 char *ptr_p = &ptr[i * page_size]; 1840 1841 ASSERT_TRUE(try_read_buf(ptr_p)); 1842 } 1843 1844 /* Finally, ensure that guard regions are intact as expected. */ 1845 for (i = 0; i < 10; i++) { 1846 char *ptr_p = &ptr[i * page_size]; 1847 1848 ASSERT_EQ(try_read_buf(ptr_p), i % 2 != 0); 1849 } 1850 1851 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1852 } 1853 1854 TEST_F(guard_regions, truncation) 1855 { 1856 const unsigned long page_size = self->page_size; 1857 char *ptr; 1858 int i; 1859 1860 if (variant->backing == ANON_BACKED) 1861 SKIP(return, "Truncation test specific to file-backed"); 1862 1863 ptr = mmap_(self, variant, NULL, 10 * page_size, 1864 PROT_READ | PROT_WRITE, 0, 0); 1865 ASSERT_NE(ptr, MAP_FAILED); 1866 1867 /* 1868 * Establish a pattern in the backing file, just so there is data 1869 * there. 1870 */ 1871 set_pattern(ptr, 10, page_size); 1872 1873 /* Now make every even page guarded. */ 1874 for (i = 0; i < 10; i += 2) { 1875 char *ptr_p = &ptr[i * page_size]; 1876 1877 ASSERT_EQ(madvise(ptr_p, page_size, MADV_GUARD_INSTALL), 0); 1878 } 1879 1880 /* Now assert things are as expected. */ 1881 for (i = 0; i < 10; i++) { 1882 char *ptr_p = &ptr[i * page_size]; 1883 1884 ASSERT_EQ(try_read_write_buf(ptr_p), i % 2 != 0); 1885 } 1886 1887 /* Now truncate to actually used size (initialised to 100). */ 1888 ASSERT_EQ(ftruncate(self->fd, 10 * page_size), 0); 1889 1890 /* Here the guard regions will remain intact. */ 1891 for (i = 0; i < 10; i++) { 1892 char *ptr_p = &ptr[i * page_size]; 1893 1894 ASSERT_EQ(try_read_write_buf(ptr_p), i % 2 != 0); 1895 } 1896 1897 /* Now truncate to half the size, then truncate again to the full size. */ 1898 ASSERT_EQ(ftruncate(self->fd, 5 * page_size), 0); 1899 ASSERT_EQ(ftruncate(self->fd, 10 * page_size), 0); 1900 1901 /* Again, guard pages will remain intact. */ 1902 for (i = 0; i < 10; i++) { 1903 char *ptr_p = &ptr[i * page_size]; 1904 1905 ASSERT_EQ(try_read_write_buf(ptr_p), i % 2 != 0); 1906 } 1907 1908 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1909 } 1910 1911 TEST_F(guard_regions, hole_punch) 1912 { 1913 const unsigned long page_size = self->page_size; 1914 char *ptr; 1915 int i; 1916 1917 if (variant->backing == ANON_BACKED) 1918 SKIP(return, "Truncation test specific to file-backed"); 1919 1920 /* Establish pattern in mapping. */ 1921 ptr = mmap_(self, variant, NULL, 10 * page_size, 1922 PROT_READ | PROT_WRITE, 0, 0); 1923 ASSERT_NE(ptr, MAP_FAILED); 1924 set_pattern(ptr, 10, page_size); 1925 1926 /* Install a guard region in the middle of the mapping. */ 1927 ASSERT_EQ(madvise(&ptr[3 * page_size], 4 * page_size, 1928 MADV_GUARD_INSTALL), 0); 1929 1930 /* 1931 * The buffer will now be: 1932 * 1933 * 0123456789 1934 * ***xxxx*** 1935 * 1936 * Where * is data and x is the guard region. 1937 */ 1938 1939 /* Ensure established. */ 1940 for (i = 0; i < 10; i++) { 1941 char *ptr_p = &ptr[i * page_size]; 1942 1943 ASSERT_EQ(try_read_buf(ptr_p), i < 3 || i >= 7); 1944 } 1945 1946 /* Now hole punch the guarded region. */ 1947 ASSERT_EQ(madvise(&ptr[3 * page_size], 4 * page_size, 1948 MADV_REMOVE), 0); 1949 1950 /* Ensure guard regions remain. */ 1951 for (i = 0; i < 10; i++) { 1952 char *ptr_p = &ptr[i * page_size]; 1953 1954 ASSERT_EQ(try_read_buf(ptr_p), i < 3 || i >= 7); 1955 } 1956 1957 /* Now remove guard region throughout. */ 1958 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0); 1959 1960 /* Check that the pattern exists in non-hole punched region. */ 1961 ASSERT_TRUE(check_pattern(ptr, 3, page_size)); 1962 /* Check that hole punched region is zeroed. */ 1963 ASSERT_TRUE(is_buf_eq(&ptr[3 * page_size], 4 * page_size, '\0')); 1964 /* Check that the pattern exists in the remainder of the file. */ 1965 ASSERT_TRUE(check_pattern_offset(ptr, 3, page_size, 7)); 1966 1967 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1968 } 1969 1970 /* 1971 * Ensure that a memfd works correctly with guard regions, that we can write 1972 * seal it then open the mapping read-only and still establish guard regions 1973 * within, remove those guard regions and have everything work correctly. 1974 */ 1975 TEST_F(guard_regions, memfd_write_seal) 1976 { 1977 const unsigned long page_size = self->page_size; 1978 char *ptr; 1979 int i; 1980 1981 if (variant->backing != SHMEM_BACKED) 1982 SKIP(return, "memfd write seal test specific to shmem"); 1983 1984 /* OK, we need a memfd, so close existing one. */ 1985 ASSERT_EQ(close(self->fd), 0); 1986 1987 /* Create and truncate memfd. */ 1988 self->fd = memfd_create("guard_regions_memfd_seals_test", 1989 MFD_ALLOW_SEALING); 1990 ASSERT_NE(self->fd, -1); 1991 ASSERT_EQ(ftruncate(self->fd, 10 * page_size), 0); 1992 1993 /* Map, set pattern, unmap. */ 1994 ptr = mmap_(self, variant, NULL, 10 * page_size, PROT_READ | PROT_WRITE, 0, 0); 1995 ASSERT_NE(ptr, MAP_FAILED); 1996 set_pattern(ptr, 10, page_size); 1997 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 1998 1999 /* Write-seal the memfd. */ 2000 ASSERT_EQ(fcntl(self->fd, F_ADD_SEALS, F_SEAL_WRITE), 0); 2001 2002 /* Now map the memfd readonly. */ 2003 ptr = mmap_(self, variant, NULL, 10 * page_size, PROT_READ, 0, 0); 2004 ASSERT_NE(ptr, MAP_FAILED); 2005 2006 /* Ensure pattern is as expected. */ 2007 ASSERT_TRUE(check_pattern(ptr, 10, page_size)); 2008 2009 /* Now make every even page guarded. */ 2010 for (i = 0; i < 10; i += 2) { 2011 char *ptr_p = &ptr[i * page_size]; 2012 2013 ASSERT_EQ(madvise(ptr_p, page_size, MADV_GUARD_INSTALL), 0); 2014 } 2015 2016 /* Now assert things are as expected. */ 2017 for (i = 0; i < 10; i++) { 2018 char *ptr_p = &ptr[i * page_size]; 2019 2020 ASSERT_EQ(try_read_buf(ptr_p), i % 2 != 0); 2021 } 2022 2023 /* Now remove guard regions. */ 2024 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0); 2025 2026 /* Ensure pattern is as expected. */ 2027 ASSERT_TRUE(check_pattern(ptr, 10, page_size)); 2028 2029 /* Ensure write seal intact. */ 2030 for (i = 0; i < 10; i++) { 2031 char *ptr_p = &ptr[i * page_size]; 2032 2033 ASSERT_FALSE(try_write_buf(ptr_p)); 2034 } 2035 2036 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 2037 } 2038 2039 2040 /* 2041 * Since we are now permitted to establish guard regions in read-only anonymous 2042 * mappings, for the sake of thoroughness, though it probably has no practical 2043 * use, test that guard regions function with a mapping to the anonymous zero 2044 * page. 2045 */ 2046 TEST_F(guard_regions, anon_zeropage) 2047 { 2048 const unsigned long page_size = self->page_size; 2049 char *ptr; 2050 int i; 2051 2052 if (!is_anon_backed(variant)) 2053 SKIP(return, "anon zero page test specific to anon/shmem"); 2054 2055 /* Obtain a read-only i.e. anon zero page mapping. */ 2056 ptr = mmap_(self, variant, NULL, 10 * page_size, PROT_READ, 0, 0); 2057 ASSERT_NE(ptr, MAP_FAILED); 2058 2059 /* Now make every even page guarded. */ 2060 for (i = 0; i < 10; i += 2) { 2061 char *ptr_p = &ptr[i * page_size]; 2062 2063 ASSERT_EQ(madvise(ptr_p, page_size, MADV_GUARD_INSTALL), 0); 2064 } 2065 2066 /* Now assert things are as expected. */ 2067 for (i = 0; i < 10; i++) { 2068 char *ptr_p = &ptr[i * page_size]; 2069 2070 ASSERT_EQ(try_read_buf(ptr_p), i % 2 != 0); 2071 } 2072 2073 /* Now remove all guard regions. */ 2074 ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0); 2075 2076 /* Now assert things are as expected. */ 2077 for (i = 0; i < 10; i++) { 2078 char *ptr_p = &ptr[i * page_size]; 2079 2080 ASSERT_TRUE(try_read_buf(ptr_p)); 2081 } 2082 2083 /* Ensure zero page...*/ 2084 ASSERT_TRUE(is_buf_eq(ptr, 10 * page_size, '\0')); 2085 2086 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 2087 } 2088 2089 /* 2090 * Assert that /proc/$pid/pagemap correctly identifies guard region ranges. 2091 */ 2092 TEST_F(guard_regions, pagemap) 2093 { 2094 const unsigned long page_size = self->page_size; 2095 int proc_fd; 2096 char *ptr; 2097 int i; 2098 2099 proc_fd = open("/proc/self/pagemap", O_RDONLY); 2100 ASSERT_NE(proc_fd, -1); 2101 2102 ptr = mmap_(self, variant, NULL, 10 * page_size, 2103 PROT_READ | PROT_WRITE, 0, 0); 2104 ASSERT_NE(ptr, MAP_FAILED); 2105 2106 /* Read from pagemap, and assert no guard regions are detected. */ 2107 for (i = 0; i < 10; i++) { 2108 char *ptr_p = &ptr[i * page_size]; 2109 unsigned long entry = pagemap_get_entry(proc_fd, ptr_p); 2110 unsigned long masked = entry & PM_GUARD_REGION; 2111 2112 ASSERT_EQ(masked, 0); 2113 } 2114 2115 /* Install a guard region in every other page. */ 2116 for (i = 0; i < 10; i += 2) { 2117 char *ptr_p = &ptr[i * page_size]; 2118 2119 ASSERT_EQ(madvise(ptr_p, page_size, MADV_GUARD_INSTALL), 0); 2120 } 2121 2122 /* Re-read from pagemap, and assert guard regions are detected. */ 2123 for (i = 0; i < 10; i++) { 2124 char *ptr_p = &ptr[i * page_size]; 2125 unsigned long entry = pagemap_get_entry(proc_fd, ptr_p); 2126 unsigned long masked = entry & PM_GUARD_REGION; 2127 2128 ASSERT_EQ(masked, i % 2 == 0 ? PM_GUARD_REGION : 0); 2129 } 2130 2131 ASSERT_EQ(close(proc_fd), 0); 2132 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 2133 } 2134 2135 /* 2136 * Assert that PAGEMAP_SCAN correctly reports guard region ranges. 2137 */ 2138 TEST_F(guard_regions, pagemap_scan) 2139 { 2140 const unsigned long page_size = self->page_size; 2141 struct page_region pm_regs[10]; 2142 struct pm_scan_arg pm_scan_args = { 2143 .size = sizeof(struct pm_scan_arg), 2144 .category_anyof_mask = PAGE_IS_GUARD, 2145 .return_mask = PAGE_IS_GUARD, 2146 .vec = (long)&pm_regs, 2147 .vec_len = ARRAY_SIZE(pm_regs), 2148 }; 2149 int proc_fd, i; 2150 char *ptr; 2151 2152 proc_fd = open("/proc/self/pagemap", O_RDONLY); 2153 ASSERT_NE(proc_fd, -1); 2154 2155 ptr = mmap_(self, variant, NULL, 10 * page_size, 2156 PROT_READ | PROT_WRITE, 0, 0); 2157 ASSERT_NE(ptr, MAP_FAILED); 2158 2159 pm_scan_args.start = (long)ptr; 2160 pm_scan_args.end = (long)ptr + 10 * page_size; 2161 ASSERT_EQ(ioctl(proc_fd, PAGEMAP_SCAN, &pm_scan_args), 0); 2162 ASSERT_EQ(pm_scan_args.walk_end, (long)ptr + 10 * page_size); 2163 2164 /* Install a guard region in every other page. */ 2165 for (i = 0; i < 10; i += 2) { 2166 char *ptr_p = &ptr[i * page_size]; 2167 2168 ASSERT_EQ(syscall(__NR_madvise, ptr_p, page_size, MADV_GUARD_INSTALL), 0); 2169 } 2170 2171 /* 2172 * Assert ioctl() returns the count of located regions, where each 2173 * region spans every other page within the range of 10 pages. 2174 */ 2175 ASSERT_EQ(ioctl(proc_fd, PAGEMAP_SCAN, &pm_scan_args), 5); 2176 ASSERT_EQ(pm_scan_args.walk_end, (long)ptr + 10 * page_size); 2177 2178 /* Re-read from pagemap, and assert guard regions are detected. */ 2179 for (i = 0; i < 5; i++) { 2180 long ptr_p = (long)&ptr[2 * i * page_size]; 2181 2182 ASSERT_EQ(pm_regs[i].start, ptr_p); 2183 ASSERT_EQ(pm_regs[i].end, ptr_p + page_size); 2184 ASSERT_EQ(pm_regs[i].categories, PAGE_IS_GUARD); 2185 } 2186 2187 ASSERT_EQ(close(proc_fd), 0); 2188 ASSERT_EQ(munmap(ptr, 10 * page_size), 0); 2189 } 2190 2191 TEST_F(guard_regions, collapse) 2192 { 2193 const unsigned long page_size = self->page_size; 2194 const unsigned long size = 2 * HPAGE_SIZE; 2195 const unsigned long num_pages = size / page_size; 2196 char *ptr; 2197 int i; 2198 2199 if (!thp_available()) 2200 SKIP(return, "Transparent Hugepages not available\n"); 2201 2202 /* Need file to be correct size for tests for non-anon. */ 2203 if (variant->backing != ANON_BACKED) 2204 ASSERT_EQ(ftruncate(self->fd, size), 0); 2205 2206 /* 2207 * We must close and re-open local-file backed as read-only for 2208 * CONFIG_READ_ONLY_THP_FOR_FS to work. 2209 */ 2210 if (variant->backing == LOCAL_FILE_BACKED) { 2211 ASSERT_EQ(close(self->fd), 0); 2212 2213 self->fd = open(self->path, O_RDONLY); 2214 ASSERT_GE(self->fd, 0); 2215 } 2216 2217 ptr = mmap_(self, variant, NULL, size, PROT_READ, 0, 0); 2218 ASSERT_NE(ptr, MAP_FAILED); 2219 2220 /* Prevent being faulted-in as huge. */ 2221 ASSERT_EQ(madvise(ptr, size, MADV_NOHUGEPAGE), 0); 2222 /* Fault in. */ 2223 ASSERT_EQ(madvise(ptr, size, MADV_POPULATE_READ), 0); 2224 2225 /* Install guard regions in ever other page. */ 2226 for (i = 0; i < num_pages; i += 2) { 2227 char *ptr_page = &ptr[i * page_size]; 2228 2229 ASSERT_EQ(madvise(ptr_page, page_size, MADV_GUARD_INSTALL), 0); 2230 /* Accesses should now fail. */ 2231 ASSERT_FALSE(try_read_buf(ptr_page)); 2232 } 2233 2234 /* Allow huge page throughout region. */ 2235 ASSERT_EQ(madvise(ptr, size, MADV_HUGEPAGE), 0); 2236 2237 /* 2238 * Now collapse the entire region. This should fail in all cases. 2239 * 2240 * The madvise() call will also fail if CONFIG_READ_ONLY_THP_FOR_FS is 2241 * not set for the local file case, but we can't differentiate whether 2242 * this occurred or if the collapse was rightly rejected. 2243 */ 2244 EXPECT_NE(madvise(ptr, size, MADV_COLLAPSE), 0); 2245 2246 /* 2247 * If we introduce a bug that causes the collapse to succeed, gather 2248 * data on whether guard regions are at least preserved. The test will 2249 * fail at this point in any case. 2250 */ 2251 for (i = 0; i < num_pages; i += 2) { 2252 char *ptr_page = &ptr[i * page_size]; 2253 2254 /* Accesses should still fail. */ 2255 ASSERT_FALSE(try_read_buf(ptr_page)); 2256 } 2257 } 2258 2259 TEST_F(guard_regions, smaps) 2260 { 2261 const unsigned long page_size = self->page_size; 2262 struct procmap_fd procmap; 2263 char *ptr, *ptr2; 2264 int i; 2265 2266 /* Map a region. */ 2267 ptr = mmap_(self, variant, NULL, 10 * page_size, PROT_READ | PROT_WRITE, 0, 0); 2268 ASSERT_NE(ptr, MAP_FAILED); 2269 2270 /* We shouldn't yet see a guard flag. */ 2271 ASSERT_FALSE(check_vmflag_guard(ptr)); 2272 2273 /* Install a single guard region. */ 2274 ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0); 2275 2276 /* Now we should see a guard flag. */ 2277 ASSERT_TRUE(check_vmflag_guard(ptr)); 2278 2279 /* 2280 * Removing the guard region should not change things because we simply 2281 * cannot accurately track whether a given VMA has had all of its guard 2282 * regions removed. 2283 */ 2284 ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_REMOVE), 0); 2285 ASSERT_TRUE(check_vmflag_guard(ptr)); 2286 2287 /* Install guard regions throughout. */ 2288 for (i = 0; i < 10; i++) { 2289 ASSERT_EQ(madvise(&ptr[i * page_size], page_size, MADV_GUARD_INSTALL), 0); 2290 /* We should always see the guard region flag. */ 2291 ASSERT_TRUE(check_vmflag_guard(ptr)); 2292 } 2293 2294 /* Split into two VMAs. */ 2295 ASSERT_EQ(munmap(&ptr[4 * page_size], page_size), 0); 2296 2297 /* Both VMAs should have the guard flag set. */ 2298 ASSERT_TRUE(check_vmflag_guard(ptr)); 2299 ASSERT_TRUE(check_vmflag_guard(&ptr[5 * page_size])); 2300 2301 /* 2302 * If the local file system is unable to merge VMAs due to having 2303 * unusual characteristics, there is no point in asserting merge 2304 * behaviour. 2305 */ 2306 if (!local_fs_has_sane_mmap(self, variant)) { 2307 TH_LOG("local filesystem does not support sane merging skipping merge test"); 2308 return; 2309 } 2310 2311 /* Map a fresh VMA between the two split VMAs. */ 2312 ptr2 = mmap_(self, variant, &ptr[4 * page_size], page_size, 2313 PROT_READ | PROT_WRITE, MAP_FIXED, 4 * page_size); 2314 ASSERT_NE(ptr2, MAP_FAILED); 2315 2316 /* 2317 * Check the procmap to ensure that this VMA merged with the adjacent 2318 * two. The guard region flag is 'sticky' so should not preclude 2319 * merging. 2320 */ 2321 ASSERT_EQ(open_self_procmap(&procmap), 0); 2322 ASSERT_TRUE(find_vma_procmap(&procmap, ptr)); 2323 ASSERT_EQ(procmap.query.vma_start, (unsigned long)ptr); 2324 ASSERT_EQ(procmap.query.vma_end, (unsigned long)ptr + 10 * page_size); 2325 ASSERT_EQ(close_procmap(&procmap), 0); 2326 /* And, of course, this VMA should have the guard flag set. */ 2327 ASSERT_TRUE(check_vmflag_guard(ptr)); 2328 } 2329 2330 TEST_HARNESS_MAIN 2331