1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2019 Mark Johnston <markj@FreeBSD.org>
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are
8 * met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28 #include <sys/cdefs.h>
29 #include <sys/mman.h>
30 #include <sys/ptrace.h>
31 #include <sys/resource.h>
32 #include <sys/wait.h>
33
34 #include <errno.h>
35 #include <fcntl.h>
36 #include <signal.h>
37 #include <stdatomic.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <string.h>
41 #include <unistd.h>
42
43 #include <atf-c.h>
44
45 static void
test_wired_copy_on_write(void * addr,size_t len)46 test_wired_copy_on_write(void *addr, size_t len)
47 {
48 int status, val;
49 pid_t pid;
50
51 pid = fork();
52 if (pid == -1)
53 atf_tc_fail("fork() failed: %s", strerror(errno));
54 if (pid == 0) {
55 if (mlock(addr, len) != 0)
56 _exit(1);
57 if (ptrace(PT_TRACE_ME, 0, NULL, 0) != 0)
58 _exit(2);
59 if (raise(SIGSTOP) != 0)
60 _exit(3);
61 if (munlock(addr, len) != 0)
62 _exit(4);
63 _exit(0);
64 }
65
66 ATF_REQUIRE(waitpid(pid, &status, 0) == pid);
67 ATF_REQUIRE_MSG(!WIFEXITED(status),
68 "child exited with status %d", WEXITSTATUS(status));
69 ATF_REQUIRE(WIFSTOPPED(status));
70 ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
71
72 errno = 0;
73 val = ptrace(PT_READ_D, pid, addr, 0);
74 ATF_REQUIRE(errno == 0);
75 ATF_REQUIRE(ptrace(PT_WRITE_D, pid, addr, val) == 0);
76 ATF_REQUIRE(ptrace(PT_CONTINUE, pid, (caddr_t)1, 0) == 0);
77 ATF_REQUIRE(waitpid(pid, &status, 0) == pid);
78 ATF_REQUIRE(WIFEXITED(status));
79 ATF_REQUIRE_MSG(WEXITSTATUS(status) == 0,
80 "child exited with status %d", WSTOPSIG(status));
81 }
82
83 /*
84 * Use ptrace(2) to trigger a copy-on-write fault of anonymous memory.
85 */
86 ATF_TC_WITHOUT_HEAD(mlock__copy_on_write_anon);
ATF_TC_BODY(mlock__copy_on_write_anon,tc)87 ATF_TC_BODY(mlock__copy_on_write_anon, tc)
88 {
89 char *addr;
90 int len;
91
92 len = getpagesize();
93 addr = mmap(NULL, len, PROT_READ, MAP_ANON, -1, 0);
94 ATF_REQUIRE(addr != MAP_FAILED);
95
96 test_wired_copy_on_write(addr, len);
97 }
98
99 /*
100 * Use ptrace(2) to trigger a copy-on-write fault of a read-only text page.
101 */
102 ATF_TC_WITHOUT_HEAD(mlock__copy_on_write_vnode);
ATF_TC_BODY(mlock__copy_on_write_vnode,tc)103 ATF_TC_BODY(mlock__copy_on_write_vnode, tc)
104 {
105 void *addr;
106 int len;
107
108 len = getpagesize();
109 addr = (void *)((uintptr_t)test_wired_copy_on_write & ~(len - 1));
110
111 test_wired_copy_on_write(addr, len);
112 }
113
114 /*
115 * Try truncating and then resizing an mlock()ed mapping.
116 */
117 ATF_TC_WITHOUT_HEAD(mlock__truncate_and_resize);
ATF_TC_BODY(mlock__truncate_and_resize,tc)118 ATF_TC_BODY(mlock__truncate_and_resize, tc)
119 {
120 char filename[16];
121 char *addr;
122 int fd, i, len;
123
124 snprintf(filename, sizeof(filename), "tmp.XXXXXX");
125 fd = mkstemp(filename);
126 ATF_REQUIRE(fd >= 0);
127 ATF_REQUIRE(unlink(filename) == 0);
128
129 len = getpagesize();
130 ATF_REQUIRE(ftruncate(fd, len) == 0);
131
132 addr = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
133 ATF_REQUIRE(addr != MAP_FAILED);
134 ATF_REQUIRE(mlock(addr, len) == 0);
135 memset(addr, 1, len);
136 ATF_REQUIRE(ftruncate(fd, 0) == 0);
137 ATF_REQUIRE(ftruncate(fd, len) == 0);
138 for (i = 0; i < len; i++)
139 ATF_REQUIRE(addr[i] == 0);
140 ATF_REQUIRE(munlock(addr, len) == 0);
141 }
142
143 /*
144 * Make sure that we can munlock() a truncated mapping.
145 */
146 ATF_TC_WITHOUT_HEAD(mlock__truncate_and_unlock);
ATF_TC_BODY(mlock__truncate_and_unlock,tc)147 ATF_TC_BODY(mlock__truncate_and_unlock, tc)
148 {
149 char filename[16];
150 void *addr;
151 int fd, len;
152
153 snprintf(filename, sizeof(filename), "tmp.XXXXXX");
154 fd = mkstemp(filename);
155 ATF_REQUIRE(fd >= 0);
156 ATF_REQUIRE(unlink(filename) == 0);
157
158 len = getpagesize();
159 ATF_REQUIRE(ftruncate(fd, len) == 0);
160
161 addr = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
162 ATF_REQUIRE(addr != MAP_FAILED);
163 ATF_REQUIRE(mlock(addr, len) == 0);
164 ATF_REQUIRE(ftruncate(fd, 0) == 0);
165 ATF_REQUIRE(munlock(addr, len) == 0);
166 }
167
168 /*
169 * Exercise a corner case involving an interaction between mlock() and superpage
170 * creation: a truncation of the object backing a mapping results in the
171 * truncated region being unmapped by the pmap, but does not affect the logical
172 * mapping. In particular, the truncated region remains mlock()ed. If the
173 * mapping is later extended, a page fault in the formerly truncated region can
174 * result in superpage creation via a call to pmap_enter(psind = 1).
175 */
176 ATF_TC(mlock__superpage_fault);
ATF_TC_HEAD(mlock__superpage_fault,tc)177 ATF_TC_HEAD(mlock__superpage_fault, tc)
178 {
179 atf_tc_set_md_var(tc, "require.user", "root");
180 }
ATF_TC_BODY(mlock__superpage_fault,tc)181 ATF_TC_BODY(mlock__superpage_fault, tc)
182 {
183 struct rlimit rlim;
184 void *addr1, *addr2;
185 size_t len, pagesizes[MAXPAGESIZES];
186 int count, error, shmfd;
187 char vec;
188
189 count = getpagesizes(pagesizes, MAXPAGESIZES);
190 ATF_REQUIRE_MSG(count >= 1,
191 "failed to get page sizes: %s", strerror(errno));
192 if (count == 1)
193 atf_tc_skip("system does not support multiple page sizes");
194 len = pagesizes[1];
195
196 error = getrlimit(RLIMIT_MEMLOCK, &rlim);
197 ATF_REQUIRE_MSG(error == 0, "getrlimit: %s", strerror(errno));
198 rlim.rlim_cur += len;
199 rlim.rlim_max += len;
200 error = setrlimit(RLIMIT_MEMLOCK, &rlim);
201 ATF_REQUIRE_MSG(error == 0, "setrlimit: %s", strerror(errno));
202
203 shmfd = shm_open(SHM_ANON, O_RDWR | O_CREAT, 0600);
204 ATF_REQUIRE_MSG(shmfd >= 0, "shm_open: %s", strerror(errno));
205 error = ftruncate(shmfd, len);
206 ATF_REQUIRE_MSG(error == 0, "ftruncate: %s", strerror(errno));
207
208 addr1 = mmap(NULL, len, PROT_READ | PROT_WRITE,
209 MAP_SHARED | MAP_ALIGNED_SUPER, shmfd, 0);
210 ATF_REQUIRE_MSG(addr1 != MAP_FAILED, "mmap: %s", strerror(errno));
211 ATF_REQUIRE_MSG(((uintptr_t)addr1 & (len - 1)) == 0,
212 "addr %p is misaligned", addr1);
213 addr2 = mmap(NULL, len, PROT_READ,
214 MAP_SHARED | MAP_ALIGNED_SUPER, shmfd, 0);
215 ATF_REQUIRE_MSG(addr2 != MAP_FAILED, "mmap: %s", strerror(errno));
216 ATF_REQUIRE_MSG(((uintptr_t)addr2 & (len - 1)) == 0,
217 "addr %p is misaligned", addr2);
218
219 memset(addr1, 0x42, len);
220 error = mincore(addr1, pagesizes[0], &vec);
221 ATF_REQUIRE_MSG(error == 0, "mincore: %s", strerror(errno));
222 if ((vec & MINCORE_SUPER) == 0)
223 atf_tc_skip("initial superpage promotion failed");
224
225 error = mlock(addr2, len);
226 ATF_REQUIRE_MSG(error == 0, "mlock: %s", strerror(errno));
227 error = mincore(addr2, pagesizes[0], &vec);
228 ATF_REQUIRE_MSG(error == 0, "mincore: %s", strerror(errno));
229 ATF_REQUIRE((vec & MINCORE_SUPER) != 0);
230
231 /*
232 * Free a page back to the superpage reservation, demoting both
233 * mappings.
234 */
235 error = ftruncate(shmfd, len - pagesizes[0]);
236 ATF_REQUIRE_MSG(error == 0, "ftruncate: %s", strerror(errno));
237
238 /*
239 * Extend the mapping back to its original size.
240 */
241 error = ftruncate(shmfd, len);
242 ATF_REQUIRE_MSG(error == 0, "ftruncate: %s", strerror(errno));
243
244 /*
245 * Trigger re-promotion.
246 */
247 error = mincore(addr1, pagesizes[0], &vec);
248 ATF_REQUIRE_MSG(error == 0, "mincore: %s", strerror(errno));
249 ATF_REQUIRE((vec & MINCORE_SUPER) == 0);
250 memset((char *)addr1 + len - pagesizes[0], 0x43, pagesizes[0]);
251 error = mincore(addr1, pagesizes[0], &vec);
252 ATF_REQUIRE_MSG(error == 0, "mincore: %s", strerror(errno));
253 ATF_REQUIRE((vec & MINCORE_SUPER) != 0);
254
255 /*
256 * Trigger a read fault, which should install a superpage mapping
257 * without promotion.
258 */
259 error = mincore(addr2, pagesizes[0], &vec);
260 ATF_REQUIRE_MSG(error == 0, "mincore: %s", strerror(errno));
261 ATF_REQUIRE((vec & MINCORE_SUPER) == 0);
262 (void)atomic_load(
263 (_Atomic int *)(void *)((char *)addr2 + len - pagesizes[0]));
264 error = mincore(addr2, pagesizes[0], &vec);
265 ATF_REQUIRE_MSG(error == 0, "mincore: %s", strerror(errno));
266 ATF_REQUIRE((vec & MINCORE_SUPER) != 0);
267
268 /*
269 * Trigger demotion of the wired mapping.
270 */
271 error = munlock(addr2, pagesizes[0]);
272 ATF_REQUIRE_MSG(error == 0, "munlock: %s", strerror(errno));
273
274 ATF_REQUIRE(close(shmfd) == 0);
275 }
276
ATF_TP_ADD_TCS(tp)277 ATF_TP_ADD_TCS(tp)
278 {
279 ATF_TP_ADD_TC(tp, mlock__copy_on_write_anon);
280 ATF_TP_ADD_TC(tp, mlock__copy_on_write_vnode);
281 ATF_TP_ADD_TC(tp, mlock__truncate_and_resize);
282 ATF_TP_ADD_TC(tp, mlock__truncate_and_unlock);
283 ATF_TP_ADD_TC(tp, mlock__superpage_fault);
284
285 return (atf_no_error());
286 }
287