1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2019 Mark Johnston <markj@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are 8 * met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in 13 * the documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 #include <sys/mman.h> 30 #include <sys/ptrace.h> 31 #include <sys/resource.h> 32 #include <sys/wait.h> 33 34 #include <errno.h> 35 #include <fcntl.h> 36 #include <signal.h> 37 #include <stdatomic.h> 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <string.h> 41 #include <unistd.h> 42 43 #include <atf-c.h> 44 45 static void 46 test_wired_copy_on_write(void *addr, size_t len) 47 { 48 int status, val; 49 pid_t pid; 50 51 pid = fork(); 52 if (pid == -1) 53 atf_tc_fail("fork() failed: %s", strerror(errno)); 54 if (pid == 0) { 55 if (mlock(addr, len) != 0) 56 _exit(1); 57 if (ptrace(PT_TRACE_ME, 0, NULL, 0) != 0) 58 _exit(2); 59 if (raise(SIGSTOP) != 0) 60 _exit(3); 61 if (munlock(addr, len) != 0) 62 _exit(4); 63 _exit(0); 64 } 65 66 ATF_REQUIRE(waitpid(pid, &status, 0) == pid); 67 ATF_REQUIRE_MSG(!WIFEXITED(status), 68 "child exited with status %d", WEXITSTATUS(status)); 69 ATF_REQUIRE(WIFSTOPPED(status)); 70 ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP); 71 72 errno = 0; 73 val = ptrace(PT_READ_D, pid, addr, 0); 74 ATF_REQUIRE(errno == 0); 75 ATF_REQUIRE(ptrace(PT_WRITE_D, pid, addr, val) == 0); 76 ATF_REQUIRE(ptrace(PT_CONTINUE, pid, (caddr_t)1, 0) == 0); 77 ATF_REQUIRE(waitpid(pid, &status, 0) == pid); 78 ATF_REQUIRE(WIFEXITED(status)); 79 ATF_REQUIRE_MSG(WEXITSTATUS(status) == 0, 80 "child exited with status %d", WSTOPSIG(status)); 81 } 82 83 /* 84 * Use ptrace(2) to trigger a copy-on-write fault of anonymous memory. 85 */ 86 ATF_TC_WITHOUT_HEAD(mlock__copy_on_write_anon); 87 ATF_TC_BODY(mlock__copy_on_write_anon, tc) 88 { 89 char *addr; 90 int len; 91 92 len = getpagesize(); 93 addr = mmap(NULL, len, PROT_READ, MAP_ANON, -1, 0); 94 ATF_REQUIRE(addr != MAP_FAILED); 95 96 test_wired_copy_on_write(addr, len); 97 } 98 99 /* 100 * Use ptrace(2) to trigger a copy-on-write fault of a read-only text page. 101 */ 102 ATF_TC_WITHOUT_HEAD(mlock__copy_on_write_vnode); 103 ATF_TC_BODY(mlock__copy_on_write_vnode, tc) 104 { 105 void *addr; 106 int len; 107 108 len = getpagesize(); 109 addr = (void *)((uintptr_t)test_wired_copy_on_write & ~(len - 1)); 110 111 test_wired_copy_on_write(addr, len); 112 } 113 114 /* 115 * Try truncating and then resizing an mlock()ed mapping. 116 */ 117 ATF_TC_WITHOUT_HEAD(mlock__truncate_and_resize); 118 ATF_TC_BODY(mlock__truncate_and_resize, tc) 119 { 120 char filename[16]; 121 char *addr; 122 int fd, i, len; 123 124 snprintf(filename, sizeof(filename), "tmp.XXXXXX"); 125 fd = mkstemp(filename); 126 ATF_REQUIRE(fd >= 0); 127 ATF_REQUIRE(unlink(filename) == 0); 128 129 len = getpagesize(); 130 ATF_REQUIRE(ftruncate(fd, len) == 0); 131 132 addr = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); 133 ATF_REQUIRE(addr != MAP_FAILED); 134 ATF_REQUIRE(mlock(addr, len) == 0); 135 memset(addr, 1, len); 136 ATF_REQUIRE(ftruncate(fd, 0) == 0); 137 ATF_REQUIRE(ftruncate(fd, len) == 0); 138 for (i = 0; i < len; i++) 139 ATF_REQUIRE(addr[i] == 0); 140 ATF_REQUIRE(munlock(addr, len) == 0); 141 } 142 143 /* 144 * Make sure that we can munlock() a truncated mapping. 145 */ 146 ATF_TC_WITHOUT_HEAD(mlock__truncate_and_unlock); 147 ATF_TC_BODY(mlock__truncate_and_unlock, tc) 148 { 149 char filename[16]; 150 void *addr; 151 int fd, len; 152 153 snprintf(filename, sizeof(filename), "tmp.XXXXXX"); 154 fd = mkstemp(filename); 155 ATF_REQUIRE(fd >= 0); 156 ATF_REQUIRE(unlink(filename) == 0); 157 158 len = getpagesize(); 159 ATF_REQUIRE(ftruncate(fd, len) == 0); 160 161 addr = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); 162 ATF_REQUIRE(addr != MAP_FAILED); 163 ATF_REQUIRE(mlock(addr, len) == 0); 164 ATF_REQUIRE(ftruncate(fd, 0) == 0); 165 ATF_REQUIRE(munlock(addr, len) == 0); 166 } 167 168 /* 169 * Exercise a corner case involving an interaction between mlock() and superpage 170 * creation: a truncation of the object backing a mapping results in the 171 * truncated region being unmapped by the pmap, but does not affect the logical 172 * mapping. In particular, the truncated region remains mlock()ed. If the 173 * mapping is later extended, a page fault in the formerly truncated region can 174 * result in superpage creation via a call to pmap_enter(psind = 1). 175 */ 176 ATF_TC(mlock__superpage_fault); 177 ATF_TC_HEAD(mlock__superpage_fault, tc) 178 { 179 atf_tc_set_md_var(tc, "require.user", "root"); 180 } 181 ATF_TC_BODY(mlock__superpage_fault, tc) 182 { 183 struct rlimit rlim; 184 void *addr1, *addr2; 185 size_t len, pagesizes[MAXPAGESIZES]; 186 int count, error, shmfd; 187 char vec; 188 189 count = getpagesizes(pagesizes, MAXPAGESIZES); 190 ATF_REQUIRE_MSG(count >= 1, 191 "failed to get page sizes: %s", strerror(errno)); 192 if (count == 1) 193 atf_tc_skip("system does not support multiple page sizes"); 194 len = pagesizes[1]; 195 196 error = getrlimit(RLIMIT_MEMLOCK, &rlim); 197 ATF_REQUIRE_MSG(error == 0, "getrlimit: %s", strerror(errno)); 198 rlim.rlim_cur += len; 199 rlim.rlim_max += len; 200 error = setrlimit(RLIMIT_MEMLOCK, &rlim); 201 ATF_REQUIRE_MSG(error == 0, "setrlimit: %s", strerror(errno)); 202 203 shmfd = shm_open(SHM_ANON, O_RDWR | O_CREAT, 0600); 204 ATF_REQUIRE_MSG(shmfd >= 0, "shm_open: %s", strerror(errno)); 205 error = ftruncate(shmfd, len); 206 ATF_REQUIRE_MSG(error == 0, "ftruncate: %s", strerror(errno)); 207 208 addr1 = mmap(NULL, len, PROT_READ | PROT_WRITE, 209 MAP_SHARED | MAP_ALIGNED_SUPER, shmfd, 0); 210 ATF_REQUIRE_MSG(addr1 != MAP_FAILED, "mmap: %s", strerror(errno)); 211 ATF_REQUIRE_MSG(((uintptr_t)addr1 & (len - 1)) == 0, 212 "addr %p is misaligned", addr1); 213 addr2 = mmap(NULL, len, PROT_READ, 214 MAP_SHARED | MAP_ALIGNED_SUPER, shmfd, 0); 215 ATF_REQUIRE_MSG(addr2 != MAP_FAILED, "mmap: %s", strerror(errno)); 216 ATF_REQUIRE_MSG(((uintptr_t)addr2 & (len - 1)) == 0, 217 "addr %p is misaligned", addr2); 218 219 memset(addr1, 0x42, len); 220 error = mincore(addr1, pagesizes[0], &vec); 221 ATF_REQUIRE_MSG(error == 0, "mincore: %s", strerror(errno)); 222 if ((vec & MINCORE_SUPER) == 0) 223 atf_tc_skip("initial superpage promotion failed"); 224 225 error = mlock(addr2, len); 226 ATF_REQUIRE_MSG(error == 0, "mlock: %s", strerror(errno)); 227 error = mincore(addr2, pagesizes[0], &vec); 228 ATF_REQUIRE_MSG(error == 0, "mincore: %s", strerror(errno)); 229 ATF_REQUIRE((vec & MINCORE_SUPER) != 0); 230 231 /* 232 * Free a page back to the superpage reservation, demoting both 233 * mappings. 234 */ 235 error = ftruncate(shmfd, len - pagesizes[0]); 236 ATF_REQUIRE_MSG(error == 0, "ftruncate: %s", strerror(errno)); 237 238 /* 239 * Extend the mapping back to its original size. 240 */ 241 error = ftruncate(shmfd, len); 242 ATF_REQUIRE_MSG(error == 0, "ftruncate: %s", strerror(errno)); 243 244 /* 245 * Trigger re-promotion. 246 */ 247 error = mincore(addr1, pagesizes[0], &vec); 248 ATF_REQUIRE_MSG(error == 0, "mincore: %s", strerror(errno)); 249 ATF_REQUIRE((vec & MINCORE_SUPER) == 0); 250 memset((char *)addr1 + len - pagesizes[0], 0x43, pagesizes[0]); 251 error = mincore(addr1, pagesizes[0], &vec); 252 ATF_REQUIRE_MSG(error == 0, "mincore: %s", strerror(errno)); 253 ATF_REQUIRE((vec & MINCORE_SUPER) != 0); 254 255 /* 256 * Trigger a read fault, which should install a superpage mapping 257 * without promotion. 258 */ 259 error = mincore(addr2, pagesizes[0], &vec); 260 ATF_REQUIRE_MSG(error == 0, "mincore: %s", strerror(errno)); 261 ATF_REQUIRE((vec & MINCORE_SUPER) == 0); 262 (void)atomic_load( 263 (_Atomic int *)(void *)((char *)addr2 + len - pagesizes[0])); 264 error = mincore(addr2, pagesizes[0], &vec); 265 ATF_REQUIRE_MSG(error == 0, "mincore: %s", strerror(errno)); 266 ATF_REQUIRE((vec & MINCORE_SUPER) != 0); 267 268 /* 269 * Trigger demotion of the wired mapping. 270 */ 271 error = munlock(addr2, pagesizes[0]); 272 ATF_REQUIRE_MSG(error == 0, "munlock: %s", strerror(errno)); 273 274 ATF_REQUIRE(close(shmfd) == 0); 275 } 276 277 ATF_TP_ADD_TCS(tp) 278 { 279 ATF_TP_ADD_TC(tp, mlock__copy_on_write_anon); 280 ATF_TP_ADD_TC(tp, mlock__copy_on_write_vnode); 281 ATF_TP_ADD_TC(tp, mlock__truncate_and_resize); 282 ATF_TP_ADD_TC(tp, mlock__truncate_and_unlock); 283 ATF_TP_ADD_TC(tp, mlock__superpage_fault); 284 285 return (atf_no_error()); 286 } 287