xref: /linux/tools/testing/selftests/arm64/gcs/gcs-locking.c (revision 60675d4ca1ef0857e44eba5849b74a3a998d0c0f)

// SPDX-License-Identifier: GPL-2.0-only
/*
 * Copyright (C) 2023 ARM Limited.
 *
 * Tests for GCS mode locking.  These tests rely on both having GCS
 * unconfigured on entry and on the kselftest harness running each
 * test in a fork()ed process which will have it's own mode.
 */

#include <limits.h>

#include <sys/auxv.h>
#include <sys/prctl.h>

#include <asm/hwcap.h>

#include "kselftest_harness.h"

#include "gcs-util.h"

#define my_syscall2(num, arg1, arg2)                                          \
({                                                                            \
	register long _num  __asm__ ("x8") = (num);                           \
	register long _arg1 __asm__ ("x0") = (long)(arg1);                    \
	register long _arg2 __asm__ ("x1") = (long)(arg2);                    \
	register long _arg3 __asm__ ("x2") = 0;                               \
	register long _arg4 __asm__ ("x3") = 0;                               \
	register long _arg5 __asm__ ("x4") = 0;                               \
	                                                                      \
	__asm__  volatile (                                                   \
		"svc #0\n"                                                    \
		: "=r"(_arg1)                                                 \
		: "r"(_arg1), "r"(_arg2),                                     \
		  "r"(_arg3), "r"(_arg4),                                     \
		  "r"(_arg5), "r"(_num)					      \
		: "memory", "cc"                                              \
	);                                                                    \
	_arg1;                                                                \
})

/* No mode bits are rejected for locking */
TEST(lock_all_modes)
{
	int ret;

	ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, ULONG_MAX, 0, 0, 0);
	ASSERT_EQ(ret, 0);
}

FIXTURE(valid_modes)
{
};

FIXTURE_VARIANT(valid_modes)
{
	unsigned long mode;
};

FIXTURE_VARIANT_ADD(valid_modes, enable)
{
	.mode = PR_SHADOW_STACK_ENABLE,
};

FIXTURE_VARIANT_ADD(valid_modes, enable_write)
{
	.mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE,
};

FIXTURE_VARIANT_ADD(valid_modes, enable_push)
{
	.mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH,
};

FIXTURE_VARIANT_ADD(valid_modes, enable_write_push)
{
	.mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE |
		PR_SHADOW_STACK_PUSH,
};

FIXTURE_SETUP(valid_modes)
{
}

FIXTURE_TEARDOWN(valid_modes)
{
}

/* We can set the mode at all */
TEST_F(valid_modes, set)
{
	int ret;

	ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS,
			  variant->mode);
	ASSERT_EQ(ret, 0);

	_exit(0);
}

/* Enabling, locking then disabling is rejected */
TEST_F(valid_modes, enable_lock_disable)
{
	unsigned long mode;
	int ret;

	ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS,
			  variant->mode);
	ASSERT_EQ(ret, 0);

	ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0);
	ASSERT_EQ(ret, 0);
	ASSERT_EQ(mode, variant->mode);

	ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0);
	ASSERT_EQ(ret, 0);

	ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0);
	ASSERT_EQ(ret, -EBUSY);

	_exit(0);
}

/* Locking then enabling is rejected */
TEST_F(valid_modes, lock_enable)
{
	unsigned long mode;
	int ret;

	ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0);
	ASSERT_EQ(ret, 0);

	ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS,
			  variant->mode);
	ASSERT_EQ(ret, -EBUSY);

	ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0);
	ASSERT_EQ(ret, 0);
	ASSERT_EQ(mode, 0);

	_exit(0);
}

/* Locking then changing other modes is fine */
TEST_F(valid_modes, lock_enable_disable_others)
{
	unsigned long mode;
	int ret;

	ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS,
			  variant->mode);
	ASSERT_EQ(ret, 0);

	ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0);
	ASSERT_EQ(ret, 0);
	ASSERT_EQ(mode, variant->mode);

	ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0);
	ASSERT_EQ(ret, 0);

	ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS,
			  PR_SHADOW_STACK_ALL_MODES);
	ASSERT_EQ(ret, 0);

	ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0);
	ASSERT_EQ(ret, 0);
	ASSERT_EQ(mode, PR_SHADOW_STACK_ALL_MODES);


	ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS,
			  variant->mode);
	ASSERT_EQ(ret, 0);

	ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0);
	ASSERT_EQ(ret, 0);
	ASSERT_EQ(mode, variant->mode);

	_exit(0);
}

int main(int argc, char **argv)
{
	unsigned long mode;
	int ret;

	if (!(getauxval(AT_HWCAP) & HWCAP_GCS))
		ksft_exit_skip("SKIP GCS not supported\n");

	ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0);
	if (ret) {
		ksft_print_msg("Failed to read GCS state: %d\n", ret);
		return EXIT_FAILURE;
	}

	if (mode & PR_SHADOW_STACK_ENABLE) {
		ksft_print_msg("GCS was enabled, test unsupported\n");
		return KSFT_SKIP;
	}

	return test_harness_run(argc, argv);
}