From nobody Sun Sep 14 11:16:46 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 330D3C54EAA for ; Mon, 23 Jan 2023 22:05:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231898AbjAWWF4 (ORCPT ); Mon, 23 Jan 2023 17:05:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49936 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232450AbjAWWFo (ORCPT ); Mon, 23 Jan 2023 17:05:44 -0500 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 364602B2BB for ; Mon, 23 Jan 2023 14:05:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674511531; x=1706047531; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=fwizFXa+ntJFgk9BjkRzRTV74GE4SUYwl24HZQzzh/A=; b=Ixs4IWcDceLptO5gPnABcNwME3ADawKOob3KblxR5uwaUBPSFYBFOW4h B+If6reiTrjYyibT6b/Bg7624uKIR9A5PspxqSuvuCbTLjIh1jIBO9UQl RfmglmhYFwFesWkx6lBv3Hsf+kXKOPhhYE0GoqmfYb0XBwgR/oH+lgbpn 8vxthaqptN8ppKxkgEdtzsaIaUK7yLS8tPPHFM7hTDYJc/L2x2u6tCXDv akeMIN14GNZZ8S5iLIe7fKXrKJ4zcgD7WK2IOuyXwXrulnq+vJbhlmcRd kpdo4k5iw92lcjbsOvPFpbUJyAY/OKPUsfqm1cjUoBMxsyO8yFbaNp6Z5 A==; X-IronPort-AV: E=McAfee;i="6500,9779,10599"; a="327421964" X-IronPort-AV: E=Sophos;i="5.97,240,1669104000"; d="scan'208";a="327421964" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2023 14:05:24 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10599"; a="661878114" X-IronPort-AV: E=Sophos;i="5.97,240,1669104000"; d="scan'208";a="661878114" Received: from ssauty-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.249.46.171]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2023 14:05:17 -0800 Received: by box.shutemov.name (Postfix, from userid 1000) id 9A6F110947E; Tue, 24 Jan 2023 01:05:03 +0300 (+03) From: "Kirill A. Shutemov" To: Dave Hansen , Andy Lutomirski , Peter Zijlstra Cc: x86@kernel.org, Kostya Serebryany , Andrey Ryabinin , Andrey Konovalov , Alexander Potapenko , Taras Madan , Dmitry Vyukov , "H . J . Lu" , Andi Kleen , Rick Edgecombe , Bharata B Rao , Jacob Pan , Ashok Raj , Linus Torvalds , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Weihong Zhang , "Kirill A . Shutemov" Subject: [PATCHv15 12/17] selftests/x86/lam: Add malloc and tag-bits test cases for linear-address masking Date: Tue, 24 Jan 2023 01:04:55 +0300 Message-Id: <20230123220500.21077-13-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230123220500.21077-1-kirill.shutemov@linux.intel.com> References: <20230123220500.21077-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Weihong Zhang LAM is supported only in 64-bit mode and applies only addresses used for da= ta accesses. In 64-bit mode, linear address have 64 bits. LAM is applied to 64= -bit linear address and allow software to use high bits for metadata. LAM supports configurations that differ regarding which pointer bits are ma= sked and can be used for metadata. LAM includes following mode: - LAM_U57, pointer bits in positions 62:57 are masked (LAM width 6), allows bits 62:57 of a user pointer to be used as metadata. There are some arch_prctls: ARCH_ENABLE_TAGGED_ADDR: enable LAM mode, mask high bits of a user pointer. ARCH_GET_UNTAG_MASK: get current untagged mask. ARCH_GET_MAX_TAG_BITS: the maximum tag bits user can request. zero if LAM is not supported. The LAM mode is for pre-process, a process has only one chance to set LAM m= ode. But there is no API to disable LAM mode. So all of test cases are run under child process. Functions of this test: MALLOC - LAM_U57 masks bits 57:62 of a user pointer. Process on user space can dereference such pointers. - Disable LAM, dereference a pointer with metadata above 48 bit or 57 bit lead to trigger SIGSEGV. TAG_BITS - Max tag bits of LAM_U57 is 6. Signed-off-by: Weihong Zhang Signed-off-by: Kirill A. Shutemov Acked-by: Peter Zijlstra (Intel) --- tools/testing/selftests/x86/Makefile | 2 +- tools/testing/selftests/x86/lam.c | 326 +++++++++++++++++++++++++++ 2 files changed, 327 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/x86/lam.c diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests= /x86/Makefile index 0388c4d60af0..c1a16a9d4f2f 100644 --- a/tools/testing/selftests/x86/Makefile +++ b/tools/testing/selftests/x86/Makefile @@ -18,7 +18,7 @@ TARGETS_C_32BIT_ONLY :=3D entry_from_vm86 test_syscall_vd= so unwind_vdso \ test_FCMOV test_FCOMI test_FISTTP \ vdso_restorer TARGETS_C_64BIT_ONLY :=3D fsgsbase sysret_rip syscall_numbering \ - corrupt_xstate_header amx + corrupt_xstate_header amx lam # Some selftests require 32bit support enabled also on 64bit systems TARGETS_C_32BIT_NEEDED :=3D ldt_gdt ptrace_syscall =20 diff --git a/tools/testing/selftests/x86/lam.c b/tools/testing/selftests/x8= 6/lam.c new file mode 100644 index 000000000000..268c1d2749af --- /dev/null +++ b/tools/testing/selftests/x86/lam.c @@ -0,0 +1,326 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../kselftest.h" + +#ifndef __x86_64__ +# error This test is 64-bit only +#endif + +/* LAM modes, these definitions were copied from kernel code */ +#define LAM_NONE 0 +#define LAM_U57_BITS 6 + +#define LAM_U57_MASK (0x3fULL << 57) +/* arch prctl for LAM */ +#define ARCH_GET_UNTAG_MASK 0x4001 +#define ARCH_ENABLE_TAGGED_ADDR 0x4002 +#define ARCH_GET_MAX_TAG_BITS 0x4003 + +/* Specified test function bits */ +#define FUNC_MALLOC 0x1 +#define FUNC_BITS 0x2 + +#define TEST_MASK 0x3 + +#define MALLOC_LEN 32 + +struct testcases { + unsigned int later; + int expected; /* 2: SIGSEGV Error; 1: other errors */ + unsigned long lam; + uint64_t addr; + int (*test_func)(struct testcases *test); + const char *msg; +}; + +int tests_cnt; +jmp_buf segv_env; + +static void segv_handler(int sig) +{ + ksft_print_msg("Get segmentation fault(%d).", sig); + siglongjmp(segv_env, 1); +} + +static inline int cpu_has_lam(void) +{ + unsigned int cpuinfo[4]; + + __cpuid_count(0x7, 1, cpuinfo[0], cpuinfo[1], cpuinfo[2], cpuinfo[3]); + + return (cpuinfo[0] & (1 << 26)); +} + +/* + * Set tagged address and read back untag mask. + * check if the untagged mask is expected. + * + * @return: + * 0: Set LAM mode successfully + * others: failed to set LAM + */ +static int set_lam(unsigned long lam) +{ + int ret =3D 0; + uint64_t ptr =3D 0; + + if (lam !=3D LAM_U57_BITS && lam !=3D LAM_NONE) + return -1; + + /* Skip check return */ + syscall(SYS_arch_prctl, ARCH_ENABLE_TAGGED_ADDR, lam); + + /* Get untagged mask */ + syscall(SYS_arch_prctl, ARCH_GET_UNTAG_MASK, &ptr); + + /* Check mask returned is expected */ + if (lam =3D=3D LAM_U57_BITS) + ret =3D (ptr !=3D ~(LAM_U57_MASK)); + else if (lam =3D=3D LAM_NONE) + ret =3D (ptr !=3D -1ULL); + + return ret; +} + +static unsigned long get_default_tag_bits(void) +{ + pid_t pid; + int lam =3D LAM_NONE; + int ret =3D 0; + + pid =3D fork(); + if (pid < 0) { + perror("Fork failed."); + } else if (pid =3D=3D 0) { + /* Set LAM mode in child process */ + if (set_lam(LAM_U57_BITS) =3D=3D 0) + lam =3D LAM_U57_BITS; + else + lam =3D LAM_NONE; + exit(lam); + } else { + wait(&ret); + lam =3D WEXITSTATUS(ret); + } + + return lam; +} + +/* According to LAM mode, set metadata in high bits */ +static uint64_t set_metadata(uint64_t src, unsigned long lam) +{ + uint64_t metadata; + + srand(time(NULL)); + + switch (lam) { + case LAM_U57_BITS: /* Set metadata in bits 62:57 */ + /* Get a random non-zero value as metadata */ + metadata =3D (rand() % ((1UL << LAM_U57_BITS) - 1) + 1) << 57; + metadata |=3D (src & ~(LAM_U57_MASK)); + break; + default: + metadata =3D src; + break; + } + + return metadata; +} + +/* + * Set metadata in user pointer, compare new pointer with original pointer. + * both pointers should point to the same address. + * + * @return: + * 0: value on the pointer with metadate and value on original are same + * 1: not same. + */ +static int handle_lam_test(void *src, unsigned int lam) +{ + char *ptr; + + strcpy((char *)src, "USER POINTER"); + + ptr =3D (char *)set_metadata((uint64_t)src, lam); + if (src =3D=3D ptr) + return 0; + + /* Copy a string into the pointer with metadata */ + strcpy((char *)ptr, "METADATA POINTER"); + + return (!!strcmp((char *)src, (char *)ptr)); +} + + +int handle_max_bits(struct testcases *test) +{ + unsigned long exp_bits =3D get_default_tag_bits(); + unsigned long bits =3D 0; + + if (exp_bits !=3D LAM_NONE) + exp_bits =3D LAM_U57_BITS; + + /* Get LAM max tag bits */ + if (syscall(SYS_arch_prctl, ARCH_GET_MAX_TAG_BITS, &bits) =3D=3D -1) + return 1; + + return (exp_bits !=3D bits); +} + +/* + * Test lam feature through dereference pointer get from malloc. + * @return 0: Pass test. 1: Get failure during test 2: Get SIGSEGV + */ +static int handle_malloc(struct testcases *test) +{ + char *ptr =3D NULL; + int ret =3D 0; + + if (test->later =3D=3D 0 && test->lam !=3D 0) + if (set_lam(test->lam) =3D=3D -1) + return 1; + + ptr =3D (char *)malloc(MALLOC_LEN); + if (ptr =3D=3D NULL) { + perror("malloc() failure\n"); + return 1; + } + + /* Set signal handler */ + if (sigsetjmp(segv_env, 1) =3D=3D 0) { + signal(SIGSEGV, segv_handler); + ret =3D handle_lam_test(ptr, test->lam); + } else { + ret =3D 2; + } + + if (test->later !=3D 0 && test->lam !=3D 0) + if (set_lam(test->lam) =3D=3D -1 && ret =3D=3D 0) + ret =3D 1; + + free(ptr); + + return ret; +} + +static int fork_test(struct testcases *test) +{ + int ret, child_ret; + pid_t pid; + + pid =3D fork(); + if (pid < 0) { + perror("Fork failed."); + ret =3D 1; + } else if (pid =3D=3D 0) { + ret =3D test->test_func(test); + exit(ret); + } else { + wait(&child_ret); + ret =3D WEXITSTATUS(child_ret); + } + + return ret; +} + +static void run_test(struct testcases *test, int count) +{ + int i, ret =3D 0; + + for (i =3D 0; i < count; i++) { + struct testcases *t =3D test + i; + + /* fork a process to run test case */ + ret =3D fork_test(t); + if (ret !=3D 0) + ret =3D (t->expected =3D=3D ret); + else + ret =3D !(t->expected); + + tests_cnt++; + ksft_test_result(ret, t->msg); + } +} + +static struct testcases malloc_cases[] =3D { + { + .later =3D 0, + .lam =3D LAM_U57_BITS, + .test_func =3D handle_malloc, + .msg =3D "MALLOC: LAM_U57. Dereferencing pointer with metadata\n", + }, + { + .later =3D 1, + .expected =3D 2, + .lam =3D LAM_U57_BITS, + .test_func =3D handle_malloc, + .msg =3D "MALLOC:[Negative] Disable LAM. Dereferencing pointer with meta= data.\n", + }, +}; + + +static struct testcases bits_cases[] =3D { + { + .test_func =3D handle_max_bits, + .msg =3D "BITS: Check default tag bits\n", + }, +}; + +static void cmd_help(void) +{ + printf("usage: lam [-h] [-t test list]\n"); + printf("\t-t test list: run tests specified in the test list, default:0x%= x\n", TEST_MASK); + printf("\t\t0x1:malloc; 0x2:max_bits;\n"); + printf("\t-h: help\n"); +} + +int main(int argc, char **argv) +{ + int c =3D 0; + unsigned int tests =3D TEST_MASK; + + tests_cnt =3D 0; + + if (!cpu_has_lam()) { + ksft_print_msg("Unsupported LAM feature!\n"); + return -1; + } + + while ((c =3D getopt(argc, argv, "ht:")) !=3D -1) { + switch (c) { + case 't': + tests =3D strtoul(optarg, NULL, 16); + if (!(tests & TEST_MASK)) { + ksft_print_msg("Invalid argument!\n"); + return -1; + } + break; + case 'h': + cmd_help(); + return 0; + default: + ksft_print_msg("Invalid argument\n"); + return -1; + } + } + + if (tests & FUNC_MALLOC) + run_test(malloc_cases, ARRAY_SIZE(malloc_cases)); + + if (tests & FUNC_BITS) + run_test(bits_cases, ARRAY_SIZE(bits_cases)); + + ksft_set_plan(tests_cnt); + + return ksft_exit_pass(); +} --=20 2.39.1