LXR linux/tools/testing/selftests/powerpc/mm/bad

   1// SPDX-License-Identifier: GPL-2.0+
   2//
   3// Copyright 2019, Michael Ellerman, IBM Corp.
   4//
   5// Test that out-of-bounds reads/writes behave as expected.
   6
   7#include <setjmp.h>
   8#include <stdbool.h>
   9#include <stdio.h>
  10#include <stdlib.h>
  11#include <string.h>
  12#include <sys/types.h>
  13#include <sys/wait.h>
  14#include <unistd.h>
  15
  16#include "utils.h"
  17
  18// Old distros (Ubuntu 16.04 at least) don't define this
  19#ifndef SEGV_BNDERR
  20#define SEGV_BNDERR     3
  21#endif
  22
  23// 64-bit kernel is always here
  24#define PAGE_OFFSET     (0xcul << 60)
  25
  26static unsigned long kernel_virt_end;
  27
  28static volatile int fault_code;
  29static volatile unsigned long fault_addr;
  30static jmp_buf setjmp_env;
  31
  32static void segv_handler(int n, siginfo_t *info, void *ctxt_v)
  33{
  34        fault_code = info->si_code;
  35        fault_addr = (unsigned long)info->si_addr;
  36        siglongjmp(setjmp_env, 1);
  37}
  38
  39int bad_access(char *p, bool write)
  40{
  41        char x;
  42
  43        fault_code = 0;
  44        fault_addr = 0;
  45
  46        if (sigsetjmp(setjmp_env, 1) == 0) {
  47                if (write)
  48                        *p = 1;
  49                else
  50                        x = *p;
  51
  52                printf("Bad - no SEGV! (%c)\n", x);
  53                return 1;
  54        }
  55
  56        // If we see MAPERR that means we took a page fault rather than an SLB
  57        // miss. We only expect to take page faults for addresses within the
  58        // valid kernel range.
  59        FAIL_IF(fault_code == SEGV_MAPERR && \
  60                (fault_addr < PAGE_OFFSET || fault_addr >= kernel_virt_end));
  61
  62        FAIL_IF(fault_code != SEGV_MAPERR && fault_code != SEGV_BNDERR);
  63
  64        return 0;
  65}
  66
  67static int using_hash_mmu(bool *using_hash)
  68{
  69        char line[128];
  70        FILE *f;
  71        int rc;
  72
  73        f = fopen("/proc/cpuinfo", "r");
  74        FAIL_IF(!f);
  75
  76        rc = 0;
  77        while (fgets(line, sizeof(line), f) != NULL) {
  78                if (strcmp(line, "MMU           : Hash\n") == 0) {
  79                        *using_hash = true;
  80                        goto out;
  81                }
  82
  83                if (strcmp(line, "MMU           : Radix\n") == 0) {
  84                        *using_hash = false;
  85                        goto out;
  86                }
  87        }
  88
  89        rc = -1;
  90out:
  91        fclose(f);
  92        return rc;
  93}
  94
  95static int test(void)
  96{
  97        unsigned long i, j, addr, region_shift, page_shift, page_size;
  98        struct sigaction sig;
  99        bool hash_mmu;
 100
 101        sig = (struct sigaction) {
 102                .sa_sigaction = segv_handler,
 103                .sa_flags = SA_SIGINFO,
 104        };
 105
 106        FAIL_IF(sigaction(SIGSEGV, &sig, NULL) != 0);
 107
 108        FAIL_IF(using_hash_mmu(&hash_mmu));
 109
 110        page_size = sysconf(_SC_PAGESIZE);
 111        if (page_size == (64 * 1024))
 112                page_shift = 16;
 113        else
 114                page_shift = 12;
 115
 116        if (page_size == (64 * 1024) || !hash_mmu) {
 117                region_shift = 52;
 118
 119                // We have 7 512T regions (4 kernel linear, vmalloc, io, vmemmap)
 120                kernel_virt_end = PAGE_OFFSET + (7 * (512ul << 40));
 121        } else if (page_size == (4 * 1024) && hash_mmu) {
 122                region_shift = 46;
 123
 124                // We have 7 64T regions (4 kernel linear, vmalloc, io, vmemmap)
 125                kernel_virt_end = PAGE_OFFSET + (7 * (64ul << 40));
 126        } else
 127                FAIL_IF(true);
 128
 129        printf("Using %s MMU, PAGE_SIZE = %dKB start address 0x%016lx\n",
 130               hash_mmu ? "hash" : "radix",
 131               (1 << page_shift) >> 10,
 132               1ul << region_shift);
 133
 134        // This generates access patterns like:
 135        //   0x0010000000000000
 136        //   0x0010000000010000
 137        //   0x0010000000020000
 138        //   ...
 139        //   0x0014000000000000
 140        //   0x0018000000000000
 141        //   0x0020000000000000
 142        //   0x0020000000010000
 143        //   0x0020000000020000
 144        //   ...
 145        //   0xf400000000000000
 146        //   0xf800000000000000
 147
 148        for (i = 1; i <= ((0xful << 60) >> region_shift); i++) {
 149                for (j = page_shift - 1; j < 60; j++) {
 150                        unsigned long base, delta;
 151
 152                        base  = i << region_shift;
 153                        delta = 1ul << j;
 154
 155                        if (delta >= base)
 156                                break;
 157
 158                        addr = (base | delta) & ~((1 << page_shift) - 1);
 159
 160                        FAIL_IF(bad_access((char *)addr, false));
 161                        FAIL_IF(bad_access((char *)addr, true));
 162                }
 163        }
 164
 165        return 0;
 166}
 167
 168int main(void)
 169{
 170        return test_harness(test, "bad_accesses");
 171}
 172