From patchwork Fri Jun 11 16:41:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Hansen X-Patchwork-Id: 12316175 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_RED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CB67C48BE0 for ; Fri, 11 Jun 2021 16:42:05 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 10B606100A for ; Fri, 11 Jun 2021 16:42:05 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 10B606100A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id A6B8F6B006C; Fri, 11 Jun 2021 12:42:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A43016B006E; Fri, 11 Jun 2021 12:42:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8BC966B0070; Fri, 11 Jun 2021 12:42:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0222.hostedemail.com [216.40.44.222]) by kanga.kvack.org (Postfix) with ESMTP id 5CC996B006C for ; Fri, 11 Jun 2021 12:42:04 -0400 (EDT) Received: from smtpin04.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 02B1EBBDE for ; Fri, 11 Jun 2021 16:42:04 +0000 (UTC) X-FDA: 78242010168.04.4AF34D9 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by imf20.hostedemail.com (Postfix) with ESMTP id 82B9D54C for ; Fri, 11 Jun 2021 16:41:55 +0000 (UTC) IronPort-SDR: 8nE1fginkxwZH7nm5NerusdZTyOkL8YxDGqlGozLZphLKmsNgsANdJz1qG7VFjDrSeOayHdvCf 3LWg/aZvKBAw== X-IronPort-AV: E=McAfee;i="6200,9189,10012"; a="226987438" X-IronPort-AV: E=Sophos;i="5.83,265,1616482800"; d="scan'208";a="226987438" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jun 2021 09:41:58 -0700 IronPort-SDR: lUbd/cezG/WIoeYhLWfpKT7TAWTnR53Ta8JFebAxza+auFaTWefdJRvLcFLUEX09wp+JBQJF5w nHDtT76H4G8g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,265,1616482800"; d="scan'208";a="420122331" Received: from viggo.jf.intel.com (HELO localhost.localdomain) ([10.54.77.144]) by orsmga002.jf.intel.com with ESMTP; 11 Jun 2021 09:41:56 -0700 Subject: [PATCH 1/4] selftests/vm/pkeys: Fix alloc_random_pkey() to make it really, really random To: linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org,Dave Hansen ,tglx@linutronix.de,linuxram@us.ibm.com,sandipan@linux.ibm.com,akpm@linux-foundation.org,fweimer@redhat.com,desnesn@linux.vnet.ibm.com,mingo@kernel.org,bauerman@linux.ibm.com,aneesh.kumar@linux.ibm.com,mpe@ellerman.id.au,mhocko@kernel.org,msuchanek@suse.de,shuah@kernel.org,x86@kernel.org From: Dave Hansen Date: Fri, 11 Jun 2021 09:41:55 -0700 References: <20210611164153.91B76FB8@viggo.jf.intel.com> In-Reply-To: <20210611164153.91B76FB8@viggo.jf.intel.com> Message-Id: <20210611164155.192D00FF@viggo.jf.intel.com> Authentication-Results: imf20.hostedemail.com; dkim=none; spf=none (imf20.hostedemail.com: domain of dave.hansen@linux.intel.com has no SPF policy when checking 192.55.52.88) smtp.mailfrom=dave.hansen@linux.intel.com; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=intel.com (policy=none) X-Stat-Signature: aaph9frwa87bu1z8rdhqkix7og8u4mhc X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 82B9D54C X-HE-Tag: 1623429715-3303 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Dave Hansen The "random" pkey allocation code currently does the good old: srand((unsigned int)time(NULL)); *But*, it unfortunately does this on every random pkey allocation. There may be thousands of these a second. time() has a one second resolution. So, each time alloc_random_pkey() is called, the PRNG is *RESET* to time(). This is nasty. Normally, if you do: srand(); foo = rand(); bar = rand(); You'll be quite guaranteed that 'foo' and 'bar' are different. But, if you do: srand(1); foo = rand(); srand(1); bar = rand(); You are quite guaranteed that 'foo' and 'bar' are the *SAME*. The recent "fix" effectively forced the test case to use the same "random" pkey for the whole test, unless the test run crossed a second boundary. Only run srand() once at program startup. This explains some very odd and persistent test failures I've been seeing. Fixes: 6e373263ce07 ("selftests/vm/pkeys: fix alloc_random_pkey() to make it really random") Signed-off-by: Dave Hansen Signed-off-by: Thomas Gleixner Cc: Ram Pai Cc: Sandipan Das Cc: Andrew Morton Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Cc: x86@kernel.org --- b/tools/testing/selftests/vm/protection_keys.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN tools/testing/selftests/vm/protection_keys.c~selftests_vm_pkeys_Fix_alloc_random_pkey_to_make_it_really_really_random-1 tools/testing/selftests/vm/protection_keys.c --- a/tools/testing/selftests/vm/protection_keys.c~selftests_vm_pkeys_Fix_alloc_random_pkey_to_make_it_really_really_random-1 2021-06-11 09:41:31.385468066 -0700 +++ b/tools/testing/selftests/vm/protection_keys.c 2021-06-11 09:41:31.389468066 -0700 @@ -561,7 +561,6 @@ int alloc_random_pkey(void) int nr_alloced = 0; int random_index; memset(alloced_pkeys, 0, sizeof(alloced_pkeys)); - srand((unsigned int)time(NULL)); /* allocate every possible key and make a note of which ones we got */ max_nr_pkey_allocs = NR_PKEYS; @@ -1552,6 +1551,8 @@ int main(void) int nr_iterations = 22; int pkeys_supported = is_pkeys_supported(); + srand((unsigned int)time(NULL)); + setup_handlers(); printf("has pkeys: %d\n", pkeys_supported); From patchwork Fri Jun 11 16:41:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Hansen X-Patchwork-Id: 12316179 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_RED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1037DC48BD1 for ; Fri, 11 Jun 2021 16:42:09 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id B82BF613BA for ; Fri, 11 Jun 2021 16:42:08 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B82BF613BA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id B07FC6B0070; Fri, 11 Jun 2021 12:42:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id ADF4C6B0072; Fri, 11 Jun 2021 12:42:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9CE306B0073; Fri, 11 Jun 2021 12:42:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0075.hostedemail.com [216.40.44.75]) by kanga.kvack.org (Postfix) with ESMTP id 70A7E6B0070 for ; Fri, 11 Jun 2021 12:42:06 -0400 (EDT) Received: from smtpin06.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 1823218141EE0 for ; Fri, 11 Jun 2021 16:42:06 +0000 (UTC) X-FDA: 78242010252.06.D2FE309 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by imf12.hostedemail.com (Postfix) with ESMTP id 6CD2442D for ; Fri, 11 Jun 2021 16:41:53 +0000 (UTC) IronPort-SDR: x3KwvBOnJARW3yBi9YZE1yyYQE29ROMxgI05McTlfS2P7cCZRMduWpLdgq1Z18g67ACRT+K22h Q0pNNEJgIljg== X-IronPort-AV: E=McAfee;i="6200,9189,10012"; a="203727838" X-IronPort-AV: E=Sophos;i="5.83,265,1616482800"; d="scan'208";a="203727838" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jun 2021 09:41:58 -0700 IronPort-SDR: NGXCGd65aHXP1eWWzOdd+o+XLlDI9Az4nz+l4W8gWmXHs5ouLVCoQvIjX8mYTnm+TVbAz1FQoL o13WAem5nPZA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,265,1616482800"; d="scan'208";a="470684657" Received: from viggo.jf.intel.com (HELO localhost.localdomain) ([10.54.77.144]) by fmsmga004.fm.intel.com with ESMTP; 11 Jun 2021 09:41:58 -0700 Subject: [PATCH 2/4] selftests/vm/pkeys: Handle negative sys_pkey_alloc() return code To: linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org,Dave Hansen ,tglx@linutronix.de,linuxram@us.ibm.com,sandipan@linux.ibm.com,akpm@linux-foundation.org,fweimer@redhat.com,desnesn@linux.vnet.ibm.com,mingo@kernel.org,bauerman@linux.ibm.com,aneesh.kumar@linux.ibm.com,mpe@ellerman.id.au,mhocko@kernel.org,msuchanek@suse.de,shuah@kernel.org,x86@kernel.org From: Dave Hansen Date: Fri, 11 Jun 2021 09:41:57 -0700 References: <20210611164153.91B76FB8@viggo.jf.intel.com> In-Reply-To: <20210611164153.91B76FB8@viggo.jf.intel.com> Message-Id: <20210611164157.87AB4246@viggo.jf.intel.com> X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 6CD2442D Authentication-Results: imf12.hostedemail.com; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=intel.com (policy=none); spf=none (imf12.hostedemail.com: domain of dave.hansen@linux.intel.com has no SPF policy when checking 192.55.52.120) smtp.mailfrom=dave.hansen@linux.intel.com X-Stat-Signature: 5jbrtr8eqxyu45x5z1d7cwyz6fppb1xe X-HE-Tag: 1623429713-306974 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Dave Hansen The alloc_pkey() sefltest function wraps the sys_pkey_alloc() system call. On success, it updates its "shadow" register value because sys_pkey_alloc() updates the real register. But, the success check is wrong. pkey_alloc() considers any non-zero return code to indicate success where the pkey register will be modified. This fails to take negative return codes into account. Consider only a positive return value as a successful call. Fixes: 5f23f6d082a9 ("x86/pkeys: Add self-tests") Reported-by: Thomas Gleixner Signed-off-by: Dave Hansen Cc: Ram Pai Cc: Sandipan Das Cc: Andrew Morton Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Cc: x86@kernel.org --- b/tools/testing/selftests/vm/protection_keys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN tools/testing/selftests/vm/protection_keys.c~selftests_vm_pkeys_ret-code tools/testing/selftests/vm/protection_keys.c --- a/tools/testing/selftests/vm/protection_keys.c~selftests_vm_pkeys_ret-code 2021-06-11 09:41:32.448468063 -0700 +++ b/tools/testing/selftests/vm/protection_keys.c 2021-06-11 09:41:32.453468063 -0700 @@ -510,7 +510,7 @@ int alloc_pkey(void) " shadow: 0x%016llx\n", __func__, __LINE__, ret, __read_pkey_reg(), shadow_pkey_reg); - if (ret) { + if (ret > 0) { /* clear both the bits: */ shadow_pkey_reg = set_pkey_bits(shadow_pkey_reg, ret, ~PKEY_MASK); From patchwork Fri Jun 11 16:42:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Hansen X-Patchwork-Id: 12316177 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_RED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6DF6C48BE5 for ; Fri, 11 Jun 2021 16:42:06 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 8E4E0613BA for ; Fri, 11 Jun 2021 16:42:06 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8E4E0613BA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id DF1766B006E; Fri, 11 Jun 2021 12:42:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D2B4A6B0070; Fri, 11 Jun 2021 12:42:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BA2456B0072; Fri, 11 Jun 2021 12:42:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0110.hostedemail.com [216.40.44.110]) by kanga.kvack.org (Postfix) with ESMTP id 8AEC86B006E for ; Fri, 11 Jun 2021 12:42:05 -0400 (EDT) Received: from smtpin20.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 3099DBBDD for ; Fri, 11 Jun 2021 16:42:05 +0000 (UTC) X-FDA: 78242010210.20.2F9C2A5 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by imf15.hostedemail.com (Postfix) with ESMTP id 5F352A0001A9 for ; Fri, 11 Jun 2021 16:42:01 +0000 (UTC) IronPort-SDR: z0gSj2GAC3ipaOCshUNRuIyO0Py08yhbLrBqDbFnOEhw68PTpI3J2chmj79akMBYORo0dGJjbR bp21ITz8a2jA== X-IronPort-AV: E=McAfee;i="6200,9189,10012"; a="185935764" X-IronPort-AV: E=Sophos;i="5.83,265,1616482800"; d="scan'208";a="185935764" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jun 2021 09:42:01 -0700 IronPort-SDR: wRPaDX1gGG8fOu6fJr+Iegl09SZ7B5jfVlVexaS3j0Vgf2plRYPCHLwQDi6zEETFVW7BHWpFGP pIIiago9GOCg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,265,1616482800"; d="scan'208";a="620429251" Received: from viggo.jf.intel.com (HELO localhost.localdomain) ([10.54.77.144]) by orsmga005.jf.intel.com with ESMTP; 11 Jun 2021 09:42:00 -0700 Subject: [PATCH 3/4] selftests/vm/pkeys: Refill shadow register after implicit kernel write To: linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org,Dave Hansen ,tglx@linutronix.de,linuxram@us.ibm.com,sandipan@linux.ibm.com,akpm@linux-foundation.org,fweimer@redhat.com,desnesn@linux.vnet.ibm.com,mingo@kernel.org,bauerman@linux.ibm.com,aneesh.kumar@linux.ibm.com,mpe@ellerman.id.au,mhocko@kernel.org,msuchanek@suse.de,shuah@kernel.org,x86@kernel.org From: Dave Hansen Date: Fri, 11 Jun 2021 09:42:00 -0700 References: <20210611164153.91B76FB8@viggo.jf.intel.com> In-Reply-To: <20210611164153.91B76FB8@viggo.jf.intel.com> Message-Id: <20210611164200.EF76AB73@viggo.jf.intel.com> Authentication-Results: imf15.hostedemail.com; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=intel.com (policy=none); spf=none (imf15.hostedemail.com: domain of dave.hansen@linux.intel.com has no SPF policy when checking 192.55.52.151) smtp.mailfrom=dave.hansen@linux.intel.com X-Rspamd-Server: rspam02 X-Stat-Signature: fdjop64b5ptuh43bmdbyb4xjy7kppycy X-Rspamd-Queue-Id: 5F352A0001A9 X-HE-Tag: 1623429721-307184 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Dave Hansen The pkey test code keeps a "shadow" of the pkey register around. This ensures that any bugs which might write to the register can be caught more quickly. Generally, userspace has a good idea when the kernel is going to write to the register. For instance, alloc_pkey() is passed a permission mask. The caller of alloc_pkey() can update the shadow based on the return value and the mask. But, the kernel can also modify the pkey register in a more sneaky way. For mprotect(PROT_EXEC) mappings, the kernel will allocate a pkey and write the pkey register to create an execute-only mapping. The kernel never tells userspace what key it uses for this. This can cause the test to fail with messages like: protection_keys_64.2: pkey-helpers.h:132: _read_pkey_reg: Assertion `pkey_reg == shadow_pkey_reg' failed. because the shadow was not updated with the new kernel-set value. Forcibly update the shadow value immediately after an mprotect(). Fixes: 6af17cf89e99 ("x86/pkeys/selftests: Add PROT_EXEC test") Signed-off-by: Dave Hansen Signed-off-by: Thomas Gleixner Cc: Ram Pai Cc: Sandipan Das Cc: Andrew Morton Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Cc: x86@kernel.org --- b/tools/testing/selftests/vm/protection_keys.c | 7 +++++++ 1 file changed, 7 insertions(+) diff -puN tools/testing/selftests/vm/protection_keys.c~selftests_vm_pkeys_Refill_shadow_register_after_implict_kernel_write-1 tools/testing/selftests/vm/protection_keys.c --- a/tools/testing/selftests/vm/protection_keys.c~selftests_vm_pkeys_Refill_shadow_register_after_implict_kernel_write-1 2021-06-11 09:41:33.508468061 -0700 +++ b/tools/testing/selftests/vm/protection_keys.c 2021-06-11 09:41:33.517468061 -0700 @@ -1448,6 +1448,13 @@ void test_implicit_mprotect_exec_only_me ret = mprotect(p1, PAGE_SIZE, PROT_EXEC); pkey_assert(!ret); + /* + * Reset the shadow, assuming that the above mprotect() + * correctly changed PKRU, but to an unknown value since + * the actual alllocated pkey is unknown. + */ + shadow_pkey_reg = __read_pkey_reg(); + dprintf2("pkey_reg: %016llx\n", read_pkey_reg()); /* Make sure this is an *instruction* fault */ From patchwork Fri Jun 11 16:42:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Hansen X-Patchwork-Id: 12316181 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_RED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72A33C48BE0 for ; Fri, 11 Jun 2021 16:42:13 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id DA3D3613BA for ; Fri, 11 Jun 2021 16:42:12 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DA3D3613BA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 7D3E46B0072; Fri, 11 Jun 2021 12:42:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7AB6B6B0073; Fri, 11 Jun 2021 12:42:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 64B706B0074; Fri, 11 Jun 2021 12:42:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0034.hostedemail.com [216.40.44.34]) by kanga.kvack.org (Postfix) with ESMTP id 3554E6B0072 for ; Fri, 11 Jun 2021 12:42:12 -0400 (EDT) Received: from smtpin20.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id CD242BBE8 for ; Fri, 11 Jun 2021 16:42:11 +0000 (UTC) X-FDA: 78242010462.20.A786DEB Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by imf28.hostedemail.com (Postfix) with ESMTP id 75B66200107A for ; Fri, 11 Jun 2021 16:42:05 +0000 (UTC) IronPort-SDR: fu7U1HbvysPSVmJjVawyh4SvxvAHCzIXZ5tKQBGmxbNmxkl8T9MxAesKrNntWKf8Uw+XppU7V4 OwtRUc0paVSA== X-IronPort-AV: E=McAfee;i="6200,9189,10012"; a="291192804" X-IronPort-AV: E=Sophos;i="5.83,265,1616482800"; d="scan'208";a="291192804" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jun 2021 09:42:03 -0700 IronPort-SDR: jRJbQjuwfx1t2SjicXof0uL+86V0gQ2cRviybXysdyuAWE8PeWQBtmW2B+2FKAvozv7FQI98M8 NyxVf5lT3sYA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,265,1616482800"; d="scan'208";a="441608132" Received: from viggo.jf.intel.com (HELO localhost.localdomain) ([10.54.77.144]) by orsmga007.jf.intel.com with ESMTP; 11 Jun 2021 09:42:02 -0700 Subject: [PATCH 4/4] selftests/vm/pkeys: Exercise x86 XSAVE init state To: linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org,Dave Hansen ,tglx@linutronix.de,linuxram@us.ibm.com,sandipan@linux.ibm.com,akpm@linux-foundation.org,fweimer@redhat.com,desnesn@linux.vnet.ibm.com,mingo@kernel.org,bauerman@linux.ibm.com,aneesh.kumar@linux.ibm.com,mpe@ellerman.id.au,mhocko@kernel.org,msuchanek@suse.de,shuah@kernel.org,x86@kernel.org From: Dave Hansen Date: Fri, 11 Jun 2021 09:42:02 -0700 References: <20210611164153.91B76FB8@viggo.jf.intel.com> In-Reply-To: <20210611164153.91B76FB8@viggo.jf.intel.com> Message-Id: <20210611164202.1849B712@viggo.jf.intel.com> Authentication-Results: imf28.hostedemail.com; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=intel.com (policy=none); spf=none (imf28.hostedemail.com: domain of dave.hansen@linux.intel.com has no SPF policy when checking 192.55.52.43) smtp.mailfrom=dave.hansen@linux.intel.com X-Stat-Signature: d96jiqctooi847fs4jqwmj3n5xnci4i5 X-Rspamd-Queue-Id: 75B66200107A X-Rspamd-Server: rspam06 X-HE-Tag: 1623429725-664676 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Dave Hansen On x86, there is a set of instructions used to save and restore register state collectively known as the XSAVE architecture. There are about a dozen different features managed with XSAVE. The protection keys register, PKRU, is one of those features. The hardware optimizes XSAVE by tracking when the state has not changed from its initial (init) state. In this case, it can avoid the cost of writing state to memory (it would usually just be a bunch of 0's). When the pkey register is 0x0 the hardware optionally choose to track the register as being in the init state (optimize away the writes). AMD CPUs do this more aggressively compared to Intel. On x86, PKRU is rarely in its (very permissive) init state. Instead, the value defaults to something very restrictive. It is not surprising that bugs have popped up in the rare cases when PKRU reaches its init state. Add a protection key selftest which gets the protection keys register into its init state in a way that should work on Intel and AMD. Then, do a bunch of pkey register reads to watch for inadvertent changes. This adds "-mxsave" to CFLAGS for all the x86 vm selftests in order to allow use of the XSAVE instruction __builtin functions. This will make the builtins available on all of the vm selftests, but is expected to be harmless. Signed-off-by: Dave Hansen Signed-off-by: Thomas Gleixner Cc: Ram Pai Cc: Sandipan Das Cc: Andrew Morton Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Cc: x86@kernel.org --- b/tools/testing/selftests/vm/Makefile | 4 - b/tools/testing/selftests/vm/pkey-x86.h | 1 b/tools/testing/selftests/vm/protection_keys.c | 73 +++++++++++++++++++++++++ 3 files changed, 76 insertions(+), 2 deletions(-) diff -puN tools/testing/selftests/vm/Makefile~selftests_vm_pkeys_Exercise_x86_XSAVE_init_state-1 tools/testing/selftests/vm/Makefile --- a/tools/testing/selftests/vm/Makefile~selftests_vm_pkeys_Exercise_x86_XSAVE_init_state-1 2021-06-11 09:41:34.574468058 -0700 +++ b/tools/testing/selftests/vm/Makefile 2021-06-11 09:41:34.588468058 -0700 @@ -100,7 +100,7 @@ $(1) $(1)_64: $(OUTPUT)/$(1)_64 endef ifeq ($(CAN_BUILD_I386),1) -$(BINARIES_32): CFLAGS += -m32 +$(BINARIES_32): CFLAGS += -m32 -mxsave $(BINARIES_32): LDLIBS += -lrt -ldl -lm $(BINARIES_32): $(OUTPUT)/%_32: %.c $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(notdir $^) $(LDLIBS) -o $@ @@ -108,7 +108,7 @@ $(foreach t,$(TARGETS),$(eval $(call gen endif ifeq ($(CAN_BUILD_X86_64),1) -$(BINARIES_64): CFLAGS += -m64 +$(BINARIES_64): CFLAGS += -m64 -mxsave $(BINARIES_64): LDLIBS += -lrt -ldl $(BINARIES_64): $(OUTPUT)/%_64: %.c $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(notdir $^) $(LDLIBS) -o $@ diff -puN tools/testing/selftests/vm/pkey-x86.h~selftests_vm_pkeys_Exercise_x86_XSAVE_init_state-1 tools/testing/selftests/vm/pkey-x86.h --- a/tools/testing/selftests/vm/pkey-x86.h~selftests_vm_pkeys_Exercise_x86_XSAVE_init_state-1 2021-06-11 09:41:34.576468058 -0700 +++ b/tools/testing/selftests/vm/pkey-x86.h 2021-06-11 09:41:34.590468058 -0700 @@ -126,6 +126,7 @@ static inline u32 pkey_bit_position(int #define XSTATE_PKEY_BIT (9) #define XSTATE_PKEY 0x200 +#define XSTATE_BV_OFFSET 512 int pkey_reg_xstate_offset(void) { diff -puN tools/testing/selftests/vm/protection_keys.c~selftests_vm_pkeys_Exercise_x86_XSAVE_init_state-1 tools/testing/selftests/vm/protection_keys.c --- a/tools/testing/selftests/vm/protection_keys.c~selftests_vm_pkeys_Exercise_x86_XSAVE_init_state-1 2021-06-11 09:41:34.578468058 -0700 +++ b/tools/testing/selftests/vm/protection_keys.c 2021-06-11 09:41:34.593468058 -0700 @@ -1277,6 +1277,78 @@ void test_pkey_alloc_exhaust(int *ptr, u } } +void arch_force_pkey_reg_init(void) +{ +#if defined(__i386__) || defined(__x86_64__) /* arch */ + u64 *buf; + + /* + * All keys should be allocated and set to allow reads and + * writes, so the register should be all 0. If not, just + * skip the test. + */ + if (read_pkey_reg()) + return; + + /* + * Just allocate an absurd about of memory rather than + * doing the XSAVE size enumeration dance. + */ + buf = mmap(NULL, 1*MB, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0); + + /* These __builtins require compiling with -mxsave */ + + /* XSAVE to build a valid buffer: */ + __builtin_ia32_xsave(buf, XSTATE_PKEY); + /* Clear XSTATE_BV[PKRU]: */ + buf[XSTATE_BV_OFFSET/sizeof(u64)] &= ~XSTATE_PKEY; + /* XRSTOR will likely get PKRU back to the init state: */ + __builtin_ia32_xrstor(buf, XSTATE_PKEY); + + munmap(buf, 1*MB); +#endif +} + + +/* + * This is mostly useless on ppc for now. But it will not + * hurt anything and should give some better coverage as + * a long-running test that continually checks the pkey + * register. + */ +void test_pkey_init_state(int *ptr, u16 pkey) +{ + int err; + int allocated_pkeys[NR_PKEYS] = {0}; + int nr_allocated_pkeys = 0; + int i; + + for (i = 0; i < NR_PKEYS; i++) { + int new_pkey = alloc_pkey(); + + if (new_pkey < 0) + continue; + allocated_pkeys[nr_allocated_pkeys++] = new_pkey; + } + + dprintf3("%s()::%d\n", __func__, __LINE__); + + arch_force_pkey_reg_init(); + + /* + * Loop for a bit, hoping to get exercise the kernel + * context switch code. + */ + for (i = 0; i < 1000000; i++) + read_pkey_reg(); + + for (i = 0; i < nr_allocated_pkeys; i++) { + err = sys_pkey_free(allocated_pkeys[i]); + pkey_assert(!err); + read_pkey_reg(); /* for shadow checking */ + } +} + /* * pkey 0 is special. It is allocated by default, so you do not * have to call pkey_alloc() to use it first. Make sure that it @@ -1508,6 +1580,7 @@ void (*pkey_tests[])(int *ptr, u16 pkey) test_implicit_mprotect_exec_only_memory, test_mprotect_with_pkey_0, test_ptrace_of_child, + test_pkey_init_state, test_pkey_syscalls_on_non_allocated_pkey, test_pkey_syscalls_bad_args, test_pkey_alloc_exhaust,