Received: by 10.223.185.116 with SMTP id b49csp4064943wrg; Tue, 6 Mar 2018 09:14:36 -0800 (PST) X-Google-Smtp-Source: AG47ELu97WvPJ6fIzHuHAXdvR72fJLVzR3c0OkXwppb5R+2DMQFMRaHS1Ue5L974hahBAcGuUkys X-Received: by 10.99.103.195 with SMTP id b186mr15606792pgc.446.1520356475965; Tue, 06 Mar 2018 09:14:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520356475; cv=none; d=google.com; s=arc-20160816; b=fcLF5X0MIPcncGtmiR38/K7Kmvzzx/VdTe5s2QdYIplde5iktvS6t83yrKdavsMLYh 3vWM3TZNJcRuObKzYImix5d0paM/jJLHMQlMs1sEknxiEwTLYbzKOK2ZUtW6sSskeDzI sZwkqGQXOpPsW9hHhKKXMG1/VxiMqRKnyo5FW1rnZZZCPc15Q6YR67yIWejo6gM6n3va 8+5m9lqQBG7D4YIQLrZmwyR2w7MZD8Giz2zhOTD4/rLIKm3jzDtOjGq4xNP/CPfeESSn ncn4sx+ZWEurOIofovHKvCvmW2dNW1LTvSQ9bBI/JhFfTAgt89IdqkU8JCG0wzWIB5tc rGQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=82Fr6/99iGoZje5i3+4kAM/5TsIyNTcs9QAFNGuBaJc=; b=VuKcjvrhJ7LOnozRIIbnzulb5eCEewOi4o9izBRBs2qgNdZxFAxZAtkFWCwFYorGch FsN6IItSBZO9EiDfURK1tbpVhx4Sq6EBDitTvHBV/s8k9S3o7HhxGO5AYaXGMsH7oBsJ zDeNC/3GxVglyNj7oAYlO6nxdZHdxt4jx362qCCQt4BTSKeHn3sCrctJ/tWzxRzOR92B 8+6ha7bXcxuxHvnbBjiMxP7WNq5LPMgnQLJJul6sI5oEoJpn2osvd4IuPywQ45h2DYYG qpn9WK+mnRg75hWf+A6C8ZhNFu9+jlfYDz37ZC7l4QT7YavK2S0FSYovVre/9HiYPla6 7C2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=K9q0aUwa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k4-v6si11258684pls.277.2018.03.06.09.14.20; Tue, 06 Mar 2018 09:14:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=K9q0aUwa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753902AbeCFRNM (ORCPT + 99 others); Tue, 6 Mar 2018 12:13:12 -0500 Received: from mail-pg0-f65.google.com ([74.125.83.65]:36129 "EHLO mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753560AbeCFRNL (ORCPT ); Tue, 6 Mar 2018 12:13:11 -0500 Received: by mail-pg0-f65.google.com with SMTP id i14so8518055pgv.3; Tue, 06 Mar 2018 09:13:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=82Fr6/99iGoZje5i3+4kAM/5TsIyNTcs9QAFNGuBaJc=; b=K9q0aUwawDEmhiWMDNuBaZc5fJukSsIaqTL/6k/TnSw+/2JfOXv36DdAY9+2cC1a2z q6EJUwMrHXt9ZaBQLSxezEvtErZacbZ09N3N0eHwt92dDx4ifetTaOEPxjvdoW8OXJb3 D5l6TU2Br19xm8J7Mcss8JgJYFpKpyI85bvlw3y8XHbZpifgFvOyzxm/dFpSUII5ln50 ADqYMyuy3lXIxzm6FQ+VY8a6IMc+Kf3TEDxMk6dAUT4BsSJih5R/r7b41cSeiASE11h+ EbG6G/FFJirObhxhFFAzVsQ4FRjMyUaew4q0/dgOUoErPp5ExLLyQ/fZLzWbG5NjzBjM AFeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=82Fr6/99iGoZje5i3+4kAM/5TsIyNTcs9QAFNGuBaJc=; b=pq4Ea8EbRkHZgqaXiJmJ+Br5Ho4YLaanoMgLoLx4f1GZ6SexheB4LsRndvHKyU3qwP Y1qhFRo5/K8QO37hA3SL4DiVVcN3hsQ6WR8qKpNvEcpQqUXb/oBIsflNvdoMDIQzXHzI pe8fVUoe509acqb+RsNLQlbgG0wPYSA9No2bItRu25Px3TKMiPr5vYl85vIeDl7Ig0J2 0ty4+Rbot37k6TraJ3W0ZY6mEOTPaZhLnPQ37HI27b8DUSokTbqzayBsICzzaHZjG7SU ZpTiUiLC1Tsb9eXKgr7QSvypzBy8eZ8ugWWVucngYBEla7VGeSUsjgh5Wm6pQBbbYPYn gZfA== X-Gm-Message-State: APf1xPA+Hvqsr+WQxqDLkOjoxve53qLAQu5q97+utWHxcXRKdZPV//FC CRt6tlygvW63np7Gst3UkjE= X-Received: by 10.98.223.93 with SMTP id u90mr19632360pfg.13.1520356390519; Tue, 06 Mar 2018 09:13:10 -0800 (PST) Received: from JF-EN-C02V905BHTDF.tld ([12.111.169.54]) by smtp.gmail.com with ESMTPSA id w63sm27014996pgb.80.2018.03.06.09.13.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Mar 2018 09:13:09 -0800 (PST) Subject: Re: [PATCH 5/7] Pmalloc selftest To: Igor Stoppa , david@fromorbit.com, willy@infradead.org, keescook@chromium.org, mhocko@kernel.org Cc: labbott@redhat.com, linux-security-module@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com References: <20180228200620.30026-1-igor.stoppa@huawei.com> <20180228200620.30026-6-igor.stoppa@huawei.com> From: J Freyensee Message-ID: Date: Tue, 6 Mar 2018 09:13:06 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180228200620.30026-6-igor.stoppa@huawei.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Looks good, and a bit more thorough test than last iteration. Reviewed-by: Jay Freyensee On 2/28/18 12:06 PM, Igor Stoppa wrote: > Add basic self-test functionality for pmalloc. > > The testing is introduced as early as possible, right after the main > dependency, genalloc, has passed successfully, so that it can help > diagnosing failures in pmalloc users. > > Signed-off-by: Igor Stoppa > --- > include/linux/test_pmalloc.h | 24 +++++++++++ > init/main.c | 2 + > mm/Kconfig | 10 +++++ > mm/Makefile | 1 + > mm/test_pmalloc.c | 100 +++++++++++++++++++++++++++++++++++++++++++ > 5 files changed, 137 insertions(+) > create mode 100644 include/linux/test_pmalloc.h > create mode 100644 mm/test_pmalloc.c > > diff --git a/include/linux/test_pmalloc.h b/include/linux/test_pmalloc.h > new file mode 100644 > index 000000000000..c7e2e451c17c > --- /dev/null > +++ b/include/linux/test_pmalloc.h > @@ -0,0 +1,24 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +/* > + * test_pmalloc.h > + * > + * (C) Copyright 2018 Huawei Technologies Co. Ltd. > + * Author: Igor Stoppa > + */ > + > + > +#ifndef __LINUX_TEST_PMALLOC_H > +#define __LINUX_TEST_PMALLOC_H > + > + > +#ifdef CONFIG_TEST_PROTECTABLE_MEMORY > + > +void test_pmalloc(void); > + > +#else > + > +static inline void test_pmalloc(void){}; > + > +#endif > + > +#endif > diff --git a/init/main.c b/init/main.c > index 2bf1312fd2fe..ea44c940070a 100644 > --- a/init/main.c > +++ b/init/main.c > @@ -91,6 +91,7 @@ > #include > #include > #include > +#include > > #include > #include > @@ -663,6 +664,7 @@ asmlinkage __visible void __init start_kernel(void) > mem_encrypt_init(); > > test_genalloc(); > + test_pmalloc(); > #ifdef CONFIG_BLK_DEV_INITRD > if (initrd_start && !initrd_below_start_ok && > page_to_pfn(virt_to_page((void *)initrd_start)) < min_low_pfn) { > diff --git a/mm/Kconfig b/mm/Kconfig > index 016d29b9400b..47b0843b02d2 100644 > --- a/mm/Kconfig > +++ b/mm/Kconfig > @@ -767,3 +767,13 @@ config PROTECTABLE_MEMORY > depends on ARCH_HAS_SET_MEMORY > select GENERIC_ALLOCATOR > default y > + > +config TEST_PROTECTABLE_MEMORY > + bool "Run self test for pmalloc memory allocator" > + depends on MMU > + depends on ARCH_HAS_SET_MEMORY > + select PROTECTABLE_MEMORY > + default n > + help > + Tries to verify that pmalloc works correctly and that the memory > + is effectively protected. > diff --git a/mm/Makefile b/mm/Makefile > index 959fdbdac118..1de4be5fd0bc 100644 > --- a/mm/Makefile > +++ b/mm/Makefile > @@ -66,6 +66,7 @@ obj-$(CONFIG_SPARSEMEM_VMEMMAP) += sparse-vmemmap.o > obj-$(CONFIG_SLOB) += slob.o > obj-$(CONFIG_MMU_NOTIFIER) += mmu_notifier.o > obj-$(CONFIG_PROTECTABLE_MEMORY) += pmalloc.o > +obj-$(CONFIG_TEST_PROTECTABLE_MEMORY) += test_pmalloc.o > obj-$(CONFIG_KSM) += ksm.o > obj-$(CONFIG_PAGE_POISONING) += page_poison.o > obj-$(CONFIG_SLAB) += slab.o > diff --git a/mm/test_pmalloc.c b/mm/test_pmalloc.c > new file mode 100644 > index 000000000000..df7ecc91c6a4 > --- /dev/null > +++ b/mm/test_pmalloc.c > @@ -0,0 +1,100 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * test_pmalloc.c > + * > + * (C) Copyright 2018 Huawei Technologies Co. Ltd. > + * Author: Igor Stoppa > + */ > + > +#include > +#include > +#include > +#include > + > +#define SIZE_1 (PAGE_SIZE * 3) > +#define SIZE_2 1000 > + > +static inline bool validate_alloc(bool expected, void *addr, > + unsigned long size) > +{ > + bool test; > + > + test = is_pmalloc_object(addr, size) > 0; > + pr_notice("must be %s: %s", > + expected ? "ok" : "no", test ? "ok" : "no"); > + return test == expected; > +} > + > +#define is_alloc_ok(variable, size) \ > + validate_alloc(true, variable, size) > + > +#define is_alloc_no(variable, size) \ > + validate_alloc(false, variable, size) > + > +void test_pmalloc(void) > +{ > + struct gen_pool *pool_unprot; > + struct gen_pool *pool_prot; > + void *var_prot, *var_unprot, *var_vmall; > + > + pr_notice("pmalloc-selftest"); > + pool_unprot = pmalloc_create_pool("unprotected", 0); > + if (unlikely(!pool_unprot)) > + goto error; > + pool_prot = pmalloc_create_pool("protected", 0); > + if (unlikely(!(pool_prot))) > + goto error_release; > + > + pr_notice("Testing allocation capability"); > + var_unprot = pmalloc(pool_unprot, SIZE_1 - 1, GFP_KERNEL); > + var_prot = pmalloc(pool_prot, SIZE_1, GFP_KERNEL); > + *(int *)var_prot = 0; > + var_vmall = vmalloc(SIZE_2); > + > + > + pr_notice("Test correctness of is_pmalloc_object()"); > + WARN_ON(unlikely(!is_alloc_ok(var_unprot, 10))); > + WARN_ON(unlikely(!is_alloc_ok(var_unprot, SIZE_1))); > + WARN_ON(unlikely(!is_alloc_ok(var_unprot, PAGE_SIZE))); > + WARN_ON(unlikely(!is_alloc_no(var_unprot, SIZE_1 + 1))); > + WARN_ON(unlikely(!is_alloc_no(var_vmall, 10))); > + > + > + pfree(pool_unprot, var_unprot); > + vfree(var_vmall); > + > + pmalloc_protect_pool(pool_prot); > + > + /* > + * This will intentionally trigger a WARN, because the pool being > + * allocated from is already protected. > + */ > + pr_notice("Test allocation from a protected pool." > + "Expect WARN in pmalloc"); > + if (unlikely(pmalloc(pool_prot, 10, GFP_KERNEL))) > + WARN(true, "no memory from a protected pool"); > + > + /* > + * This will intentionally trigger a WARN because the pool being > + * destroyed is not protected, which is unusual and should happen > + * on error paths only, where probably other warnings are already > + * displayed. > + */ > + pr_notice("pmalloc-selftest:" > + " Expect WARN in pmalloc_pool_set_protection below."); > + pmalloc_destroy_pool(pool_unprot); > + pr_notice("pmalloc-selftest:" > + "Critical point for expected WARN passed."); > + > + /* This must not cause WARNings */ > + pr_notice("pmalloc-selftest:" > + "Expect no WARN below."); > + pmalloc_destroy_pool(pool_prot); > + pr_notice("pmalloc-selftest:" > + "Critical point for unexpected WARN passed."); > + return; > +error_release: > + pmalloc_destroy_pool(pool_unprot); > +error: > + WARN(true, "Unable to allocate memory for pmalloc selftest."); > +}