Received: by 10.213.65.68 with SMTP id h4csp596797imn; Fri, 23 Mar 2018 11:12:45 -0700 (PDT) X-Google-Smtp-Source: AG47ELtYWbKt+4uBvLpIYfBSYMAA/2XjrVbhm61hDudbZDO9WMEvOzST2TG6hSt8gUOLbgpBIpQa X-Received: by 10.98.147.27 with SMTP id b27mr24985621pfe.145.1521828765747; Fri, 23 Mar 2018 11:12:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521828765; cv=none; d=google.com; s=arc-20160816; b=gGHZLE5Uc0+7Co13hgZt+jFDNm+sbZs9Nt3f65bwP+dL30T0oJrENxtqcxWaED5emR vAjwIfXFbxCaKXTRgohZOpRIiJT42kNfoRZwcc2G7HfNOSM/XbSeeykC+BX25cSsQHy2 yiVsXcp9kXgGgWZeGQb4Op0A1fsFGb1xUV6rE8pKANDuM+cfNBKdk0JcKj0soBqV8oMt cAXWONp4eGcxxhfaoXxwBk92HUJojHJClhLu0IfntH28//rV7/byJSC144cv46Lv37pJ IJgF9pG9SttP/9Fq9hFvhFkb2pIh6o/PgeNlyuLzSiZnaPgz2xRZNqo8EXnddPMEe83z 2zcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:in-reply-to:references:date :from:cc:to:subject:arc-authentication-results; bh=bAka2Vp6qpVlf5Tl2VVEX8Ig7Q2PKeBEQr/nsYEIe6o=; b=kWGNGbckN7ofmem4UEmU2Ly45YshUWzTMe697LkrQYGPtOepJppA1TasggQVshWH63 Z3xE2Br5UCrKE9osuEudevt5bKaVW9qv29GAWQei9OMnPEHlA6B3WjEDl5QQjhUqTmpR uXfJPJ7r3TxkYGeAKuk9Se8+5DZAU2joouSeMnvrhNsRtGODre8TP4TSzMbYtj82eCH/ ZxeeRGvTxF4IH4TXDhqe/V/eEtWk4EXpLsE5tpMD9l2DW5Mx12ZV22AlZwDRP20snCQW U5mIriV+6Ijoi+gX352Hz39cIWaHBEl+r70l/8XGRaEX4B0/EJugJfJWw9g2RobfYP2e rOlw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1-v6si2042457plx.463.2018.03.23.11.12.31; Fri, 23 Mar 2018 11:12:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752488AbeCWSLa (ORCPT + 99 others); Fri, 23 Mar 2018 14:11:30 -0400 Received: from mga11.intel.com ([192.55.52.93]:19442 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752449AbeCWSLV (ORCPT ); Fri, 23 Mar 2018 14:11:21 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Mar 2018 11:11:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,351,1517904000"; d="scan'208";a="185440504" Received: from viggo.jf.intel.com (HELO localhost.localdomain) ([10.54.39.119]) by orsmga004.jf.intel.com with ESMTP; 23 Mar 2018 11:11:19 -0700 Subject: [PATCH 9/9] x86, pkeys, selftests: add PROT_EXEC test To: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org, Dave Hansen , linuxram@us.ibm.com, tglx@linutronix.de, dave.hansen@intel.com, mpe@ellerman.id.au, mingo@kernel.org, akpm@linux-foundation.org, shuah@kernel.org From: Dave Hansen Date: Fri, 23 Mar 2018 11:09:18 -0700 References: <20180323180903.33B17168@viggo.jf.intel.com> In-Reply-To: <20180323180903.33B17168@viggo.jf.intel.com> Message-Id: <20180323180918.A4C22A10@viggo.jf.intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Hansen Under the covers, implement executable-only memory with protection keys when userspace calls mprotect(PROT_EXEC). But, we did not have a selftest for that. Now we do. Signed-off-by: Dave Hansen Cc: Ram Pai Cc: Thomas Gleixner Cc: Dave Hansen Cc: Michael Ellermen Cc: Ingo Molnar Cc: Andrew Morton Cc: Shuah Khan --- b/tools/testing/selftests/x86/protection_keys.c | 51 ++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 4 deletions(-) diff -puN tools/testing/selftests/x86/protection_keys.c~pkeys-selftests-prot_exec tools/testing/selftests/x86/protection_keys.c --- a/tools/testing/selftests/x86/protection_keys.c~pkeys-selftests-prot_exec 2018-03-23 10:46:03.976813119 -0700 +++ b/tools/testing/selftests/x86/protection_keys.c 2018-03-23 10:46:03.980813119 -0700 @@ -930,10 +930,10 @@ void expected_pk_fault(int pkey) dprintf2("%s(%d): last_si_pkey: %d\n", __func__, pkey, last_si_pkey); pkey_assert(last_pkru_faults + 1 == pkru_faults); - /* - * For exec-only memory, we do not know the pkey in - * advance, so skip this check. - */ + /* + * For exec-only memory, we do not know the pkey in + * advance, so skip this check. + */ if (pkey != UNKNOWN_PKEY) pkey_assert(last_si_pkey == pkey); @@ -1335,6 +1335,49 @@ void test_executing_on_unreadable_memory expected_pk_fault(pkey); } +void test_implicit_mprotect_exec_only_memory(int *ptr, u16 pkey) +{ + void *p1; + int scratch; + int ptr_contents; + int ret; + + dprintf1("%s() start\n", __func__); + + p1 = get_pointer_to_instructions(); + lots_o_noops_around_write(&scratch); + ptr_contents = read_ptr(p1); + dprintf2("ptr (%p) contents@%d: %x\n", p1, __LINE__, ptr_contents); + + /* Use a *normal* mprotect(), not mprotect_pkey(): */ + ret = mprotect(p1, PAGE_SIZE, PROT_EXEC); + pkey_assert(!ret); + + dprintf2("pkru: %x\n", rdpkru()); + + /* Make sure this is an *instruction* fault */ + madvise(p1, PAGE_SIZE, MADV_DONTNEED); + lots_o_noops_around_write(&scratch); + do_not_expect_pk_fault(); + ptr_contents = read_ptr(p1); + dprintf2("ptr (%p) contents@%d: %x\n", p1, __LINE__, ptr_contents); + expected_pk_fault(UNKNOWN_PKEY); + + /* + * Put the memory back to non-PROT_EXEC. Should clear the + * exec-only pkey off the VMA and allow it to be readable + * again. Go to PROT_NONE first to check for a kernel bug + * that did not clear the pkey when doing PROT_NONE. + */ + ret = mprotect(p1, PAGE_SIZE, PROT_NONE); + pkey_assert(!ret); + + ret = mprotect(p1, PAGE_SIZE, PROT_READ|PROT_EXEC); + pkey_assert(!ret); + ptr_contents = read_ptr(p1); + do_not_expect_pk_fault(); +} + void test_mprotect_pkey_on_unsupported_cpu(int *ptr, u16 pkey) { int size = PAGE_SIZE; _