Received: by 10.213.65.68 with SMTP id h4csp1594282imn;
        Mon, 26 Mar 2018 10:31:08 -0700 (PDT)
X-Google-Smtp-Source: AG47ELtEmSpssrwIHgjlgH49SBuM1LYYB8qNuwDjkmDkva4yeGfivvvFTVaH42JaH8O/YpkP7Z0D
X-Received: by 10.99.174.6 with SMTP id q6mr13369562pgf.179.1522085468627;
        Mon, 26 Mar 2018 10:31:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522085468; cv=none;
        d=google.com; s=arc-20160816;
        b=wLBPxrVFKLyIoJpZdZ/FN6t86i6lwIJAkTaJHVNW5IPfkZIRsuSO6/tCZhJlwd6lTg
         Ej9MwuioL2z1Jqf05fC7Tbfle9+2dIlHDnqiW06SXoXfa5dqIQTJESatEOgmqxNqHiDR
         2R/Rzv+hKD4y6sNr9ucgtlyLYGPXaGJtwFlOJ5iR1diEhRzU6ADLSgoUCDQW+gRQ3tkZ
         DFqvkSrJpTxys18f4kCfTIUUDCKLEMUd4GFY4R5YCirdwh3a7ixJXPM4UURohHthpb6k
         s3QRNZqT7qTwH7PJGxMOizk8gTEUaeCzKuSbq1nKX3fYAhZko2hH9agdWnht1jbGwLsg
         H8Rg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:in-reply-to:references:date
         :from:cc:to:subject:arc-authentication-results;
        bh=fCYrze7xk552Cdt+c1rLh4Ko1CG1tmiN2S5ykQ0GfJE=;
        b=io7QMY75CfB2RPou97o1mJWfFa9c7iw7u1HZCbN5QkYzXmJMTwoLxJxs2GkHvNQUSW
         0WYyEfDUDs84ZYG4rMvW47K+2+t587HFEwBBDFDOZS2Xo74SYwXgZH4M9tS+QcRMOZE1
         ZlK+GM2SndfV5l1XISBD1c19gSVHfgcn2fMyyQWvovS6A9YkZdu5mlTtF6k+ZgVhbTGn
         AaZsxo6ZTndxUDp/a66R16itOhwxmzgKThI996ZZZlAdqCUmH+pI5ORmacXJJ0Qzztf0
         e72kJlJ0ccD7QSDSJvL3q/a6f+zQwfOV1Ob4jgXSDAC0feJ2S/Y7SFnRn4GSZ81mM3iO
         5nkw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g8si10262712pgv.740.2018.03.26.10.30.52;
        Mon, 26 Mar 2018 10:31:08 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752797AbeCZR3v (ORCPT <rfc822;jekfish0@gmail.com> + 99 others);
        Mon, 26 Mar 2018 13:29:51 -0400
Received: from mga06.intel.com ([134.134.136.31]:38226 "EHLO mga06.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752781AbeCZR3u (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 26 Mar 2018 13:29:50 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Mar 2018 10:29:49 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.48,365,1517904000"; 
   d="scan'208";a="27137096"
Received: from viggo.jf.intel.com (HELO localhost.localdomain) ([10.54.39.119])
  by fmsmga007.fm.intel.com with ESMTP; 26 Mar 2018 10:29:48 -0700
Subject: [PATCH 9/9] x86, pkeys, selftests: add PROT_EXEC test
To:     linux-kernel@vger.kernel.org
Cc:     linux-mm@kvack.org, Dave Hansen <dave.hansen@linux.intel.com>,
        linuxram@us.ibm.com, tglx@linutronix.de, dave.hansen@intel.com,
        mpe@ellerman.id.au, mingo@kernel.org, akpm@linux-foundation.org,
        shuah@kernel.org
From:   Dave Hansen <dave.hansen@linux.intel.com>
Date:   Mon, 26 Mar 2018 10:27:35 -0700
References: <20180326172721.D5B2CBB4@viggo.jf.intel.com>
In-Reply-To: <20180326172721.D5B2CBB4@viggo.jf.intel.com>
Message-Id: <20180326172735.EFE9EF33@viggo.jf.intel.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


From: Dave Hansen <dave.hansen@linux.intel.com>

Under the covers, implement executable-only memory with
protection keys when userspace calls mprotect(PROT_EXEC).

But, we did not have a selftest for that.  Now we do.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Ram Pai <linuxram@us.ibm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Michael Ellermen <mpe@ellerman.id.au>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Shuah Khan <shuah@kernel.org>
---

 b/tools/testing/selftests/x86/protection_keys.c |   51 ++++++++++++++++++++++--
 1 file changed, 47 insertions(+), 4 deletions(-)

diff -puN tools/testing/selftests/x86/protection_keys.c~pkeys-selftests-prot_exec tools/testing/selftests/x86/protection_keys.c
--- a/tools/testing/selftests/x86/protection_keys.c~pkeys-selftests-prot_exec	2018-03-26 10:22:38.087170186 -0700
+++ b/tools/testing/selftests/x86/protection_keys.c	2018-03-26 10:22:38.091170186 -0700
@@ -930,10 +930,10 @@ void expected_pk_fault(int pkey)
 	dprintf2("%s(%d): last_si_pkey: %d\n", __func__, pkey, last_si_pkey);
 	pkey_assert(last_pkru_faults + 1 == pkru_faults);
 
-       /*
-	* For exec-only memory, we do not know the pkey in
-	* advance, so skip this check.
-	*/
+	/*
+	 * For exec-only memory, we do not know the pkey in
+	 * advance, so skip this check.
+	 */
 	if (pkey != UNKNOWN_PKEY)
 		pkey_assert(last_si_pkey == pkey);
 
@@ -1335,6 +1335,49 @@ void test_executing_on_unreadable_memory
 	expected_pk_fault(pkey);
 }
 
+void test_implicit_mprotect_exec_only_memory(int *ptr, u16 pkey)
+{
+	void *p1;
+	int scratch;
+	int ptr_contents;
+	int ret;
+
+	dprintf1("%s() start\n", __func__);
+
+	p1 = get_pointer_to_instructions();
+	lots_o_noops_around_write(&scratch);
+	ptr_contents = read_ptr(p1);
+	dprintf2("ptr (%p) contents@%d: %x\n", p1, __LINE__, ptr_contents);
+
+	/* Use a *normal* mprotect(), not mprotect_pkey(): */
+	ret = mprotect(p1, PAGE_SIZE, PROT_EXEC);
+	pkey_assert(!ret);
+
+	dprintf2("pkru: %x\n", rdpkru());
+
+	/* Make sure this is an *instruction* fault */
+	madvise(p1, PAGE_SIZE, MADV_DONTNEED);
+	lots_o_noops_around_write(&scratch);
+	do_not_expect_pk_fault();
+	ptr_contents = read_ptr(p1);
+	dprintf2("ptr (%p) contents@%d: %x\n", p1, __LINE__, ptr_contents);
+	expected_pk_fault(UNKNOWN_PKEY);
+
+	/*
+	 * Put the memory back to non-PROT_EXEC.  Should clear the
+	 * exec-only pkey off the VMA and allow it to be readable
+	 * again.  Go to PROT_NONE first to check for a kernel bug
+	 * that did not clear the pkey when doing PROT_NONE.
+	 */
+	ret = mprotect(p1, PAGE_SIZE, PROT_NONE);
+	pkey_assert(!ret);
+
+	ret = mprotect(p1, PAGE_SIZE, PROT_READ|PROT_EXEC);
+	pkey_assert(!ret);
+	ptr_contents = read_ptr(p1);
+	do_not_expect_pk_fault();
+}
+
 void test_mprotect_pkey_on_unsupported_cpu(int *ptr, u16 pkey)
 {
 	int size = PAGE_SIZE;
_