162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0+ 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Ptrace test for Memory Protection Key registers 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (C) 2015 Anshuman Khandual, IBM Corporation. 662306a36Sopenharmony_ci * Copyright (C) 2018 IBM Corporation. 762306a36Sopenharmony_ci */ 862306a36Sopenharmony_ci#include "ptrace.h" 962306a36Sopenharmony_ci#include "child.h" 1062306a36Sopenharmony_ci 1162306a36Sopenharmony_ci#ifndef __NR_pkey_alloc 1262306a36Sopenharmony_ci#define __NR_pkey_alloc 384 1362306a36Sopenharmony_ci#endif 1462306a36Sopenharmony_ci 1562306a36Sopenharmony_ci#ifndef __NR_pkey_free 1662306a36Sopenharmony_ci#define __NR_pkey_free 385 1762306a36Sopenharmony_ci#endif 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_ci#ifndef NT_PPC_PKEY 2062306a36Sopenharmony_ci#define NT_PPC_PKEY 0x110 2162306a36Sopenharmony_ci#endif 2262306a36Sopenharmony_ci 2362306a36Sopenharmony_ci#ifndef PKEY_DISABLE_EXECUTE 2462306a36Sopenharmony_ci#define PKEY_DISABLE_EXECUTE 0x4 2562306a36Sopenharmony_ci#endif 2662306a36Sopenharmony_ci 2762306a36Sopenharmony_ci#define AMR_BITS_PER_PKEY 2 2862306a36Sopenharmony_ci#define PKEY_REG_BITS (sizeof(u64) * 8) 2962306a36Sopenharmony_ci#define pkeyshift(pkey) (PKEY_REG_BITS - ((pkey + 1) * AMR_BITS_PER_PKEY)) 3062306a36Sopenharmony_ci 3162306a36Sopenharmony_cistatic const char user_read[] = "[User Read (Running)]"; 3262306a36Sopenharmony_cistatic const char user_write[] = "[User Write (Running)]"; 3362306a36Sopenharmony_cistatic const char ptrace_read_running[] = "[Ptrace Read (Running)]"; 3462306a36Sopenharmony_cistatic const char ptrace_write_running[] = "[Ptrace Write (Running)]"; 3562306a36Sopenharmony_ci 3662306a36Sopenharmony_ci/* Information shared between the parent and the child. */ 3762306a36Sopenharmony_cistruct shared_info { 3862306a36Sopenharmony_ci struct child_sync child_sync; 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ci /* AMR value the parent expects to read from the child. */ 4162306a36Sopenharmony_ci unsigned long amr1; 4262306a36Sopenharmony_ci 4362306a36Sopenharmony_ci /* AMR value the parent is expected to write to the child. */ 4462306a36Sopenharmony_ci unsigned long amr2; 4562306a36Sopenharmony_ci 4662306a36Sopenharmony_ci /* AMR value that ptrace should refuse to write to the child. */ 4762306a36Sopenharmony_ci unsigned long invalid_amr; 4862306a36Sopenharmony_ci 4962306a36Sopenharmony_ci /* IAMR value the parent expects to read from the child. */ 5062306a36Sopenharmony_ci unsigned long expected_iamr; 5162306a36Sopenharmony_ci 5262306a36Sopenharmony_ci /* UAMOR value the parent expects to read from the child. */ 5362306a36Sopenharmony_ci unsigned long expected_uamor; 5462306a36Sopenharmony_ci 5562306a36Sopenharmony_ci /* 5662306a36Sopenharmony_ci * IAMR and UAMOR values that ptrace should refuse to write to the child 5762306a36Sopenharmony_ci * (even though they're valid ones) because userspace doesn't have 5862306a36Sopenharmony_ci * access to those registers. 5962306a36Sopenharmony_ci */ 6062306a36Sopenharmony_ci unsigned long invalid_iamr; 6162306a36Sopenharmony_ci unsigned long invalid_uamor; 6262306a36Sopenharmony_ci}; 6362306a36Sopenharmony_ci 6462306a36Sopenharmony_cistatic int sys_pkey_alloc(unsigned long flags, unsigned long init_access_rights) 6562306a36Sopenharmony_ci{ 6662306a36Sopenharmony_ci return syscall(__NR_pkey_alloc, flags, init_access_rights); 6762306a36Sopenharmony_ci} 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_cistatic int child(struct shared_info *info) 7062306a36Sopenharmony_ci{ 7162306a36Sopenharmony_ci unsigned long reg; 7262306a36Sopenharmony_ci bool disable_execute = true; 7362306a36Sopenharmony_ci int pkey1, pkey2, pkey3; 7462306a36Sopenharmony_ci int ret; 7562306a36Sopenharmony_ci 7662306a36Sopenharmony_ci /* Wait until parent fills out the initial register values. */ 7762306a36Sopenharmony_ci ret = wait_parent(&info->child_sync); 7862306a36Sopenharmony_ci if (ret) 7962306a36Sopenharmony_ci return ret; 8062306a36Sopenharmony_ci 8162306a36Sopenharmony_ci /* Get some pkeys so that we can change their bits in the AMR. */ 8262306a36Sopenharmony_ci pkey1 = sys_pkey_alloc(0, PKEY_DISABLE_EXECUTE); 8362306a36Sopenharmony_ci if (pkey1 < 0) { 8462306a36Sopenharmony_ci pkey1 = sys_pkey_alloc(0, 0); 8562306a36Sopenharmony_ci CHILD_FAIL_IF(pkey1 < 0, &info->child_sync); 8662306a36Sopenharmony_ci 8762306a36Sopenharmony_ci disable_execute = false; 8862306a36Sopenharmony_ci } 8962306a36Sopenharmony_ci 9062306a36Sopenharmony_ci pkey2 = sys_pkey_alloc(0, 0); 9162306a36Sopenharmony_ci CHILD_FAIL_IF(pkey2 < 0, &info->child_sync); 9262306a36Sopenharmony_ci 9362306a36Sopenharmony_ci pkey3 = sys_pkey_alloc(0, 0); 9462306a36Sopenharmony_ci CHILD_FAIL_IF(pkey3 < 0, &info->child_sync); 9562306a36Sopenharmony_ci 9662306a36Sopenharmony_ci info->amr1 |= 3ul << pkeyshift(pkey1); 9762306a36Sopenharmony_ci info->amr2 |= 3ul << pkeyshift(pkey2); 9862306a36Sopenharmony_ci /* 9962306a36Sopenharmony_ci * invalid amr value where we try to force write 10062306a36Sopenharmony_ci * things which are deined by a uamor setting. 10162306a36Sopenharmony_ci */ 10262306a36Sopenharmony_ci info->invalid_amr = info->amr2 | (~0x0UL & ~info->expected_uamor); 10362306a36Sopenharmony_ci 10462306a36Sopenharmony_ci /* 10562306a36Sopenharmony_ci * if PKEY_DISABLE_EXECUTE succeeded we should update the expected_iamr 10662306a36Sopenharmony_ci */ 10762306a36Sopenharmony_ci if (disable_execute) 10862306a36Sopenharmony_ci info->expected_iamr |= 1ul << pkeyshift(pkey1); 10962306a36Sopenharmony_ci else 11062306a36Sopenharmony_ci info->expected_iamr &= ~(1ul << pkeyshift(pkey1)); 11162306a36Sopenharmony_ci 11262306a36Sopenharmony_ci /* 11362306a36Sopenharmony_ci * We allocated pkey2 and pkey 3 above. Clear the IAMR bits. 11462306a36Sopenharmony_ci */ 11562306a36Sopenharmony_ci info->expected_iamr &= ~(1ul << pkeyshift(pkey2)); 11662306a36Sopenharmony_ci info->expected_iamr &= ~(1ul << pkeyshift(pkey3)); 11762306a36Sopenharmony_ci 11862306a36Sopenharmony_ci /* 11962306a36Sopenharmony_ci * Create an IAMR value different from expected value. 12062306a36Sopenharmony_ci * Kernel will reject an IAMR and UAMOR change. 12162306a36Sopenharmony_ci */ 12262306a36Sopenharmony_ci info->invalid_iamr = info->expected_iamr | (1ul << pkeyshift(pkey1) | 1ul << pkeyshift(pkey2)); 12362306a36Sopenharmony_ci info->invalid_uamor = info->expected_uamor & ~(0x3ul << pkeyshift(pkey1)); 12462306a36Sopenharmony_ci 12562306a36Sopenharmony_ci printf("%-30s AMR: %016lx pkey1: %d pkey2: %d pkey3: %d\n", 12662306a36Sopenharmony_ci user_write, info->amr1, pkey1, pkey2, pkey3); 12762306a36Sopenharmony_ci 12862306a36Sopenharmony_ci set_amr(info->amr1); 12962306a36Sopenharmony_ci 13062306a36Sopenharmony_ci /* Wait for parent to read our AMR value and write a new one. */ 13162306a36Sopenharmony_ci ret = prod_parent(&info->child_sync); 13262306a36Sopenharmony_ci CHILD_FAIL_IF(ret, &info->child_sync); 13362306a36Sopenharmony_ci 13462306a36Sopenharmony_ci ret = wait_parent(&info->child_sync); 13562306a36Sopenharmony_ci if (ret) 13662306a36Sopenharmony_ci return ret; 13762306a36Sopenharmony_ci 13862306a36Sopenharmony_ci reg = mfspr(SPRN_AMR); 13962306a36Sopenharmony_ci 14062306a36Sopenharmony_ci printf("%-30s AMR: %016lx\n", user_read, reg); 14162306a36Sopenharmony_ci 14262306a36Sopenharmony_ci CHILD_FAIL_IF(reg != info->amr2, &info->child_sync); 14362306a36Sopenharmony_ci 14462306a36Sopenharmony_ci /* 14562306a36Sopenharmony_ci * Wait for parent to try to write an invalid AMR value. 14662306a36Sopenharmony_ci */ 14762306a36Sopenharmony_ci ret = prod_parent(&info->child_sync); 14862306a36Sopenharmony_ci CHILD_FAIL_IF(ret, &info->child_sync); 14962306a36Sopenharmony_ci 15062306a36Sopenharmony_ci ret = wait_parent(&info->child_sync); 15162306a36Sopenharmony_ci if (ret) 15262306a36Sopenharmony_ci return ret; 15362306a36Sopenharmony_ci 15462306a36Sopenharmony_ci reg = mfspr(SPRN_AMR); 15562306a36Sopenharmony_ci 15662306a36Sopenharmony_ci printf("%-30s AMR: %016lx\n", user_read, reg); 15762306a36Sopenharmony_ci 15862306a36Sopenharmony_ci CHILD_FAIL_IF(reg != info->amr2, &info->child_sync); 15962306a36Sopenharmony_ci 16062306a36Sopenharmony_ci /* 16162306a36Sopenharmony_ci * Wait for parent to try to write an IAMR and a UAMOR value. We can't 16262306a36Sopenharmony_ci * verify them, but we can verify that the AMR didn't change. 16362306a36Sopenharmony_ci */ 16462306a36Sopenharmony_ci ret = prod_parent(&info->child_sync); 16562306a36Sopenharmony_ci CHILD_FAIL_IF(ret, &info->child_sync); 16662306a36Sopenharmony_ci 16762306a36Sopenharmony_ci ret = wait_parent(&info->child_sync); 16862306a36Sopenharmony_ci if (ret) 16962306a36Sopenharmony_ci return ret; 17062306a36Sopenharmony_ci 17162306a36Sopenharmony_ci reg = mfspr(SPRN_AMR); 17262306a36Sopenharmony_ci 17362306a36Sopenharmony_ci printf("%-30s AMR: %016lx\n", user_read, reg); 17462306a36Sopenharmony_ci 17562306a36Sopenharmony_ci CHILD_FAIL_IF(reg != info->amr2, &info->child_sync); 17662306a36Sopenharmony_ci 17762306a36Sopenharmony_ci /* Now let parent now that we are finished. */ 17862306a36Sopenharmony_ci 17962306a36Sopenharmony_ci ret = prod_parent(&info->child_sync); 18062306a36Sopenharmony_ci CHILD_FAIL_IF(ret, &info->child_sync); 18162306a36Sopenharmony_ci 18262306a36Sopenharmony_ci return TEST_PASS; 18362306a36Sopenharmony_ci} 18462306a36Sopenharmony_ci 18562306a36Sopenharmony_cistatic int parent(struct shared_info *info, pid_t pid) 18662306a36Sopenharmony_ci{ 18762306a36Sopenharmony_ci unsigned long regs[3]; 18862306a36Sopenharmony_ci int ret, status; 18962306a36Sopenharmony_ci 19062306a36Sopenharmony_ci /* 19162306a36Sopenharmony_ci * Get the initial values for AMR, IAMR and UAMOR and communicate them 19262306a36Sopenharmony_ci * to the child. 19362306a36Sopenharmony_ci */ 19462306a36Sopenharmony_ci ret = ptrace_read_regs(pid, NT_PPC_PKEY, regs, 3); 19562306a36Sopenharmony_ci PARENT_SKIP_IF_UNSUPPORTED(ret, &info->child_sync, "PKEYs not supported"); 19662306a36Sopenharmony_ci PARENT_FAIL_IF(ret, &info->child_sync); 19762306a36Sopenharmony_ci 19862306a36Sopenharmony_ci info->amr1 = info->amr2 = regs[0]; 19962306a36Sopenharmony_ci info->expected_iamr = regs[1]; 20062306a36Sopenharmony_ci info->expected_uamor = regs[2]; 20162306a36Sopenharmony_ci 20262306a36Sopenharmony_ci /* Wake up child so that it can set itself up. */ 20362306a36Sopenharmony_ci ret = prod_child(&info->child_sync); 20462306a36Sopenharmony_ci PARENT_FAIL_IF(ret, &info->child_sync); 20562306a36Sopenharmony_ci 20662306a36Sopenharmony_ci ret = wait_child(&info->child_sync); 20762306a36Sopenharmony_ci if (ret) 20862306a36Sopenharmony_ci return ret; 20962306a36Sopenharmony_ci 21062306a36Sopenharmony_ci /* Verify that we can read the pkey registers from the child. */ 21162306a36Sopenharmony_ci ret = ptrace_read_regs(pid, NT_PPC_PKEY, regs, 3); 21262306a36Sopenharmony_ci PARENT_FAIL_IF(ret, &info->child_sync); 21362306a36Sopenharmony_ci 21462306a36Sopenharmony_ci printf("%-30s AMR: %016lx IAMR: %016lx UAMOR: %016lx\n", 21562306a36Sopenharmony_ci ptrace_read_running, regs[0], regs[1], regs[2]); 21662306a36Sopenharmony_ci 21762306a36Sopenharmony_ci PARENT_FAIL_IF(regs[0] != info->amr1, &info->child_sync); 21862306a36Sopenharmony_ci PARENT_FAIL_IF(regs[1] != info->expected_iamr, &info->child_sync); 21962306a36Sopenharmony_ci PARENT_FAIL_IF(regs[2] != info->expected_uamor, &info->child_sync); 22062306a36Sopenharmony_ci 22162306a36Sopenharmony_ci /* Write valid AMR value in child. */ 22262306a36Sopenharmony_ci ret = ptrace_write_regs(pid, NT_PPC_PKEY, &info->amr2, 1); 22362306a36Sopenharmony_ci PARENT_FAIL_IF(ret, &info->child_sync); 22462306a36Sopenharmony_ci 22562306a36Sopenharmony_ci printf("%-30s AMR: %016lx\n", ptrace_write_running, info->amr2); 22662306a36Sopenharmony_ci 22762306a36Sopenharmony_ci /* Wake up child so that it can verify it changed. */ 22862306a36Sopenharmony_ci ret = prod_child(&info->child_sync); 22962306a36Sopenharmony_ci PARENT_FAIL_IF(ret, &info->child_sync); 23062306a36Sopenharmony_ci 23162306a36Sopenharmony_ci ret = wait_child(&info->child_sync); 23262306a36Sopenharmony_ci if (ret) 23362306a36Sopenharmony_ci return ret; 23462306a36Sopenharmony_ci 23562306a36Sopenharmony_ci /* Write invalid AMR value in child. */ 23662306a36Sopenharmony_ci ret = ptrace_write_regs(pid, NT_PPC_PKEY, &info->invalid_amr, 1); 23762306a36Sopenharmony_ci PARENT_FAIL_IF(ret, &info->child_sync); 23862306a36Sopenharmony_ci 23962306a36Sopenharmony_ci printf("%-30s AMR: %016lx\n", ptrace_write_running, info->invalid_amr); 24062306a36Sopenharmony_ci 24162306a36Sopenharmony_ci /* Wake up child so that it can verify it didn't change. */ 24262306a36Sopenharmony_ci ret = prod_child(&info->child_sync); 24362306a36Sopenharmony_ci PARENT_FAIL_IF(ret, &info->child_sync); 24462306a36Sopenharmony_ci 24562306a36Sopenharmony_ci ret = wait_child(&info->child_sync); 24662306a36Sopenharmony_ci if (ret) 24762306a36Sopenharmony_ci return ret; 24862306a36Sopenharmony_ci 24962306a36Sopenharmony_ci /* Try to write to IAMR. */ 25062306a36Sopenharmony_ci regs[0] = info->amr1; 25162306a36Sopenharmony_ci regs[1] = info->invalid_iamr; 25262306a36Sopenharmony_ci ret = ptrace_write_regs(pid, NT_PPC_PKEY, regs, 2); 25362306a36Sopenharmony_ci PARENT_FAIL_IF(!ret, &info->child_sync); 25462306a36Sopenharmony_ci 25562306a36Sopenharmony_ci printf("%-30s AMR: %016lx IAMR: %016lx\n", 25662306a36Sopenharmony_ci ptrace_write_running, regs[0], regs[1]); 25762306a36Sopenharmony_ci 25862306a36Sopenharmony_ci /* Try to write to IAMR and UAMOR. */ 25962306a36Sopenharmony_ci regs[2] = info->invalid_uamor; 26062306a36Sopenharmony_ci ret = ptrace_write_regs(pid, NT_PPC_PKEY, regs, 3); 26162306a36Sopenharmony_ci PARENT_FAIL_IF(!ret, &info->child_sync); 26262306a36Sopenharmony_ci 26362306a36Sopenharmony_ci printf("%-30s AMR: %016lx IAMR: %016lx UAMOR: %016lx\n", 26462306a36Sopenharmony_ci ptrace_write_running, regs[0], regs[1], regs[2]); 26562306a36Sopenharmony_ci 26662306a36Sopenharmony_ci /* Verify that all registers still have their expected values. */ 26762306a36Sopenharmony_ci ret = ptrace_read_regs(pid, NT_PPC_PKEY, regs, 3); 26862306a36Sopenharmony_ci PARENT_FAIL_IF(ret, &info->child_sync); 26962306a36Sopenharmony_ci 27062306a36Sopenharmony_ci printf("%-30s AMR: %016lx IAMR: %016lx UAMOR: %016lx\n", 27162306a36Sopenharmony_ci ptrace_read_running, regs[0], regs[1], regs[2]); 27262306a36Sopenharmony_ci 27362306a36Sopenharmony_ci PARENT_FAIL_IF(regs[0] != info->amr2, &info->child_sync); 27462306a36Sopenharmony_ci PARENT_FAIL_IF(regs[1] != info->expected_iamr, &info->child_sync); 27562306a36Sopenharmony_ci PARENT_FAIL_IF(regs[2] != info->expected_uamor, &info->child_sync); 27662306a36Sopenharmony_ci 27762306a36Sopenharmony_ci /* Wake up child so that it can verify AMR didn't change and wrap up. */ 27862306a36Sopenharmony_ci ret = prod_child(&info->child_sync); 27962306a36Sopenharmony_ci PARENT_FAIL_IF(ret, &info->child_sync); 28062306a36Sopenharmony_ci 28162306a36Sopenharmony_ci ret = wait(&status); 28262306a36Sopenharmony_ci if (ret != pid) { 28362306a36Sopenharmony_ci printf("Child's exit status not captured\n"); 28462306a36Sopenharmony_ci ret = TEST_PASS; 28562306a36Sopenharmony_ci } else if (!WIFEXITED(status)) { 28662306a36Sopenharmony_ci printf("Child exited abnormally\n"); 28762306a36Sopenharmony_ci ret = TEST_FAIL; 28862306a36Sopenharmony_ci } else 28962306a36Sopenharmony_ci ret = WEXITSTATUS(status) ? TEST_FAIL : TEST_PASS; 29062306a36Sopenharmony_ci 29162306a36Sopenharmony_ci return ret; 29262306a36Sopenharmony_ci} 29362306a36Sopenharmony_ci 29462306a36Sopenharmony_cistatic int ptrace_pkey(void) 29562306a36Sopenharmony_ci{ 29662306a36Sopenharmony_ci struct shared_info *info; 29762306a36Sopenharmony_ci int shm_id; 29862306a36Sopenharmony_ci int ret; 29962306a36Sopenharmony_ci pid_t pid; 30062306a36Sopenharmony_ci 30162306a36Sopenharmony_ci shm_id = shmget(IPC_PRIVATE, sizeof(*info), 0777 | IPC_CREAT); 30262306a36Sopenharmony_ci info = shmat(shm_id, NULL, 0); 30362306a36Sopenharmony_ci 30462306a36Sopenharmony_ci ret = init_child_sync(&info->child_sync); 30562306a36Sopenharmony_ci if (ret) 30662306a36Sopenharmony_ci return ret; 30762306a36Sopenharmony_ci 30862306a36Sopenharmony_ci pid = fork(); 30962306a36Sopenharmony_ci if (pid < 0) { 31062306a36Sopenharmony_ci perror("fork() failed"); 31162306a36Sopenharmony_ci ret = TEST_FAIL; 31262306a36Sopenharmony_ci } else if (pid == 0) 31362306a36Sopenharmony_ci ret = child(info); 31462306a36Sopenharmony_ci else 31562306a36Sopenharmony_ci ret = parent(info, pid); 31662306a36Sopenharmony_ci 31762306a36Sopenharmony_ci shmdt(info); 31862306a36Sopenharmony_ci 31962306a36Sopenharmony_ci if (pid) { 32062306a36Sopenharmony_ci destroy_child_sync(&info->child_sync); 32162306a36Sopenharmony_ci shmctl(shm_id, IPC_RMID, NULL); 32262306a36Sopenharmony_ci } 32362306a36Sopenharmony_ci 32462306a36Sopenharmony_ci return ret; 32562306a36Sopenharmony_ci} 32662306a36Sopenharmony_ci 32762306a36Sopenharmony_ciint main(int argc, char *argv[]) 32862306a36Sopenharmony_ci{ 32962306a36Sopenharmony_ci return test_harness(ptrace_pkey, "ptrace_pkey"); 33062306a36Sopenharmony_ci} 331