selftests/lam: Test get_user() LAM pointer handling

Recent change in how get_user() handles pointers:

  https://lore.kernel.org/all/20241024013214.129639-1-torvalds@linux-foundation.org/

has a specific case for LAM. It assigns a different bitmask that's
later used to check whether a pointer comes from userland in get_user().

Add test case to LAM that utilizes a ioctl (FIOASYNC) syscall which uses
get_user() in its implementation. Execute the syscall with differently
tagged pointers to verify that valid user pointers are passing through
and invalid kernel/non-canonical pointers are not.

Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Shuah Khan <skhan@linuxfoundation.org>
Link: https://lore.kernel.org/r/1624d9d1b9502517053a056652d50dc5d26884ac.1737990375.git.maciej.wieczor-retman@intel.com

diff --git a/tools/testing/selftests/x86/lam.c b/tools/testing/selftests/x86/lam.c
index df91a41a5babc4920fd231af9edbabd2d8a8ad47..b6166a5f37d67a7349002f66e7d1a3dd2d764964 100644 (file)
--- a/tools/testing/selftests/x86/lam.c
+++ b/tools/testing/selftests/x86/lam.c
@@ -4,6 +4,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <sys/syscall.h>
+#include <sys/ioctl.h>
 #include <time.h>
 #include <signal.h>
 #include <setjmp.h>
@@ -43,7 +44,15 @@
 #define FUNC_INHERITE           0x20
 #define FUNC_PASID              0x40
 
+/* get_user() pointer test cases */
+#define GET_USER_USER           0
+#define GET_USER_KERNEL_TOP     1
+#define GET_USER_KERNEL_BOT     2
+#define GET_USER_KERNEL         3
+
 #define TEST_MASK               0x7f
+#define L5_SIGN_EXT_MASK        (0xFFUL << 56)
+#define L4_SIGN_EXT_MASK        (0x1FFFFUL << 47)
 
 #define LOW_ADDR                (0x1UL << 30)
 #define HIGH_ADDR               (0x3UL << 48)
@@ -389,6 +398,78 @@ static int handle_syscall(struct testcases *test)
        return ret;
 }
 
+static int get_user_syscall(struct testcases *test)
+{
+       uint64_t ptr_address, bitmask;
+       int fd, ret = 0;
+       void *ptr;
+
+       if (la57_enabled()) {
+               bitmask = L5_SIGN_EXT_MASK;
+               ptr_address = HIGH_ADDR;
+       } else {
+               bitmask = L4_SIGN_EXT_MASK;
+               ptr_address = LOW_ADDR;
+       }
+
+       ptr = mmap((void *)ptr_address, PAGE_SIZE, PROT_READ | PROT_WRITE,
+                  MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
+
+       if (ptr == MAP_FAILED) {
+               perror("failed to map byte to pass into get_user");
+               return 1;
+       }
+
+       if (set_lam(test->lam) != 0) {
+               ret = 2;
+               goto error;
+       }
+
+       fd = memfd_create("lam_ioctl", 0);
+       if (fd == -1) {
+               munmap(ptr, PAGE_SIZE);
+               exit(EXIT_FAILURE);
+       }
+
+       switch (test->later) {
+       case GET_USER_USER:
+               /* Control group - properly tagged user pointer */
+               ptr = (void *)set_metadata((uint64_t)ptr, test->lam);
+               break;
+       case GET_USER_KERNEL_TOP:
+               /* Kernel address with top bit cleared */
+               bitmask &= (bitmask >> 1);
+               ptr = (void *)((uint64_t)ptr | bitmask);
+               break;
+       case GET_USER_KERNEL_BOT:
+               /* Kernel address with bottom sign-extension bit cleared */
+               bitmask &= (bitmask << 1);
+               ptr = (void *)((uint64_t)ptr | bitmask);
+               break;
+       case GET_USER_KERNEL:
+               /* Try to pass a kernel address */
+               ptr = (void *)((uint64_t)ptr | bitmask);
+               break;
+       default:
+               printf("Invalid test case value passed!\n");
+               break;
+       }
+
+       /*
+        * Use FIOASYNC ioctl because it utilizes get_user() internally and is
+        * very non-invasive to the system. Pass differently tagged pointers to
+        * get_user() in order to verify that valid user pointers are going
+        * through and invalid kernel/non-canonical pointers are not.
+        */
+       if (ioctl(fd, FIOASYNC, ptr) != 0)
+               ret = 1;
+
+       close(fd);
+error:
+       munmap(ptr, PAGE_SIZE);
+       return ret;
+}
+
 int sys_uring_setup(unsigned int entries, struct io_uring_params *p)
 {
        return (int)syscall(__NR_io_uring_setup, entries, p);
@@ -902,6 +983,33 @@ static struct testcases syscall_cases[] = {
                .test_func = handle_syscall,
                .msg = "SYSCALL:[Negative] Disable LAM. Dereferencing pointer with metadata.\n",
        },
+       {
+               .later = GET_USER_USER,
+               .lam = LAM_U57_BITS,
+               .test_func = get_user_syscall,
+               .msg = "GET_USER: get_user() and pass a properly tagged user pointer.\n",
+       },
+       {
+               .later = GET_USER_KERNEL_TOP,
+               .expected = 1,
+               .lam = LAM_U57_BITS,
+               .test_func = get_user_syscall,
+               .msg = "GET_USER:[Negative] get_user() with a kernel pointer and the top bit cleared.\n",
+       },
+       {
+               .later = GET_USER_KERNEL_BOT,
+               .expected = 1,
+               .lam = LAM_U57_BITS,
+               .test_func = get_user_syscall,
+               .msg = "GET_USER:[Negative] get_user() with a kernel pointer and the bottom sign-extension bit cleared.\n",
+       },
+       {
+               .later = GET_USER_KERNEL,
+               .expected = 1,
+               .lam = LAM_U57_BITS,
+               .test_func = get_user_syscall,
+               .msg = "GET_USER:[Negative] get_user() and pass a kernel pointer.\n",
+       },
 };
 
 static struct testcases mmap_cases[] = {