tools/testing/selftests/mm/guard-regions.c at master

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / tools / testing / selftests / mm / guard-regions.c
at master 2330 lines 63 kB view raw
wrap content
   1// SPDX-License-Identifier: GPL-2.0-or-later
   2
   3#define _GNU_SOURCE
   4#include "kselftest_harness.h"
   5#include <asm-generic/mman.h> /* Force the import of the tools version. */
   6#include <assert.h>
   7#include <errno.h>
   8#include <fcntl.h>
   9#include <linux/limits.h>
  10#include <linux/userfaultfd.h>
  11#include <linux/fs.h>
  12#include <setjmp.h>
  13#include <signal.h>
  14#include <stdbool.h>
  15#include <stdio.h>
  16#include <stdlib.h>
  17#include <string.h>
  18#include <sys/ioctl.h>
  19#include <sys/mman.h>
  20#include <sys/syscall.h>
  21#include <sys/uio.h>
  22#include <unistd.h>
  23#include "vm_util.h"
  24#include "thp_settings.h"
  25
  26#include "../pidfd/pidfd.h"
  27
  28/*
  29 * Ignore the checkpatch warning, as per the C99 standard, section 7.14.1.1:
  30 *
  31 * "If the signal occurs other than as the result of calling the abort or raise
  32 *  function, the behavior is undefined if the signal handler refers to any
  33 *  object with static storage duration other than by assigning a value to an
  34 *  object declared as volatile sig_atomic_t"
  35 */
  36static volatile sig_atomic_t signal_jump_set;
  37static sigjmp_buf signal_jmp_buf;
  38
  39/*
  40 * How is the test backing the mapping being tested?
  41 */
  42enum backing_type {
  43	ANON_BACKED,
  44	SHMEM_BACKED,
  45	LOCAL_FILE_BACKED,
  46};
  47
  48FIXTURE(guard_regions)
  49{
  50	unsigned long page_size;
  51	char path[PATH_MAX];
  52	int fd;
  53};
  54
  55FIXTURE_VARIANT(guard_regions)
  56{
  57	enum backing_type backing;
  58};
  59
  60FIXTURE_VARIANT_ADD(guard_regions, anon)
  61{
  62	.backing = ANON_BACKED,
  63};
  64
  65FIXTURE_VARIANT_ADD(guard_regions, shmem)
  66{
  67	.backing = SHMEM_BACKED,
  68};
  69
  70FIXTURE_VARIANT_ADD(guard_regions, file)
  71{
  72	.backing = LOCAL_FILE_BACKED,
  73};
  74
  75static bool is_anon_backed(const FIXTURE_VARIANT(guard_regions) * variant)
  76{
  77	switch (variant->backing) {
  78	case  ANON_BACKED:
  79	case  SHMEM_BACKED:
  80		return true;
  81	default:
  82		return false;
  83	}
  84}
  85
  86static void *mmap_(FIXTURE_DATA(guard_regions) * self,
  87		   const FIXTURE_VARIANT(guard_regions) * variant,
  88		   void *addr, size_t length, int prot, int extra_flags,
  89		   off_t offset)
  90{
  91	int fd;
  92	int flags = extra_flags;
  93
  94	switch (variant->backing) {
  95	case ANON_BACKED:
  96		flags |= MAP_PRIVATE | MAP_ANON;
  97		fd = -1;
  98		offset = 0;
  99		break;
 100	case SHMEM_BACKED:
 101	case LOCAL_FILE_BACKED:
 102		flags |= MAP_SHARED;
 103		fd = self->fd;
 104		break;
 105	default:
 106		ksft_exit_fail();
 107		break;
 108	}
 109
 110	return mmap(addr, length, prot, flags, fd, offset);
 111}
 112
 113static int userfaultfd(int flags)
 114{
 115	return syscall(SYS_userfaultfd, flags);
 116}
 117
 118static void handle_fatal(int c)
 119{
 120	if (!signal_jump_set)
 121		return;
 122
 123	siglongjmp(signal_jmp_buf, c);
 124}
 125
 126static ssize_t sys_process_madvise(int pidfd, const struct iovec *iovec,
 127				   size_t n, int advice, unsigned int flags)
 128{
 129	return syscall(__NR_process_madvise, pidfd, iovec, n, advice, flags);
 130}
 131
 132/*
 133 * Enable our signal catcher and try to read/write the specified buffer. The
 134 * return value indicates whether the read/write succeeds without a fatal
 135 * signal.
 136 */
 137static bool try_access_buf(char *ptr, bool write)
 138{
 139	bool failed;
 140
 141	/* Tell signal handler to jump back here on fatal signal. */
 142	signal_jump_set = true;
 143	/* If a fatal signal arose, we will jump back here and failed is set. */
 144	failed = sigsetjmp(signal_jmp_buf, 0) != 0;
 145
 146	if (!failed) {
 147		if (write)
 148			*ptr = 'x';
 149		else
 150			FORCE_READ(*ptr);
 151	}
 152
 153	signal_jump_set = false;
 154	return !failed;
 155}
 156
 157/* Try and read from a buffer, return true if no fatal signal. */
 158static bool try_read_buf(char *ptr)
 159{
 160	return try_access_buf(ptr, false);
 161}
 162
 163/* Try and write to a buffer, return true if no fatal signal. */
 164static bool try_write_buf(char *ptr)
 165{
 166	return try_access_buf(ptr, true);
 167}
 168
 169/*
 170 * Try and BOTH read from AND write to a buffer, return true if BOTH operations
 171 * succeed.
 172 */
 173static bool try_read_write_buf(char *ptr)
 174{
 175	return try_read_buf(ptr) && try_write_buf(ptr);
 176}
 177
 178static void setup_sighandler(void)
 179{
 180	struct sigaction act = {
 181		.sa_handler = &handle_fatal,
 182		.sa_flags = SA_NODEFER,
 183	};
 184
 185	sigemptyset(&act.sa_mask);
 186	if (sigaction(SIGSEGV, &act, NULL))
 187		ksft_exit_fail_perror("sigaction");
 188}
 189
 190static void teardown_sighandler(void)
 191{
 192	struct sigaction act = {
 193		.sa_handler = SIG_DFL,
 194		.sa_flags = SA_NODEFER,
 195	};
 196
 197	sigemptyset(&act.sa_mask);
 198	sigaction(SIGSEGV, &act, NULL);
 199}
 200
 201static int open_file(const char *prefix, char *path)
 202{
 203	int fd;
 204
 205	snprintf(path, PATH_MAX, "%sguard_regions_test_file_XXXXXX", prefix);
 206	fd = mkstemp(path);
 207	if (fd < 0)
 208		ksft_exit_fail_perror("mkstemp");
 209
 210	return fd;
 211}
 212
 213/* Establish a varying pattern in a buffer. */
 214static void set_pattern(char *ptr, size_t num_pages, size_t page_size)
 215{
 216	size_t i;
 217
 218	for (i = 0; i < num_pages; i++) {
 219		char *ptr2 = &ptr[i * page_size];
 220
 221		memset(ptr2, 'a' + (i % 26), page_size);
 222	}
 223}
 224
 225/*
 226 * Check that a buffer contains the pattern set by set_pattern(), starting at a
 227 * page offset of pgoff within the buffer.
 228 */
 229static bool check_pattern_offset(char *ptr, size_t num_pages, size_t page_size,
 230				 size_t pgoff)
 231{
 232	size_t i;
 233
 234	for (i = 0; i < num_pages * page_size; i++) {
 235		size_t offset = pgoff * page_size + i;
 236		char actual = ptr[offset];
 237		char expected = 'a' + ((offset / page_size) % 26);
 238
 239		if (actual != expected)
 240			return false;
 241	}
 242
 243	return true;
 244}
 245
 246/* Check that a buffer contains the pattern set by set_pattern(). */
 247static bool check_pattern(char *ptr, size_t num_pages, size_t page_size)
 248{
 249	return check_pattern_offset(ptr, num_pages, page_size, 0);
 250}
 251
 252/* Determine if a buffer contains only repetitions of a specified char. */
 253static bool is_buf_eq(char *buf, size_t size, char chr)
 254{
 255	size_t i;
 256
 257	for (i = 0; i < size; i++) {
 258		if (buf[i] != chr)
 259			return false;
 260	}
 261
 262	return true;
 263}
 264
 265/*
 266 * Some file systems have issues with merging due to changing merge-sensitive
 267 * parameters in the .mmap callback, and prior to .mmap_prepare being
 268 * implemented everywhere this will now result in an unexpected failure to
 269 * merge (e.g. - overlayfs).
 270 *
 271 * Perform a simple test to see if the local file system suffers from this, if
 272 * it does then we can skip test logic that assumes local file system merging is
 273 * sane.
 274 */
 275static bool local_fs_has_sane_mmap(FIXTURE_DATA(guard_regions) * self,
 276				   const FIXTURE_VARIANT(guard_regions) * variant)
 277{
 278	const unsigned long page_size = self->page_size;
 279	char *ptr, *ptr2;
 280	struct procmap_fd procmap;
 281
 282	if (variant->backing != LOCAL_FILE_BACKED)
 283		return true;
 284
 285	/* Map 10 pages. */
 286	ptr = mmap_(self, variant, NULL, 10 * page_size, PROT_READ | PROT_WRITE, 0, 0);
 287	if (ptr == MAP_FAILED)
 288		return false;
 289	/* Unmap the middle. */
 290	munmap(&ptr[5 * page_size], page_size);
 291
 292	/* Map again. */
 293	ptr2 = mmap_(self, variant, &ptr[5 * page_size], page_size, PROT_READ | PROT_WRITE,
 294		     MAP_FIXED, 5 * page_size);
 295
 296	if (ptr2 == MAP_FAILED)
 297		return false;
 298
 299	/* Now make sure they all merged. */
 300	if (open_self_procmap(&procmap) != 0)
 301		return false;
 302	if (!find_vma_procmap(&procmap, ptr))
 303		return false;
 304	if (procmap.query.vma_start != (unsigned long)ptr)
 305		return false;
 306	if (procmap.query.vma_end != (unsigned long)ptr + 10 * page_size)
 307		return false;
 308	close_procmap(&procmap);
 309
 310	return true;
 311}
 312
 313FIXTURE_SETUP(guard_regions)
 314{
 315	self->page_size = (unsigned long)sysconf(_SC_PAGESIZE);
 316	setup_sighandler();
 317
 318	switch (variant->backing) {
 319	case ANON_BACKED:
 320		return;
 321	case LOCAL_FILE_BACKED:
 322		self->fd = open_file("", self->path);
 323		break;
 324	case SHMEM_BACKED:
 325		self->fd = memfd_create(self->path, 0);
 326		break;
 327	}
 328
 329	/* We truncate file to at least 100 pages, tests can modify as needed. */
 330	ASSERT_EQ(ftruncate(self->fd, 100 * self->page_size), 0);
 331};
 332
 333FIXTURE_TEARDOWN_PARENT(guard_regions)
 334{
 335	teardown_sighandler();
 336
 337	if (variant->backing == ANON_BACKED)
 338		return;
 339
 340	if (self->fd >= 0)
 341		close(self->fd);
 342
 343	if (self->path[0] != '\0')
 344		unlink(self->path);
 345}
 346
 347TEST_F(guard_regions, basic)
 348{
 349	const unsigned long NUM_PAGES = 10;
 350	const unsigned long page_size = self->page_size;
 351	char *ptr;
 352	int i;
 353
 354	ptr = mmap_(self, variant, NULL, NUM_PAGES * page_size,
 355		    PROT_READ | PROT_WRITE, 0, 0);
 356	ASSERT_NE(ptr, MAP_FAILED);
 357
 358	/* Trivially assert we can touch the first page. */
 359	ASSERT_TRUE(try_read_write_buf(ptr));
 360
 361	ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0);
 362
 363	/* Establish that 1st page SIGSEGV's. */
 364	ASSERT_FALSE(try_read_write_buf(ptr));
 365
 366	/* Ensure we can touch everything else.*/
 367	for (i = 1; i < NUM_PAGES; i++) {
 368		char *curr = &ptr[i * page_size];
 369
 370		ASSERT_TRUE(try_read_write_buf(curr));
 371	}
 372
 373	/* Establish a guard page at the end of the mapping. */
 374	ASSERT_EQ(madvise(&ptr[(NUM_PAGES - 1) * page_size], page_size,
 375			  MADV_GUARD_INSTALL), 0);
 376
 377	/* Check that both guard pages result in SIGSEGV. */
 378	ASSERT_FALSE(try_read_write_buf(ptr));
 379	ASSERT_FALSE(try_read_write_buf(&ptr[(NUM_PAGES - 1) * page_size]));
 380
 381	/* Remove the first guard page. */
 382	ASSERT_FALSE(madvise(ptr, page_size, MADV_GUARD_REMOVE));
 383
 384	/* Make sure we can touch it. */
 385	ASSERT_TRUE(try_read_write_buf(ptr));
 386
 387	/* Remove the last guard page. */
 388	ASSERT_FALSE(madvise(&ptr[(NUM_PAGES - 1) * page_size], page_size,
 389			     MADV_GUARD_REMOVE));
 390
 391	/* Make sure we can touch it. */
 392	ASSERT_TRUE(try_read_write_buf(&ptr[(NUM_PAGES - 1) * page_size]));
 393
 394	/*
 395	 *  Test setting a _range_ of pages, namely the first 3. The first of
 396	 *  these be faulted in, so this also tests that we can install guard
 397	 *  pages over backed pages.
 398	 */
 399	ASSERT_EQ(madvise(ptr, 3 * page_size, MADV_GUARD_INSTALL), 0);
 400
 401	/* Make sure they are all guard pages. */
 402	for (i = 0; i < 3; i++) {
 403		char *curr = &ptr[i * page_size];
 404
 405		ASSERT_FALSE(try_read_write_buf(curr));
 406	}
 407
 408	/* Make sure the rest are not. */
 409	for (i = 3; i < NUM_PAGES; i++) {
 410		char *curr = &ptr[i * page_size];
 411
 412		ASSERT_TRUE(try_read_write_buf(curr));
 413	}
 414
 415	/* Remove guard pages. */
 416	ASSERT_EQ(madvise(ptr, NUM_PAGES * page_size, MADV_GUARD_REMOVE), 0);
 417
 418	/* Now make sure we can touch everything. */
 419	for (i = 0; i < NUM_PAGES; i++) {
 420		char *curr = &ptr[i * page_size];
 421
 422		ASSERT_TRUE(try_read_write_buf(curr));
 423	}
 424
 425	/*
 426	 * Now remove all guard pages, make sure we don't remove existing
 427	 * entries.
 428	 */
 429	ASSERT_EQ(madvise(ptr, NUM_PAGES * page_size, MADV_GUARD_REMOVE), 0);
 430
 431	for (i = 0; i < NUM_PAGES * page_size; i += page_size) {
 432		char chr = ptr[i];
 433
 434		ASSERT_EQ(chr, 'x');
 435	}
 436
 437	ASSERT_EQ(munmap(ptr, NUM_PAGES * page_size), 0);
 438}
 439
 440/* Assert that operations applied across multiple VMAs work as expected. */
 441TEST_F(guard_regions, multi_vma)
 442{
 443	const unsigned long page_size = self->page_size;
 444	char *ptr_region, *ptr, *ptr1, *ptr2, *ptr3;
 445	int i;
 446
 447	/* Reserve a 100 page region over which we can install VMAs. */
 448	ptr_region = mmap_(self, variant, NULL, 100 * page_size,
 449			   PROT_NONE, 0, 0);
 450	ASSERT_NE(ptr_region, MAP_FAILED);
 451
 452	/* Place a VMA of 10 pages size at the start of the region. */
 453	ptr1 = mmap_(self, variant, ptr_region, 10 * page_size,
 454		     PROT_READ | PROT_WRITE, MAP_FIXED, 0);
 455	ASSERT_NE(ptr1, MAP_FAILED);
 456
 457	/* Place a VMA of 5 pages size 50 pages into the region. */
 458	ptr2 = mmap_(self, variant, &ptr_region[50 * page_size], 5 * page_size,
 459		     PROT_READ | PROT_WRITE, MAP_FIXED, 0);
 460	ASSERT_NE(ptr2, MAP_FAILED);
 461
 462	/* Place a VMA of 20 pages size at the end of the region. */
 463	ptr3 = mmap_(self, variant, &ptr_region[80 * page_size], 20 * page_size,
 464		     PROT_READ | PROT_WRITE, MAP_FIXED, 0);
 465	ASSERT_NE(ptr3, MAP_FAILED);
 466
 467	/* Unmap gaps. */
 468	ASSERT_EQ(munmap(&ptr_region[10 * page_size], 40 * page_size), 0);
 469	ASSERT_EQ(munmap(&ptr_region[55 * page_size], 25 * page_size), 0);
 470
 471	/*
 472	 * We end up with VMAs like this:
 473	 *
 474	 * 0    10 .. 50   55 .. 80   100
 475	 * [---]      [---]      [---]
 476	 */
 477
 478	/*
 479	 * Now mark the whole range as guard pages and make sure all VMAs are as
 480	 * such.
 481	 */
 482
 483	/*
 484	 * madvise() is certifiable and lets you perform operations over gaps,
 485	 * everything works, but it indicates an error and errno is set to
 486	 * -ENOMEM. Also if anything runs out of memory it is set to
 487	 * -ENOMEM. You are meant to guess which is which.
 488	 */
 489	ASSERT_EQ(madvise(ptr_region, 100 * page_size, MADV_GUARD_INSTALL), -1);
 490	ASSERT_EQ(errno, ENOMEM);
 491
 492	for (i = 0; i < 10; i++) {
 493		char *curr = &ptr1[i * page_size];
 494
 495		ASSERT_FALSE(try_read_write_buf(curr));
 496	}
 497
 498	for (i = 0; i < 5; i++) {
 499		char *curr = &ptr2[i * page_size];
 500
 501		ASSERT_FALSE(try_read_write_buf(curr));
 502	}
 503
 504	for (i = 0; i < 20; i++) {
 505		char *curr = &ptr3[i * page_size];
 506
 507		ASSERT_FALSE(try_read_write_buf(curr));
 508	}
 509
 510	/* Now remove guar pages over range and assert the opposite. */
 511
 512	ASSERT_EQ(madvise(ptr_region, 100 * page_size, MADV_GUARD_REMOVE), -1);
 513	ASSERT_EQ(errno, ENOMEM);
 514
 515	for (i = 0; i < 10; i++) {
 516		char *curr = &ptr1[i * page_size];
 517
 518		ASSERT_TRUE(try_read_write_buf(curr));
 519	}
 520
 521	for (i = 0; i < 5; i++) {
 522		char *curr = &ptr2[i * page_size];
 523
 524		ASSERT_TRUE(try_read_write_buf(curr));
 525	}
 526
 527	for (i = 0; i < 20; i++) {
 528		char *curr = &ptr3[i * page_size];
 529
 530		ASSERT_TRUE(try_read_write_buf(curr));
 531	}
 532
 533	/* Now map incompatible VMAs in the gaps. */
 534	ptr = mmap_(self, variant, &ptr_region[10 * page_size], 40 * page_size,
 535		    PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED, 0);
 536	ASSERT_NE(ptr, MAP_FAILED);
 537	ptr = mmap_(self, variant, &ptr_region[55 * page_size], 25 * page_size,
 538		    PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED, 0);
 539	ASSERT_NE(ptr, MAP_FAILED);
 540
 541	/*
 542	 * We end up with VMAs like this:
 543	 *
 544	 * 0    10 .. 50   55 .. 80   100
 545	 * [---][xxxx][---][xxxx][---]
 546	 *
 547	 * Where 'x' signifies VMAs that cannot be merged with those adjacent to
 548	 * them.
 549	 */
 550
 551	/* Multiple VMAs adjacent to one another should result in no error. */
 552	ASSERT_EQ(madvise(ptr_region, 100 * page_size, MADV_GUARD_INSTALL), 0);
 553	for (i = 0; i < 100; i++) {
 554		char *curr = &ptr_region[i * page_size];
 555
 556		ASSERT_FALSE(try_read_write_buf(curr));
 557	}
 558	ASSERT_EQ(madvise(ptr_region, 100 * page_size, MADV_GUARD_REMOVE), 0);
 559	for (i = 0; i < 100; i++) {
 560		char *curr = &ptr_region[i * page_size];
 561
 562		ASSERT_TRUE(try_read_write_buf(curr));
 563	}
 564
 565	/* Cleanup. */
 566	ASSERT_EQ(munmap(ptr_region, 100 * page_size), 0);
 567}
 568
 569/*
 570 * Assert that batched operations performed using process_madvise() work as
 571 * expected.
 572 */
 573TEST_F(guard_regions, process_madvise)
 574{
 575	const unsigned long page_size = self->page_size;
 576	char *ptr_region, *ptr1, *ptr2, *ptr3;
 577	ssize_t count;
 578	struct iovec vec[6];
 579
 580	/* Reserve region to map over. */
 581	ptr_region = mmap_(self, variant, NULL, 100 * page_size,
 582			   PROT_NONE, 0, 0);
 583	ASSERT_NE(ptr_region, MAP_FAILED);
 584
 585	/*
 586	 * 10 pages offset 1 page into reserve region. We MAP_POPULATE so we
 587	 * overwrite existing entries and test this code path against
 588	 * overwriting existing entries.
 589	 */
 590	ptr1 = mmap_(self, variant, &ptr_region[page_size], 10 * page_size,
 591		     PROT_READ | PROT_WRITE, MAP_FIXED | MAP_POPULATE, 0);
 592	ASSERT_NE(ptr1, MAP_FAILED);
 593	/* We want guard markers at start/end of each VMA. */
 594	vec[0].iov_base = ptr1;
 595	vec[0].iov_len = page_size;
 596	vec[1].iov_base = &ptr1[9 * page_size];
 597	vec[1].iov_len = page_size;
 598
 599	/* 5 pages offset 50 pages into reserve region. */
 600	ptr2 = mmap_(self, variant, &ptr_region[50 * page_size], 5 * page_size,
 601		     PROT_READ | PROT_WRITE, MAP_FIXED, 0);
 602	ASSERT_NE(ptr2, MAP_FAILED);
 603	vec[2].iov_base = ptr2;
 604	vec[2].iov_len = page_size;
 605	vec[3].iov_base = &ptr2[4 * page_size];
 606	vec[3].iov_len = page_size;
 607
 608	/* 20 pages offset 79 pages into reserve region. */
 609	ptr3 = mmap_(self, variant, &ptr_region[79 * page_size], 20 * page_size,
 610		    PROT_READ | PROT_WRITE, MAP_FIXED, 0);
 611	ASSERT_NE(ptr3, MAP_FAILED);
 612	vec[4].iov_base = ptr3;
 613	vec[4].iov_len = page_size;
 614	vec[5].iov_base = &ptr3[19 * page_size];
 615	vec[5].iov_len = page_size;
 616
 617	/* Free surrounding VMAs. */
 618	ASSERT_EQ(munmap(ptr_region, page_size), 0);
 619	ASSERT_EQ(munmap(&ptr_region[11 * page_size], 39 * page_size), 0);
 620	ASSERT_EQ(munmap(&ptr_region[55 * page_size], 24 * page_size), 0);
 621	ASSERT_EQ(munmap(&ptr_region[99 * page_size], page_size), 0);
 622
 623	/* Now guard in one step. */
 624	count = sys_process_madvise(PIDFD_SELF, vec, 6, MADV_GUARD_INSTALL, 0);
 625
 626	/* OK we don't have permission to do this, skip. */
 627	if (count == -1 && errno == EPERM)
 628		SKIP(return, "No process_madvise() permissions, try running as root.\n");
 629
 630	/* Returns the number of bytes advised. */
 631	ASSERT_EQ(count, 6 * page_size);
 632
 633	/* Now make sure the guarding was applied. */
 634
 635	ASSERT_FALSE(try_read_write_buf(ptr1));
 636	ASSERT_FALSE(try_read_write_buf(&ptr1[9 * page_size]));
 637
 638	ASSERT_FALSE(try_read_write_buf(ptr2));
 639	ASSERT_FALSE(try_read_write_buf(&ptr2[4 * page_size]));
 640
 641	ASSERT_FALSE(try_read_write_buf(ptr3));
 642	ASSERT_FALSE(try_read_write_buf(&ptr3[19 * page_size]));
 643
 644	/* Now do the same with unguard... */
 645	count = sys_process_madvise(PIDFD_SELF, vec, 6, MADV_GUARD_REMOVE, 0);
 646
 647	/* ...and everything should now succeed. */
 648
 649	ASSERT_TRUE(try_read_write_buf(ptr1));
 650	ASSERT_TRUE(try_read_write_buf(&ptr1[9 * page_size]));
 651
 652	ASSERT_TRUE(try_read_write_buf(ptr2));
 653	ASSERT_TRUE(try_read_write_buf(&ptr2[4 * page_size]));
 654
 655	ASSERT_TRUE(try_read_write_buf(ptr3));
 656	ASSERT_TRUE(try_read_write_buf(&ptr3[19 * page_size]));
 657
 658	/* Cleanup. */
 659	ASSERT_EQ(munmap(ptr1, 10 * page_size), 0);
 660	ASSERT_EQ(munmap(ptr2, 5 * page_size), 0);
 661	ASSERT_EQ(munmap(ptr3, 20 * page_size), 0);
 662}
 663
 664/* Assert that unmapping ranges does not leave guard markers behind. */
 665TEST_F(guard_regions, munmap)
 666{
 667	const unsigned long page_size = self->page_size;
 668	char *ptr, *ptr_new1, *ptr_new2;
 669
 670	ptr = mmap_(self, variant, NULL, 10 * page_size,
 671		    PROT_READ | PROT_WRITE, 0, 0);
 672	ASSERT_NE(ptr, MAP_FAILED);
 673
 674	/* Guard first and last pages. */
 675	ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0);
 676	ASSERT_EQ(madvise(&ptr[9 * page_size], page_size, MADV_GUARD_INSTALL), 0);
 677
 678	/* Assert that they are guarded. */
 679	ASSERT_FALSE(try_read_write_buf(ptr));
 680	ASSERT_FALSE(try_read_write_buf(&ptr[9 * page_size]));
 681
 682	/* Unmap them. */
 683	ASSERT_EQ(munmap(ptr, page_size), 0);
 684	ASSERT_EQ(munmap(&ptr[9 * page_size], page_size), 0);
 685
 686	/* Map over them.*/
 687	ptr_new1 = mmap_(self, variant, ptr, page_size, PROT_READ | PROT_WRITE,
 688			 MAP_FIXED, 0);
 689	ASSERT_NE(ptr_new1, MAP_FAILED);
 690	ptr_new2 = mmap_(self, variant, &ptr[9 * page_size], page_size,
 691			 PROT_READ | PROT_WRITE, MAP_FIXED, 0);
 692	ASSERT_NE(ptr_new2, MAP_FAILED);
 693
 694	/* Assert that they are now not guarded. */
 695	ASSERT_TRUE(try_read_write_buf(ptr_new1));
 696	ASSERT_TRUE(try_read_write_buf(ptr_new2));
 697
 698	/* Cleanup. */
 699	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
 700}
 701
 702/* Assert that mprotect() operations have no bearing on guard markers. */
 703TEST_F(guard_regions, mprotect)
 704{
 705	const unsigned long page_size = self->page_size;
 706	char *ptr;
 707	int i;
 708
 709	ptr = mmap_(self, variant, NULL, 10 * page_size,
 710		    PROT_READ | PROT_WRITE, 0, 0);
 711	ASSERT_NE(ptr, MAP_FAILED);
 712
 713	/* Guard the middle of the range. */
 714	ASSERT_EQ(madvise(&ptr[5 * page_size], 2 * page_size,
 715			  MADV_GUARD_INSTALL), 0);
 716
 717	/* Assert that it is indeed guarded. */
 718	ASSERT_FALSE(try_read_write_buf(&ptr[5 * page_size]));
 719	ASSERT_FALSE(try_read_write_buf(&ptr[6 * page_size]));
 720
 721	/* Now make these pages read-only. */
 722	ASSERT_EQ(mprotect(&ptr[5 * page_size], 2 * page_size, PROT_READ), 0);
 723
 724	/* Make sure the range is still guarded. */
 725	ASSERT_FALSE(try_read_buf(&ptr[5 * page_size]));
 726	ASSERT_FALSE(try_read_buf(&ptr[6 * page_size]));
 727
 728	/* Make sure we can guard again without issue.*/
 729	ASSERT_EQ(madvise(&ptr[5 * page_size], 2 * page_size,
 730			  MADV_GUARD_INSTALL), 0);
 731
 732	/* Make sure the range is, yet again, still guarded. */
 733	ASSERT_FALSE(try_read_buf(&ptr[5 * page_size]));
 734	ASSERT_FALSE(try_read_buf(&ptr[6 * page_size]));
 735
 736	/* Now unguard the whole range. */
 737	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0);
 738
 739	/* Make sure the whole range is readable. */
 740	for (i = 0; i < 10; i++) {
 741		char *curr = &ptr[i * page_size];
 742
 743		ASSERT_TRUE(try_read_buf(curr));
 744	}
 745
 746	/* Cleanup. */
 747	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
 748}
 749
 750/* Split and merge VMAs and make sure guard pages still behave. */
 751TEST_F(guard_regions, split_merge)
 752{
 753	const unsigned long page_size = self->page_size;
 754	char *ptr, *ptr_new;
 755	int i;
 756
 757	ptr = mmap_(self, variant, NULL, 10 * page_size,
 758		    PROT_READ | PROT_WRITE, 0, 0);
 759	ASSERT_NE(ptr, MAP_FAILED);
 760
 761	/* Guard the whole range. */
 762	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0);
 763
 764	/* Make sure the whole range is guarded. */
 765	for (i = 0; i < 10; i++) {
 766		char *curr = &ptr[i * page_size];
 767
 768		ASSERT_FALSE(try_read_write_buf(curr));
 769	}
 770
 771	/* Now unmap some pages in the range so we split. */
 772	ASSERT_EQ(munmap(&ptr[2 * page_size], page_size), 0);
 773	ASSERT_EQ(munmap(&ptr[5 * page_size], page_size), 0);
 774	ASSERT_EQ(munmap(&ptr[8 * page_size], page_size), 0);
 775
 776	/* Make sure the remaining ranges are guarded post-split. */
 777	for (i = 0; i < 2; i++) {
 778		char *curr = &ptr[i * page_size];
 779
 780		ASSERT_FALSE(try_read_write_buf(curr));
 781	}
 782	for (i = 2; i < 5; i++) {
 783		char *curr = &ptr[i * page_size];
 784
 785		ASSERT_FALSE(try_read_write_buf(curr));
 786	}
 787	for (i = 6; i < 8; i++) {
 788		char *curr = &ptr[i * page_size];
 789
 790		ASSERT_FALSE(try_read_write_buf(curr));
 791	}
 792	for (i = 9; i < 10; i++) {
 793		char *curr = &ptr[i * page_size];
 794
 795		ASSERT_FALSE(try_read_write_buf(curr));
 796	}
 797
 798	/* Now map them again - the unmap will have cleared the guards. */
 799	ptr_new = mmap_(self, variant, &ptr[2 * page_size], page_size,
 800			PROT_READ | PROT_WRITE, MAP_FIXED, 0);
 801	ASSERT_NE(ptr_new, MAP_FAILED);
 802	ptr_new = mmap_(self, variant, &ptr[5 * page_size], page_size,
 803			PROT_READ | PROT_WRITE, MAP_FIXED, 0);
 804	ASSERT_NE(ptr_new, MAP_FAILED);
 805	ptr_new = mmap_(self, variant, &ptr[8 * page_size], page_size,
 806			PROT_READ | PROT_WRITE, MAP_FIXED, 0);
 807	ASSERT_NE(ptr_new, MAP_FAILED);
 808
 809	/* Now make sure guard pages are established. */
 810	for (i = 0; i < 10; i++) {
 811		char *curr = &ptr[i * page_size];
 812		bool result = try_read_write_buf(curr);
 813		bool expect_true = i == 2 || i == 5 || i == 8;
 814
 815		ASSERT_TRUE(expect_true ? result : !result);
 816	}
 817
 818	/* Now guard everything again. */
 819	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0);
 820
 821	/* Make sure the whole range is guarded. */
 822	for (i = 0; i < 10; i++) {
 823		char *curr = &ptr[i * page_size];
 824
 825		ASSERT_FALSE(try_read_write_buf(curr));
 826	}
 827
 828	/* Now split the range into three. */
 829	ASSERT_EQ(mprotect(ptr, 3 * page_size, PROT_READ), 0);
 830	ASSERT_EQ(mprotect(&ptr[7 * page_size], 3 * page_size, PROT_READ), 0);
 831
 832	/* Make sure the whole range is guarded for read. */
 833	for (i = 0; i < 10; i++) {
 834		char *curr = &ptr[i * page_size];
 835
 836		ASSERT_FALSE(try_read_buf(curr));
 837	}
 838
 839	/* Now reset protection bits so we merge the whole thing. */
 840	ASSERT_EQ(mprotect(ptr, 3 * page_size, PROT_READ | PROT_WRITE), 0);
 841	ASSERT_EQ(mprotect(&ptr[7 * page_size], 3 * page_size,
 842			   PROT_READ | PROT_WRITE), 0);
 843
 844	/* Make sure the whole range is still guarded. */
 845	for (i = 0; i < 10; i++) {
 846		char *curr = &ptr[i * page_size];
 847
 848		ASSERT_FALSE(try_read_write_buf(curr));
 849	}
 850
 851	/* Split range into 3 again... */
 852	ASSERT_EQ(mprotect(ptr, 3 * page_size, PROT_READ), 0);
 853	ASSERT_EQ(mprotect(&ptr[7 * page_size], 3 * page_size, PROT_READ), 0);
 854
 855	/* ...and unguard the whole range. */
 856	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0);
 857
 858	/* Make sure the whole range is remedied for read. */
 859	for (i = 0; i < 10; i++) {
 860		char *curr = &ptr[i * page_size];
 861
 862		ASSERT_TRUE(try_read_buf(curr));
 863	}
 864
 865	/* Merge them again. */
 866	ASSERT_EQ(mprotect(ptr, 3 * page_size, PROT_READ | PROT_WRITE), 0);
 867	ASSERT_EQ(mprotect(&ptr[7 * page_size], 3 * page_size,
 868			   PROT_READ | PROT_WRITE), 0);
 869
 870	/* Now ensure the merged range is remedied for read/write. */
 871	for (i = 0; i < 10; i++) {
 872		char *curr = &ptr[i * page_size];
 873
 874		ASSERT_TRUE(try_read_write_buf(curr));
 875	}
 876
 877	/* Cleanup. */
 878	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
 879}
 880
 881/* Assert that MADV_DONTNEED does not remove guard markers. */
 882TEST_F(guard_regions, dontneed)
 883{
 884	const unsigned long page_size = self->page_size;
 885	char *ptr;
 886	int i;
 887
 888	ptr = mmap_(self, variant, NULL, 10 * page_size,
 889		    PROT_READ | PROT_WRITE, 0, 0);
 890	ASSERT_NE(ptr, MAP_FAILED);
 891
 892	/* Back the whole range. */
 893	for (i = 0; i < 10; i++) {
 894		char *curr = &ptr[i * page_size];
 895
 896		*curr = 'y';
 897	}
 898
 899	/* Guard every other page. */
 900	for (i = 0; i < 10; i += 2) {
 901		char *curr = &ptr[i * page_size];
 902		int res = madvise(curr, page_size, MADV_GUARD_INSTALL);
 903
 904		ASSERT_EQ(res, 0);
 905	}
 906
 907	/* Indicate that we don't need any of the range. */
 908	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_DONTNEED), 0);
 909
 910	/* Check to ensure guard markers are still in place. */
 911	for (i = 0; i < 10; i++) {
 912		char *curr = &ptr[i * page_size];
 913		bool result = try_read_buf(curr);
 914
 915		if (i % 2 == 0) {
 916			ASSERT_FALSE(result);
 917		} else {
 918			ASSERT_TRUE(result);
 919			switch (variant->backing) {
 920			case ANON_BACKED:
 921				/* If anon, then we get a zero page. */
 922				ASSERT_EQ(*curr, '\0');
 923				break;
 924			default:
 925				/* Otherwise, we get the file data. */
 926				ASSERT_EQ(*curr, 'y');
 927				break;
 928			}
 929		}
 930
 931		/* Now write... */
 932		result = try_write_buf(&ptr[i * page_size]);
 933
 934		/* ...and make sure same result. */
 935		ASSERT_TRUE(i % 2 != 0 ? result : !result);
 936	}
 937
 938	/* Cleanup. */
 939	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
 940}
 941
 942/* Assert that mlock()'ed pages work correctly with guard markers. */
 943TEST_F(guard_regions, mlock)
 944{
 945	const unsigned long page_size = self->page_size;
 946	char *ptr;
 947	int i;
 948
 949	ptr = mmap_(self, variant, NULL, 10 * page_size,
 950		    PROT_READ | PROT_WRITE, 0, 0);
 951	ASSERT_NE(ptr, MAP_FAILED);
 952
 953	/* Populate. */
 954	for (i = 0; i < 10; i++) {
 955		char *curr = &ptr[i * page_size];
 956
 957		*curr = 'y';
 958	}
 959
 960	/* Lock. */
 961	ASSERT_EQ(mlock(ptr, 10 * page_size), 0);
 962
 963	/* Now try to guard, should fail with EINVAL. */
 964	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), -1);
 965	ASSERT_EQ(errno, EINVAL);
 966
 967	/* OK unlock. */
 968	ASSERT_EQ(munlock(ptr, 10 * page_size), 0);
 969
 970	/* Guard first half of range, should now succeed. */
 971	ASSERT_EQ(madvise(ptr, 5 * page_size, MADV_GUARD_INSTALL), 0);
 972
 973	/* Make sure guard works. */
 974	for (i = 0; i < 10; i++) {
 975		char *curr = &ptr[i * page_size];
 976		bool result = try_read_write_buf(curr);
 977
 978		if (i < 5) {
 979			ASSERT_FALSE(result);
 980		} else {
 981			ASSERT_TRUE(result);
 982			ASSERT_EQ(*curr, 'x');
 983		}
 984	}
 985
 986	/*
 987	 * Now lock the latter part of the range. We can't lock the guard pages,
 988	 * as this would result in the pages being populated and the guarding
 989	 * would cause this to error out.
 990	 */
 991	ASSERT_EQ(mlock(&ptr[5 * page_size], 5 * page_size), 0);
 992
 993	/*
 994	 * Now remove guard pages, we permit mlock()'d ranges to have guard
 995	 * pages removed as it is a non-destructive operation.
 996	 */
 997	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0);
 998
 999	/* Now check that no guard pages remain. */
1000	for (i = 0; i < 10; i++) {
1001		char *curr = &ptr[i * page_size];
1002
1003		ASSERT_TRUE(try_read_write_buf(curr));
1004	}
1005
1006	/* Cleanup. */
1007	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1008}
1009
1010/*
1011 * Assert that moving, extending and shrinking memory via mremap() retains
1012 * guard markers where possible.
1013 *
1014 * - Moving a mapping alone should retain markers as they are.
1015 */
1016TEST_F(guard_regions, mremap_move)
1017{
1018	const unsigned long page_size = self->page_size;
1019	char *ptr, *ptr_new;
1020
1021	/* Map 5 pages. */
1022	ptr = mmap_(self, variant, NULL, 5 * page_size,
1023		    PROT_READ | PROT_WRITE, 0, 0);
1024	ASSERT_NE(ptr, MAP_FAILED);
1025
1026	/* Place guard markers at both ends of the 5 page span. */
1027	ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0);
1028	ASSERT_EQ(madvise(&ptr[4 * page_size], page_size, MADV_GUARD_INSTALL), 0);
1029
1030	/* Make sure the guard pages are in effect. */
1031	ASSERT_FALSE(try_read_write_buf(ptr));
1032	ASSERT_FALSE(try_read_write_buf(&ptr[4 * page_size]));
1033
1034	/* Map a new region we will move this range into. Doing this ensures
1035	 * that we have reserved a range to map into.
1036	 */
1037	ptr_new = mmap_(self, variant, NULL, 5 * page_size, PROT_NONE, 0, 0);
1038	ASSERT_NE(ptr_new, MAP_FAILED);
1039
1040	ASSERT_EQ(mremap(ptr, 5 * page_size, 5 * page_size,
1041			 MREMAP_MAYMOVE | MREMAP_FIXED, ptr_new), ptr_new);
1042
1043	/* Make sure the guard markers are retained. */
1044	ASSERT_FALSE(try_read_write_buf(ptr_new));
1045	ASSERT_FALSE(try_read_write_buf(&ptr_new[4 * page_size]));
1046
1047	/*
1048	 * Clean up - we only need reference the new pointer as we overwrote the
1049	 * PROT_NONE range and moved the existing one.
1050	 */
1051	munmap(ptr_new, 5 * page_size);
1052}
1053
1054/*
1055 * Assert that moving, extending and shrinking memory via mremap() retains
1056 * guard markers where possible.
1057 *
1058 * Expanding should retain guard pages, only now in different position. The user
1059 * will have to remove guard pages manually to fix up (they'd have to do the
1060 * same if it were a PROT_NONE mapping).
1061 */
1062TEST_F(guard_regions, mremap_expand)
1063{
1064	const unsigned long page_size = self->page_size;
1065	char *ptr, *ptr_new;
1066
1067	/* Map 10 pages... */
1068	ptr = mmap_(self, variant, NULL, 10 * page_size,
1069		    PROT_READ | PROT_WRITE, 0, 0);
1070	ASSERT_NE(ptr, MAP_FAILED);
1071	/* ...But unmap the last 5 so we can ensure we can expand into them. */
1072	ASSERT_EQ(munmap(&ptr[5 * page_size], 5 * page_size), 0);
1073
1074	/* Place guard markers at both ends of the 5 page span. */
1075	ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0);
1076	ASSERT_EQ(madvise(&ptr[4 * page_size], page_size, MADV_GUARD_INSTALL), 0);
1077
1078	/* Make sure the guarding is in effect. */
1079	ASSERT_FALSE(try_read_write_buf(ptr));
1080	ASSERT_FALSE(try_read_write_buf(&ptr[4 * page_size]));
1081
1082	/* Now expand to 10 pages. */
1083	ptr = mremap(ptr, 5 * page_size, 10 * page_size, 0);
1084	ASSERT_NE(ptr, MAP_FAILED);
1085
1086	/*
1087	 * Make sure the guard markers are retained in their original positions.
1088	 */
1089	ASSERT_FALSE(try_read_write_buf(ptr));
1090	ASSERT_FALSE(try_read_write_buf(&ptr[4 * page_size]));
1091
1092	/* Reserve a region which we can move to and expand into. */
1093	ptr_new = mmap_(self, variant, NULL, 20 * page_size, PROT_NONE, 0, 0);
1094	ASSERT_NE(ptr_new, MAP_FAILED);
1095
1096	/* Now move and expand into it. */
1097	ptr = mremap(ptr, 10 * page_size, 20 * page_size,
1098		     MREMAP_MAYMOVE | MREMAP_FIXED, ptr_new);
1099	ASSERT_EQ(ptr, ptr_new);
1100
1101	/*
1102	 * Again, make sure the guard markers are retained in their original positions.
1103	 */
1104	ASSERT_FALSE(try_read_write_buf(ptr));
1105	ASSERT_FALSE(try_read_write_buf(&ptr[4 * page_size]));
1106
1107	/*
1108	 * A real user would have to remove guard markers, but would reasonably
1109	 * expect all characteristics of the mapping to be retained, including
1110	 * guard markers.
1111	 */
1112
1113	/* Cleanup. */
1114	munmap(ptr, 20 * page_size);
1115}
1116/*
1117 * Assert that moving, extending and shrinking memory via mremap() retains
1118 * guard markers where possible.
1119 *
1120 * Shrinking will result in markers that are shrunk over being removed. Again,
1121 * if the user were using a PROT_NONE mapping they'd have to manually fix this
1122 * up also so this is OK.
1123 */
1124TEST_F(guard_regions, mremap_shrink)
1125{
1126	const unsigned long page_size = self->page_size;
1127	char *ptr;
1128	int i;
1129
1130	/* Map 5 pages. */
1131	ptr = mmap_(self, variant, NULL, 5 * page_size,
1132		    PROT_READ | PROT_WRITE, 0, 0);
1133	ASSERT_NE(ptr, MAP_FAILED);
1134
1135	/* Place guard markers at both ends of the 5 page span. */
1136	ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0);
1137	ASSERT_EQ(madvise(&ptr[4 * page_size], page_size, MADV_GUARD_INSTALL), 0);
1138
1139	/* Make sure the guarding is in effect. */
1140	ASSERT_FALSE(try_read_write_buf(ptr));
1141	ASSERT_FALSE(try_read_write_buf(&ptr[4 * page_size]));
1142
1143	/* Now shrink to 3 pages. */
1144	ptr = mremap(ptr, 5 * page_size, 3 * page_size, MREMAP_MAYMOVE);
1145	ASSERT_NE(ptr, MAP_FAILED);
1146
1147	/* We expect the guard marker at the start to be retained... */
1148	ASSERT_FALSE(try_read_write_buf(ptr));
1149
1150	/* ...But remaining pages will not have guard markers. */
1151	for (i = 1; i < 3; i++) {
1152		char *curr = &ptr[i * page_size];
1153
1154		ASSERT_TRUE(try_read_write_buf(curr));
1155	}
1156
1157	/*
1158	 * As with expansion, a real user would have to remove guard pages and
1159	 * fixup. But you'd have to do similar manual things with PROT_NONE
1160	 * mappings too.
1161	 */
1162
1163	/*
1164	 * If we expand back to the original size, the end marker will, of
1165	 * course, no longer be present.
1166	 */
1167	ptr = mremap(ptr, 3 * page_size, 5 * page_size, 0);
1168	ASSERT_NE(ptr, MAP_FAILED);
1169
1170	/* Again, we expect the guard marker at the start to be retained... */
1171	ASSERT_FALSE(try_read_write_buf(ptr));
1172
1173	/* ...But remaining pages will not have guard markers. */
1174	for (i = 1; i < 5; i++) {
1175		char *curr = &ptr[i * page_size];
1176
1177		ASSERT_TRUE(try_read_write_buf(curr));
1178	}
1179
1180	/* Cleanup. */
1181	munmap(ptr, 5 * page_size);
1182}
1183
1184/*
1185 * Assert that forking a process with VMAs that do not have VM_WIPEONFORK set
1186 * retain guard pages.
1187 */
1188TEST_F(guard_regions, fork)
1189{
1190	const unsigned long page_size = self->page_size;
1191	char *ptr;
1192	pid_t pid;
1193	int i;
1194
1195	/* Map 10 pages. */
1196	ptr = mmap_(self, variant, NULL, 10 * page_size,
1197		    PROT_READ | PROT_WRITE, 0, 0);
1198	ASSERT_NE(ptr, MAP_FAILED);
1199
1200	/* Establish guard pages in the first 5 pages. */
1201	ASSERT_EQ(madvise(ptr, 5 * page_size, MADV_GUARD_INSTALL), 0);
1202
1203	pid = fork();
1204	ASSERT_NE(pid, -1);
1205	if (!pid) {
1206		/* This is the child process now. */
1207
1208		/* Assert that the guarding is in effect. */
1209		for (i = 0; i < 10; i++) {
1210			char *curr = &ptr[i * page_size];
1211			bool result = try_read_write_buf(curr);
1212
1213			ASSERT_TRUE(i >= 5 ? result : !result);
1214		}
1215
1216		/* Now unguard the range.*/
1217		ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0);
1218
1219		exit(0);
1220	}
1221
1222	/* Parent process. */
1223
1224	/* Parent simply waits on child. */
1225	waitpid(pid, NULL, 0);
1226
1227	/* Child unguard does not impact parent page table state. */
1228	for (i = 0; i < 10; i++) {
1229		char *curr = &ptr[i * page_size];
1230		bool result = try_read_write_buf(curr);
1231
1232		ASSERT_TRUE(i >= 5 ? result : !result);
1233	}
1234
1235	/* Cleanup. */
1236	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1237}
1238
1239/*
1240 * Assert expected behaviour after we fork populated ranges of anonymous memory
1241 * and then guard and unguard the range.
1242 */
1243TEST_F(guard_regions, fork_cow)
1244{
1245	const unsigned long page_size = self->page_size;
1246	char *ptr;
1247	pid_t pid;
1248	int i;
1249
1250	if (variant->backing != ANON_BACKED)
1251		SKIP(return, "CoW only supported on anon mappings");
1252
1253	/* Map 10 pages. */
1254	ptr = mmap_(self, variant, NULL, 10 * page_size,
1255		    PROT_READ | PROT_WRITE, 0, 0);
1256	ASSERT_NE(ptr, MAP_FAILED);
1257
1258	/* Populate range. */
1259	for (i = 0; i < 10 * page_size; i++) {
1260		char chr = 'a' + (i % 26);
1261
1262		ptr[i] = chr;
1263	}
1264
1265	pid = fork();
1266	ASSERT_NE(pid, -1);
1267	if (!pid) {
1268		/* This is the child process now. */
1269
1270		/* Ensure the range is as expected. */
1271		for (i = 0; i < 10 * page_size; i++) {
1272			char expected = 'a' + (i % 26);
1273			char actual = ptr[i];
1274
1275			ASSERT_EQ(actual, expected);
1276		}
1277
1278		/* Establish guard pages across the whole range. */
1279		ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0);
1280		/* Remove it. */
1281		ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0);
1282
1283		/*
1284		 * By removing the guard pages, the page tables will be
1285		 * cleared. Assert that we are looking at the zero page now.
1286		 */
1287		for (i = 0; i < 10 * page_size; i++) {
1288			char actual = ptr[i];
1289
1290			ASSERT_EQ(actual, '\0');
1291		}
1292
1293		exit(0);
1294	}
1295
1296	/* Parent process. */
1297
1298	/* Parent simply waits on child. */
1299	waitpid(pid, NULL, 0);
1300
1301	/* Ensure the range is unchanged in parent anon range. */
1302	for (i = 0; i < 10 * page_size; i++) {
1303		char expected = 'a' + (i % 26);
1304		char actual = ptr[i];
1305
1306		ASSERT_EQ(actual, expected);
1307	}
1308
1309	/* Cleanup. */
1310	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1311}
1312
1313/*
1314 * Assert that forking a process with VMAs that do have VM_WIPEONFORK set
1315 * behave as expected.
1316 */
1317TEST_F(guard_regions, fork_wipeonfork)
1318{
1319	const unsigned long page_size = self->page_size;
1320	char *ptr;
1321	pid_t pid;
1322	int i;
1323
1324	if (variant->backing != ANON_BACKED)
1325		SKIP(return, "Wipe on fork only supported on anon mappings");
1326
1327	/* Map 10 pages. */
1328	ptr = mmap_(self, variant, NULL, 10 * page_size,
1329		    PROT_READ | PROT_WRITE, 0, 0);
1330	ASSERT_NE(ptr, MAP_FAILED);
1331
1332	/* Mark wipe on fork. */
1333	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_WIPEONFORK), 0);
1334
1335	/* Guard the first 5 pages. */
1336	ASSERT_EQ(madvise(ptr, 5 * page_size, MADV_GUARD_INSTALL), 0);
1337
1338	pid = fork();
1339	ASSERT_NE(pid, -1);
1340	if (!pid) {
1341		/* This is the child process now. */
1342
1343		/* Guard will have been wiped. */
1344		for (i = 0; i < 10; i++) {
1345			char *curr = &ptr[i * page_size];
1346
1347			ASSERT_TRUE(try_read_write_buf(curr));
1348		}
1349
1350		exit(0);
1351	}
1352
1353	/* Parent process. */
1354
1355	waitpid(pid, NULL, 0);
1356
1357	/* Guard markers should be in effect.*/
1358	for (i = 0; i < 10; i++) {
1359		char *curr = &ptr[i * page_size];
1360		bool result = try_read_write_buf(curr);
1361
1362		ASSERT_TRUE(i >= 5 ? result : !result);
1363	}
1364
1365	/* Cleanup. */
1366	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1367}
1368
1369/* Ensure that MADV_FREE retains guard entries as expected. */
1370TEST_F(guard_regions, lazyfree)
1371{
1372	const unsigned long page_size = self->page_size;
1373	char *ptr;
1374	int i;
1375
1376	if (variant->backing != ANON_BACKED)
1377		SKIP(return, "MADV_FREE only supported on anon mappings");
1378
1379	/* Map 10 pages. */
1380	ptr = mmap_(self, variant, NULL, 10 * page_size,
1381		    PROT_READ | PROT_WRITE, 0, 0);
1382	ASSERT_NE(ptr, MAP_FAILED);
1383
1384	/* Guard range. */
1385	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0);
1386
1387	/* Ensure guarded. */
1388	for (i = 0; i < 10; i++) {
1389		char *curr = &ptr[i * page_size];
1390
1391		ASSERT_FALSE(try_read_write_buf(curr));
1392	}
1393
1394	/* Lazyfree range. */
1395	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_FREE), 0);
1396
1397	/* This should leave the guard markers in place. */
1398	for (i = 0; i < 10; i++) {
1399		char *curr = &ptr[i * page_size];
1400
1401		ASSERT_FALSE(try_read_write_buf(curr));
1402	}
1403
1404	/* Cleanup. */
1405	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1406}
1407
1408/* Ensure that MADV_POPULATE_READ, MADV_POPULATE_WRITE behave as expected. */
1409TEST_F(guard_regions, populate)
1410{
1411	const unsigned long page_size = self->page_size;
1412	char *ptr;
1413
1414	/* Map 10 pages. */
1415	ptr = mmap_(self, variant, NULL, 10 * page_size,
1416		    PROT_READ | PROT_WRITE, 0, 0);
1417	ASSERT_NE(ptr, MAP_FAILED);
1418
1419	/* Guard range. */
1420	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0);
1421
1422	/* Populate read should error out... */
1423	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_POPULATE_READ), -1);
1424	ASSERT_EQ(errno, EFAULT);
1425
1426	/* ...as should populate write. */
1427	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_POPULATE_WRITE), -1);
1428	ASSERT_EQ(errno, EFAULT);
1429
1430	/* Cleanup. */
1431	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1432}
1433
1434/* Ensure that MADV_COLD, MADV_PAGEOUT do not remove guard markers. */
1435TEST_F(guard_regions, cold_pageout)
1436{
1437	const unsigned long page_size = self->page_size;
1438	char *ptr;
1439	int i;
1440
1441	/* Map 10 pages. */
1442	ptr = mmap_(self, variant, NULL, 10 * page_size,
1443		    PROT_READ | PROT_WRITE, 0, 0);
1444	ASSERT_NE(ptr, MAP_FAILED);
1445
1446	/* Guard range. */
1447	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0);
1448
1449	/* Ensured guarded. */
1450	for (i = 0; i < 10; i++) {
1451		char *curr = &ptr[i * page_size];
1452
1453		ASSERT_FALSE(try_read_write_buf(curr));
1454	}
1455
1456	/* Now mark cold. This should have no impact on guard markers. */
1457	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_COLD), 0);
1458
1459	/* Should remain guarded. */
1460	for (i = 0; i < 10; i++) {
1461		char *curr = &ptr[i * page_size];
1462
1463		ASSERT_FALSE(try_read_write_buf(curr));
1464	}
1465
1466	/* OK, now page out. This should equally, have no effect on markers. */
1467	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_PAGEOUT), 0);
1468
1469	/* Should remain guarded. */
1470	for (i = 0; i < 10; i++) {
1471		char *curr = &ptr[i * page_size];
1472
1473		ASSERT_FALSE(try_read_write_buf(curr));
1474	}
1475
1476	/* Cleanup. */
1477	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1478}
1479
1480/* Ensure that guard pages do not break userfaultd. */
1481TEST_F(guard_regions, uffd)
1482{
1483	const unsigned long page_size = self->page_size;
1484	int uffd;
1485	char *ptr;
1486	int i;
1487	struct uffdio_api api = {
1488		.api = UFFD_API,
1489		.features = 0,
1490	};
1491	struct uffdio_register reg;
1492	struct uffdio_range range;
1493
1494	if (!is_anon_backed(variant))
1495		SKIP(return, "uffd only works on anon backing");
1496
1497	/* Set up uffd. */
1498	uffd = userfaultfd(0);
1499	if (uffd == -1) {
1500		switch (errno) {
1501		case EPERM:
1502			SKIP(return, "No userfaultfd permissions, try running as root.");
1503			break;
1504		case ENOSYS:
1505			SKIP(return, "userfaultfd is not supported/not enabled.");
1506			break;
1507		default:
1508			ksft_exit_fail_msg("userfaultfd failed with %s\n",
1509					   strerror(errno));
1510			break;
1511		}
1512	}
1513
1514	ASSERT_NE(uffd, -1);
1515
1516	ASSERT_EQ(ioctl(uffd, UFFDIO_API, &api), 0);
1517
1518	/* Map 10 pages. */
1519	ptr = mmap_(self, variant, NULL, 10 * page_size,
1520		    PROT_READ | PROT_WRITE, 0, 0);
1521	ASSERT_NE(ptr, MAP_FAILED);
1522
1523	/* Register the range with uffd. */
1524	range.start = (unsigned long)ptr;
1525	range.len = 10 * page_size;
1526	reg.range = range;
1527	reg.mode = UFFDIO_REGISTER_MODE_MISSING;
1528	ASSERT_EQ(ioctl(uffd, UFFDIO_REGISTER, &reg), 0);
1529
1530	/* Guard the range. This should not trigger the uffd. */
1531	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_INSTALL), 0);
1532
1533	/* The guarding should behave as usual with no uffd intervention. */
1534	for (i = 0; i < 10; i++) {
1535		char *curr = &ptr[i * page_size];
1536
1537		ASSERT_FALSE(try_read_write_buf(curr));
1538	}
1539
1540	/* Cleanup. */
1541	ASSERT_EQ(ioctl(uffd, UFFDIO_UNREGISTER, &range), 0);
1542	close(uffd);
1543	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1544}
1545
1546/*
1547 * Mark a region within a file-backed mapping using MADV_SEQUENTIAL so we
1548 * aggressively read-ahead, then install guard regions and assert that it
1549 * behaves correctly.
1550 *
1551 * We page out using MADV_PAGEOUT before checking guard regions so we drop page
1552 * cache folios, meaning we maximise the possibility of some broken readahead.
1553 */
1554TEST_F(guard_regions, madvise_sequential)
1555{
1556	char *ptr;
1557	int i;
1558	const unsigned long page_size = self->page_size;
1559
1560	if (variant->backing == ANON_BACKED)
1561		SKIP(return, "MADV_SEQUENTIAL meaningful only for file-backed");
1562
1563	ptr = mmap_(self, variant, NULL, 10 * page_size,
1564		    PROT_READ | PROT_WRITE, 0, 0);
1565	ASSERT_NE(ptr, MAP_FAILED);
1566
1567	/* Establish a pattern of data in the file. */
1568	set_pattern(ptr, 10, page_size);
1569	ASSERT_TRUE(check_pattern(ptr, 10, page_size));
1570
1571	/* Mark it as being accessed sequentially. */
1572	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_SEQUENTIAL), 0);
1573
1574	/* Mark every other page a guard page. */
1575	for (i = 0; i < 10; i += 2) {
1576		char *ptr2 = &ptr[i * page_size];
1577
1578		ASSERT_EQ(madvise(ptr2, page_size, MADV_GUARD_INSTALL), 0);
1579	}
1580
1581	/* Now page it out. */
1582	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_PAGEOUT), 0);
1583
1584	/* Now make sure pages are as expected. */
1585	for (i = 0; i < 10; i++) {
1586		char *chrp = &ptr[i * page_size];
1587
1588		if (i % 2 == 0) {
1589			bool result = try_read_write_buf(chrp);
1590
1591			ASSERT_FALSE(result);
1592		} else {
1593			ASSERT_EQ(*chrp, 'a' + i);
1594		}
1595	}
1596
1597	/* Now remove guard pages. */
1598	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0);
1599
1600	/* Now make sure all data is as expected. */
1601	if (!check_pattern(ptr, 10, page_size))
1602		ASSERT_TRUE(false);
1603
1604	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1605}
1606
1607/*
1608 * Check that file-backed mappings implement guard regions with MAP_PRIVATE
1609 * correctly.
1610 */
1611TEST_F(guard_regions, map_private)
1612{
1613	const unsigned long page_size = self->page_size;
1614	char *ptr_shared, *ptr_private;
1615	int i;
1616
1617	if (variant->backing == ANON_BACKED)
1618		SKIP(return, "MAP_PRIVATE test specific to file-backed");
1619
1620	ptr_shared = mmap_(self, variant, NULL, 10 * page_size, PROT_READ | PROT_WRITE, 0, 0);
1621	ASSERT_NE(ptr_shared, MAP_FAILED);
1622
1623	/* Manually mmap(), do not use mmap_() wrapper so we can force MAP_PRIVATE. */
1624	ptr_private = mmap(NULL, 10 * page_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, self->fd, 0);
1625	ASSERT_NE(ptr_private, MAP_FAILED);
1626
1627	/* Set pattern in shared mapping. */
1628	set_pattern(ptr_shared, 10, page_size);
1629
1630	/* Install guard regions in every other page in the shared mapping. */
1631	for (i = 0; i < 10; i += 2) {
1632		char *ptr = &ptr_shared[i * page_size];
1633
1634		ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0);
1635	}
1636
1637	for (i = 0; i < 10; i++) {
1638		/* Every even shared page should be guarded. */
1639		ASSERT_EQ(try_read_buf(&ptr_shared[i * page_size]), i % 2 != 0);
1640		/* Private mappings should always be readable. */
1641		ASSERT_TRUE(try_read_buf(&ptr_private[i * page_size]));
1642	}
1643
1644	/* Install guard regions in every other page in the private mapping. */
1645	for (i = 0; i < 10; i += 2) {
1646		char *ptr = &ptr_private[i * page_size];
1647
1648		ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0);
1649	}
1650
1651	for (i = 0; i < 10; i++) {
1652		/* Every even shared page should be guarded. */
1653		ASSERT_EQ(try_read_buf(&ptr_shared[i * page_size]), i % 2 != 0);
1654		/* Every odd private page should be guarded. */
1655		ASSERT_EQ(try_read_buf(&ptr_private[i * page_size]), i % 2 != 0);
1656	}
1657
1658	/* Remove guard regions from shared mapping. */
1659	ASSERT_EQ(madvise(ptr_shared, 10 * page_size, MADV_GUARD_REMOVE), 0);
1660
1661	for (i = 0; i < 10; i++) {
1662		/* Shared mappings should always be readable. */
1663		ASSERT_TRUE(try_read_buf(&ptr_shared[i * page_size]));
1664		/* Every even private page should be guarded. */
1665		ASSERT_EQ(try_read_buf(&ptr_private[i * page_size]), i % 2 != 0);
1666	}
1667
1668	/* Remove guard regions from private mapping. */
1669	ASSERT_EQ(madvise(ptr_private, 10 * page_size, MADV_GUARD_REMOVE), 0);
1670
1671	for (i = 0; i < 10; i++) {
1672		/* Shared mappings should always be readable. */
1673		ASSERT_TRUE(try_read_buf(&ptr_shared[i * page_size]));
1674		/* Private mappings should always be readable. */
1675		ASSERT_TRUE(try_read_buf(&ptr_private[i * page_size]));
1676	}
1677
1678	/* Ensure patterns are intact. */
1679	ASSERT_TRUE(check_pattern(ptr_shared, 10, page_size));
1680	ASSERT_TRUE(check_pattern(ptr_private, 10, page_size));
1681
1682	/* Now write out every other page to MAP_PRIVATE. */
1683	for (i = 0; i < 10; i += 2) {
1684		char *ptr = &ptr_private[i * page_size];
1685
1686		memset(ptr, 'a' + i, page_size);
1687	}
1688
1689	/*
1690	 * At this point the mapping is:
1691	 *
1692	 * 0123456789
1693	 * SPSPSPSPSP
1694	 *
1695	 * Where S = shared, P = private mappings.
1696	 */
1697
1698	/* Now mark the beginning of the mapping guarded. */
1699	ASSERT_EQ(madvise(ptr_private, 5 * page_size, MADV_GUARD_INSTALL), 0);
1700
1701	/*
1702	 * This renders the mapping:
1703	 *
1704	 * 0123456789
1705	 * xxxxxPSPSP
1706	 */
1707
1708	for (i = 0; i < 10; i++) {
1709		char *ptr = &ptr_private[i * page_size];
1710
1711		/* Ensure guard regions as expected. */
1712		ASSERT_EQ(try_read_buf(ptr), i >= 5);
1713		/* The shared mapping should always succeed. */
1714		ASSERT_TRUE(try_read_buf(&ptr_shared[i * page_size]));
1715	}
1716
1717	/* Remove the guard regions altogether. */
1718	ASSERT_EQ(madvise(ptr_private, 10 * page_size, MADV_GUARD_REMOVE), 0);
1719
1720	/*
1721	 *
1722	 * We now expect the mapping to be:
1723	 *
1724	 * 0123456789
1725	 * SSSSSPSPSP
1726	 *
1727	 * As we removed guard regions, the private pages from the first 5 will
1728	 * have been zapped, so on fault will reestablish the shared mapping.
1729	 */
1730
1731	for (i = 0; i < 10; i++) {
1732		char *ptr = &ptr_private[i * page_size];
1733
1734		/*
1735		 * Assert that shared mappings in the MAP_PRIVATE mapping match
1736		 * the shared mapping.
1737		 */
1738		if (i < 5 || i % 2 == 0) {
1739			char *ptr_s = &ptr_shared[i * page_size];
1740
1741			ASSERT_EQ(memcmp(ptr, ptr_s, page_size), 0);
1742			continue;
1743		}
1744
1745		/* Everything else is a private mapping. */
1746		ASSERT_TRUE(is_buf_eq(ptr, page_size, 'a' + i));
1747	}
1748
1749	ASSERT_EQ(munmap(ptr_shared, 10 * page_size), 0);
1750	ASSERT_EQ(munmap(ptr_private, 10 * page_size), 0);
1751}
1752
1753/* Test that guard regions established over a read-only mapping function correctly. */
1754TEST_F(guard_regions, readonly_file)
1755{
1756	const unsigned long page_size = self->page_size;
1757	char *ptr;
1758	int i;
1759
1760	if (variant->backing != LOCAL_FILE_BACKED)
1761		SKIP(return, "Read-only test specific to file-backed");
1762
1763	/* Map shared so we can populate with pattern, populate it, unmap. */
1764	ptr = mmap_(self, variant, NULL, 10 * page_size,
1765		    PROT_READ | PROT_WRITE, 0, 0);
1766	ASSERT_NE(ptr, MAP_FAILED);
1767	set_pattern(ptr, 10, page_size);
1768	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1769	/* Close the fd so we can re-open read-only. */
1770	ASSERT_EQ(close(self->fd), 0);
1771
1772	/* Re-open read-only. */
1773	self->fd = open(self->path, O_RDONLY);
1774	ASSERT_NE(self->fd, -1);
1775	/* Re-map read-only. */
1776	ptr = mmap_(self, variant, NULL, 10 * page_size, PROT_READ, 0, 0);
1777	ASSERT_NE(ptr, MAP_FAILED);
1778
1779	/* Mark every other page guarded. */
1780	for (i = 0; i < 10; i += 2) {
1781		char *ptr_pg = &ptr[i * page_size];
1782
1783		ASSERT_EQ(madvise(ptr_pg, page_size, MADV_GUARD_INSTALL), 0);
1784	}
1785
1786	/* Assert that the guard regions are in place.*/
1787	for (i = 0; i < 10; i++) {
1788		char *ptr_pg = &ptr[i * page_size];
1789
1790		ASSERT_EQ(try_read_buf(ptr_pg), i % 2 != 0);
1791	}
1792
1793	/* Remove guard regions. */
1794	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0);
1795
1796	/* Ensure the data is as expected. */
1797	ASSERT_TRUE(check_pattern(ptr, 10, page_size));
1798
1799	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1800}
1801
1802TEST_F(guard_regions, fault_around)
1803{
1804	const unsigned long page_size = self->page_size;
1805	char *ptr;
1806	int i;
1807
1808	if (variant->backing == ANON_BACKED)
1809		SKIP(return, "Fault-around test specific to file-backed");
1810
1811	ptr = mmap_(self, variant, NULL, 10 * page_size,
1812		    PROT_READ | PROT_WRITE, 0, 0);
1813	ASSERT_NE(ptr, MAP_FAILED);
1814
1815	/* Establish a pattern in the backing file. */
1816	set_pattern(ptr, 10, page_size);
1817
1818	/*
1819	 * Now drop it from the page cache so we get major faults when next we
1820	 * map it.
1821	 */
1822	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_PAGEOUT), 0);
1823
1824	/* Unmap and remap 'to be sure'. */
1825	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1826	ptr = mmap_(self, variant, NULL, 10 * page_size,
1827		    PROT_READ | PROT_WRITE, 0, 0);
1828	ASSERT_NE(ptr, MAP_FAILED);
1829
1830	/* Now make every even page guarded. */
1831	for (i = 0; i < 10; i += 2) {
1832		char *ptr_p = &ptr[i * page_size];
1833
1834		ASSERT_EQ(madvise(ptr_p, page_size, MADV_GUARD_INSTALL), 0);
1835	}
1836
1837	/* Now fault in every odd page. This should trigger fault-around. */
1838	for (i = 1; i < 10; i += 2) {
1839		char *ptr_p = &ptr[i * page_size];
1840
1841		ASSERT_TRUE(try_read_buf(ptr_p));
1842	}
1843
1844	/* Finally, ensure that guard regions are intact as expected. */
1845	for (i = 0; i < 10; i++) {
1846		char *ptr_p = &ptr[i * page_size];
1847
1848		ASSERT_EQ(try_read_buf(ptr_p), i % 2 != 0);
1849	}
1850
1851	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1852}
1853
1854TEST_F(guard_regions, truncation)
1855{
1856	const unsigned long page_size = self->page_size;
1857	char *ptr;
1858	int i;
1859
1860	if (variant->backing == ANON_BACKED)
1861		SKIP(return, "Truncation test specific to file-backed");
1862
1863	ptr = mmap_(self, variant, NULL, 10 * page_size,
1864		    PROT_READ | PROT_WRITE, 0, 0);
1865	ASSERT_NE(ptr, MAP_FAILED);
1866
1867	/*
1868	 * Establish a pattern in the backing file, just so there is data
1869	 * there.
1870	 */
1871	set_pattern(ptr, 10, page_size);
1872
1873	/* Now make every even page guarded. */
1874	for (i = 0; i < 10; i += 2) {
1875		char *ptr_p = &ptr[i * page_size];
1876
1877		ASSERT_EQ(madvise(ptr_p, page_size, MADV_GUARD_INSTALL), 0);
1878	}
1879
1880	/* Now assert things are as expected. */
1881	for (i = 0; i < 10; i++) {
1882		char *ptr_p = &ptr[i * page_size];
1883
1884		ASSERT_EQ(try_read_write_buf(ptr_p), i % 2 != 0);
1885	}
1886
1887	/* Now truncate to actually used size (initialised to 100). */
1888	ASSERT_EQ(ftruncate(self->fd, 10 * page_size), 0);
1889
1890	/* Here the guard regions will remain intact. */
1891	for (i = 0; i < 10; i++) {
1892		char *ptr_p = &ptr[i * page_size];
1893
1894		ASSERT_EQ(try_read_write_buf(ptr_p), i % 2 != 0);
1895	}
1896
1897	/* Now truncate to half the size, then truncate again to the full size. */
1898	ASSERT_EQ(ftruncate(self->fd, 5 * page_size), 0);
1899	ASSERT_EQ(ftruncate(self->fd, 10 * page_size), 0);
1900
1901	/* Again, guard pages will remain intact. */
1902	for (i = 0; i < 10; i++) {
1903		char *ptr_p = &ptr[i * page_size];
1904
1905		ASSERT_EQ(try_read_write_buf(ptr_p), i % 2 != 0);
1906	}
1907
1908	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1909}
1910
1911TEST_F(guard_regions, hole_punch)
1912{
1913	const unsigned long page_size = self->page_size;
1914	char *ptr;
1915	int i;
1916
1917	if (variant->backing == ANON_BACKED)
1918		SKIP(return, "Truncation test specific to file-backed");
1919
1920	/* Establish pattern in mapping. */
1921	ptr = mmap_(self, variant, NULL, 10 * page_size,
1922		    PROT_READ | PROT_WRITE, 0, 0);
1923	ASSERT_NE(ptr, MAP_FAILED);
1924	set_pattern(ptr, 10, page_size);
1925
1926	/* Install a guard region in the middle of the mapping. */
1927	ASSERT_EQ(madvise(&ptr[3 * page_size], 4 * page_size,
1928			  MADV_GUARD_INSTALL), 0);
1929
1930	/*
1931	 * The buffer will now be:
1932	 *
1933	 * 0123456789
1934	 * ***xxxx***
1935	 *
1936	 * Where * is data and x is the guard region.
1937	 */
1938
1939	/* Ensure established. */
1940	for (i = 0; i < 10; i++) {
1941		char *ptr_p = &ptr[i * page_size];
1942
1943		ASSERT_EQ(try_read_buf(ptr_p), i < 3 || i >= 7);
1944	}
1945
1946	/* Now hole punch the guarded region. */
1947	ASSERT_EQ(madvise(&ptr[3 * page_size], 4 * page_size,
1948			  MADV_REMOVE), 0);
1949
1950	/* Ensure guard regions remain. */
1951	for (i = 0; i < 10; i++) {
1952		char *ptr_p = &ptr[i * page_size];
1953
1954		ASSERT_EQ(try_read_buf(ptr_p), i < 3 || i >= 7);
1955	}
1956
1957	/* Now remove guard region throughout. */
1958	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0);
1959
1960	/* Check that the pattern exists in non-hole punched region. */
1961	ASSERT_TRUE(check_pattern(ptr, 3, page_size));
1962	/* Check that hole punched region is zeroed. */
1963	ASSERT_TRUE(is_buf_eq(&ptr[3 * page_size], 4 * page_size, '\0'));
1964	/* Check that the pattern exists in the remainder of the file. */
1965	ASSERT_TRUE(check_pattern_offset(ptr, 3, page_size, 7));
1966
1967	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1968}
1969
1970/*
1971 * Ensure that a memfd works correctly with guard regions, that we can write
1972 * seal it then open the mapping read-only and still establish guard regions
1973 * within, remove those guard regions and have everything work correctly.
1974 */
1975TEST_F(guard_regions, memfd_write_seal)
1976{
1977	const unsigned long page_size = self->page_size;
1978	char *ptr;
1979	int i;
1980
1981	if (variant->backing != SHMEM_BACKED)
1982		SKIP(return, "memfd write seal test specific to shmem");
1983
1984	/* OK, we need a memfd, so close existing one. */
1985	ASSERT_EQ(close(self->fd), 0);
1986
1987	/* Create and truncate memfd. */
1988	self->fd = memfd_create("guard_regions_memfd_seals_test",
1989				MFD_ALLOW_SEALING);
1990	ASSERT_NE(self->fd, -1);
1991	ASSERT_EQ(ftruncate(self->fd, 10 * page_size), 0);
1992
1993	/* Map, set pattern, unmap. */
1994	ptr = mmap_(self, variant, NULL, 10 * page_size, PROT_READ | PROT_WRITE, 0, 0);
1995	ASSERT_NE(ptr, MAP_FAILED);
1996	set_pattern(ptr, 10, page_size);
1997	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
1998
1999	/* Write-seal the memfd. */
2000	ASSERT_EQ(fcntl(self->fd, F_ADD_SEALS, F_SEAL_WRITE), 0);
2001
2002	/* Now map the memfd readonly. */
2003	ptr = mmap_(self, variant, NULL, 10 * page_size, PROT_READ, 0, 0);
2004	ASSERT_NE(ptr, MAP_FAILED);
2005
2006	/* Ensure pattern is as expected. */
2007	ASSERT_TRUE(check_pattern(ptr, 10, page_size));
2008
2009	/* Now make every even page guarded. */
2010	for (i = 0; i < 10; i += 2) {
2011		char *ptr_p = &ptr[i * page_size];
2012
2013		ASSERT_EQ(madvise(ptr_p, page_size, MADV_GUARD_INSTALL), 0);
2014	}
2015
2016	/* Now assert things are as expected. */
2017	for (i = 0; i < 10; i++) {
2018		char *ptr_p = &ptr[i * page_size];
2019
2020		ASSERT_EQ(try_read_buf(ptr_p), i % 2 != 0);
2021	}
2022
2023	/* Now remove guard regions. */
2024	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0);
2025
2026	/* Ensure pattern is as expected. */
2027	ASSERT_TRUE(check_pattern(ptr, 10, page_size));
2028
2029	/* Ensure write seal intact. */
2030	for (i = 0; i < 10; i++) {
2031		char *ptr_p = &ptr[i * page_size];
2032
2033		ASSERT_FALSE(try_write_buf(ptr_p));
2034	}
2035
2036	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
2037}
2038
2039
2040/*
2041 * Since we are now permitted to establish guard regions in read-only anonymous
2042 * mappings, for the sake of thoroughness, though it probably has no practical
2043 * use, test that guard regions function with a mapping to the anonymous zero
2044 * page.
2045 */
2046TEST_F(guard_regions, anon_zeropage)
2047{
2048	const unsigned long page_size = self->page_size;
2049	char *ptr;
2050	int i;
2051
2052	if (!is_anon_backed(variant))
2053		SKIP(return, "anon zero page test specific to anon/shmem");
2054
2055	/* Obtain a read-only i.e. anon zero page mapping. */
2056	ptr = mmap_(self, variant, NULL, 10 * page_size, PROT_READ, 0, 0);
2057	ASSERT_NE(ptr, MAP_FAILED);
2058
2059	/* Now make every even page guarded. */
2060	for (i = 0; i < 10; i += 2) {
2061		char *ptr_p = &ptr[i * page_size];
2062
2063		ASSERT_EQ(madvise(ptr_p, page_size, MADV_GUARD_INSTALL), 0);
2064	}
2065
2066	/* Now assert things are as expected. */
2067	for (i = 0; i < 10; i++) {
2068		char *ptr_p = &ptr[i * page_size];
2069
2070		ASSERT_EQ(try_read_buf(ptr_p), i % 2 != 0);
2071	}
2072
2073	/* Now remove all guard regions. */
2074	ASSERT_EQ(madvise(ptr, 10 * page_size, MADV_GUARD_REMOVE), 0);
2075
2076	/* Now assert things are as expected. */
2077	for (i = 0; i < 10; i++) {
2078		char *ptr_p = &ptr[i * page_size];
2079
2080		ASSERT_TRUE(try_read_buf(ptr_p));
2081	}
2082
2083	/* Ensure zero page...*/
2084	ASSERT_TRUE(is_buf_eq(ptr, 10 * page_size, '\0'));
2085
2086	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
2087}
2088
2089/*
2090 * Assert that /proc/$pid/pagemap correctly identifies guard region ranges.
2091 */
2092TEST_F(guard_regions, pagemap)
2093{
2094	const unsigned long page_size = self->page_size;
2095	int proc_fd;
2096	char *ptr;
2097	int i;
2098
2099	proc_fd = open("/proc/self/pagemap", O_RDONLY);
2100	ASSERT_NE(proc_fd, -1);
2101
2102	ptr = mmap_(self, variant, NULL, 10 * page_size,
2103		    PROT_READ | PROT_WRITE, 0, 0);
2104	ASSERT_NE(ptr, MAP_FAILED);
2105
2106	/* Read from pagemap, and assert no guard regions are detected. */
2107	for (i = 0; i < 10; i++) {
2108		char *ptr_p = &ptr[i * page_size];
2109		unsigned long entry = pagemap_get_entry(proc_fd, ptr_p);
2110		unsigned long masked = entry & PM_GUARD_REGION;
2111
2112		ASSERT_EQ(masked, 0);
2113	}
2114
2115	/* Install a guard region in every other page. */
2116	for (i = 0; i < 10; i += 2) {
2117		char *ptr_p = &ptr[i * page_size];
2118
2119		ASSERT_EQ(madvise(ptr_p, page_size, MADV_GUARD_INSTALL), 0);
2120	}
2121
2122	/* Re-read from pagemap, and assert guard regions are detected. */
2123	for (i = 0; i < 10; i++) {
2124		char *ptr_p = &ptr[i * page_size];
2125		unsigned long entry = pagemap_get_entry(proc_fd, ptr_p);
2126		unsigned long masked = entry & PM_GUARD_REGION;
2127
2128		ASSERT_EQ(masked, i % 2 == 0 ? PM_GUARD_REGION : 0);
2129	}
2130
2131	ASSERT_EQ(close(proc_fd), 0);
2132	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
2133}
2134
2135/*
2136 * Assert that PAGEMAP_SCAN correctly reports guard region ranges.
2137 */
2138TEST_F(guard_regions, pagemap_scan)
2139{
2140	const unsigned long page_size = self->page_size;
2141	struct page_region pm_regs[10];
2142	struct pm_scan_arg pm_scan_args = {
2143		.size = sizeof(struct pm_scan_arg),
2144		.category_anyof_mask = PAGE_IS_GUARD,
2145		.return_mask = PAGE_IS_GUARD,
2146		.vec = (long)&pm_regs,
2147		.vec_len = ARRAY_SIZE(pm_regs),
2148	};
2149	int proc_fd, i;
2150	char *ptr;
2151
2152	proc_fd = open("/proc/self/pagemap", O_RDONLY);
2153	ASSERT_NE(proc_fd, -1);
2154
2155	ptr = mmap_(self, variant, NULL, 10 * page_size,
2156		    PROT_READ | PROT_WRITE, 0, 0);
2157	ASSERT_NE(ptr, MAP_FAILED);
2158
2159	pm_scan_args.start = (long)ptr;
2160	pm_scan_args.end = (long)ptr + 10 * page_size;
2161	ASSERT_EQ(ioctl(proc_fd, PAGEMAP_SCAN, &pm_scan_args), 0);
2162	ASSERT_EQ(pm_scan_args.walk_end, (long)ptr + 10 * page_size);
2163
2164	/* Install a guard region in every other page. */
2165	for (i = 0; i < 10; i += 2) {
2166		char *ptr_p = &ptr[i * page_size];
2167
2168		ASSERT_EQ(syscall(__NR_madvise, ptr_p, page_size, MADV_GUARD_INSTALL), 0);
2169	}
2170
2171	/*
2172	 * Assert ioctl() returns the count of located regions, where each
2173	 * region spans every other page within the range of 10 pages.
2174	 */
2175	ASSERT_EQ(ioctl(proc_fd, PAGEMAP_SCAN, &pm_scan_args), 5);
2176	ASSERT_EQ(pm_scan_args.walk_end, (long)ptr + 10 * page_size);
2177
2178	/* Re-read from pagemap, and assert guard regions are detected. */
2179	for (i = 0; i < 5; i++) {
2180		long ptr_p = (long)&ptr[2 * i * page_size];
2181
2182		ASSERT_EQ(pm_regs[i].start, ptr_p);
2183		ASSERT_EQ(pm_regs[i].end, ptr_p + page_size);
2184		ASSERT_EQ(pm_regs[i].categories, PAGE_IS_GUARD);
2185	}
2186
2187	ASSERT_EQ(close(proc_fd), 0);
2188	ASSERT_EQ(munmap(ptr, 10 * page_size), 0);
2189}
2190
2191TEST_F(guard_regions, collapse)
2192{
2193	const unsigned long page_size = self->page_size;
2194	const unsigned long size = 2 * HPAGE_SIZE;
2195	const unsigned long num_pages = size / page_size;
2196	char *ptr;
2197	int i;
2198
2199	if (!thp_available())
2200		SKIP(return, "Transparent Hugepages not available\n");
2201
2202	/* Need file to be correct size for tests for non-anon. */
2203	if (variant->backing != ANON_BACKED)
2204		ASSERT_EQ(ftruncate(self->fd, size), 0);
2205
2206	/*
2207	 * We must close and re-open local-file backed as read-only for
2208	 * CONFIG_READ_ONLY_THP_FOR_FS to work.
2209	 */
2210	if (variant->backing == LOCAL_FILE_BACKED) {
2211		ASSERT_EQ(close(self->fd), 0);
2212
2213		self->fd = open(self->path, O_RDONLY);
2214		ASSERT_GE(self->fd, 0);
2215	}
2216
2217	ptr = mmap_(self, variant, NULL, size, PROT_READ, 0, 0);
2218	ASSERT_NE(ptr, MAP_FAILED);
2219
2220	/* Prevent being faulted-in as huge. */
2221	ASSERT_EQ(madvise(ptr, size, MADV_NOHUGEPAGE), 0);
2222	/* Fault in. */
2223	ASSERT_EQ(madvise(ptr, size, MADV_POPULATE_READ), 0);
2224
2225	/* Install guard regions in ever other page. */
2226	for (i = 0; i < num_pages; i += 2) {
2227		char *ptr_page = &ptr[i * page_size];
2228
2229		ASSERT_EQ(madvise(ptr_page, page_size, MADV_GUARD_INSTALL), 0);
2230		/* Accesses should now fail. */
2231		ASSERT_FALSE(try_read_buf(ptr_page));
2232	}
2233
2234	/* Allow huge page throughout region. */
2235	ASSERT_EQ(madvise(ptr, size, MADV_HUGEPAGE), 0);
2236
2237	/*
2238	 * Now collapse the entire region. This should fail in all cases.
2239	 *
2240	 * The madvise() call will also fail if CONFIG_READ_ONLY_THP_FOR_FS is
2241	 * not set for the local file case, but we can't differentiate whether
2242	 * this occurred or if the collapse was rightly rejected.
2243	 */
2244	EXPECT_NE(madvise(ptr, size, MADV_COLLAPSE), 0);
2245
2246	/*
2247	 * If we introduce a bug that causes the collapse to succeed, gather
2248	 * data on whether guard regions are at least preserved. The test will
2249	 * fail at this point in any case.
2250	 */
2251	for (i = 0; i < num_pages; i += 2) {
2252		char *ptr_page = &ptr[i * page_size];
2253
2254		/* Accesses should still fail. */
2255		ASSERT_FALSE(try_read_buf(ptr_page));
2256	}
2257}
2258
2259TEST_F(guard_regions, smaps)
2260{
2261	const unsigned long page_size = self->page_size;
2262	struct procmap_fd procmap;
2263	char *ptr, *ptr2;
2264	int i;
2265
2266	/* Map a region. */
2267	ptr = mmap_(self, variant, NULL, 10 * page_size, PROT_READ | PROT_WRITE, 0, 0);
2268	ASSERT_NE(ptr, MAP_FAILED);
2269
2270	/* We shouldn't yet see a guard flag. */
2271	ASSERT_FALSE(check_vmflag_guard(ptr));
2272
2273	/* Install a single guard region. */
2274	ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_INSTALL), 0);
2275
2276	/* Now we should see a guard flag. */
2277	ASSERT_TRUE(check_vmflag_guard(ptr));
2278
2279	/*
2280	 * Removing the guard region should not change things because we simply
2281	 * cannot accurately track whether a given VMA has had all of its guard
2282	 * regions removed.
2283	 */
2284	ASSERT_EQ(madvise(ptr, page_size, MADV_GUARD_REMOVE), 0);
2285	ASSERT_TRUE(check_vmflag_guard(ptr));
2286
2287	/* Install guard regions throughout. */
2288	for (i = 0; i < 10; i++) {
2289		ASSERT_EQ(madvise(&ptr[i * page_size], page_size, MADV_GUARD_INSTALL), 0);
2290		/* We should always see the guard region flag. */
2291		ASSERT_TRUE(check_vmflag_guard(ptr));
2292	}
2293
2294	/* Split into two VMAs. */
2295	ASSERT_EQ(munmap(&ptr[4 * page_size], page_size), 0);
2296
2297	/* Both VMAs should have the guard flag set. */
2298	ASSERT_TRUE(check_vmflag_guard(ptr));
2299	ASSERT_TRUE(check_vmflag_guard(&ptr[5 * page_size]));
2300
2301	/*
2302	 * If the local file system is unable to merge VMAs due to having
2303	 * unusual characteristics, there is no point in asserting merge
2304	 * behaviour.
2305	 */
2306	if (!local_fs_has_sane_mmap(self, variant)) {
2307		TH_LOG("local filesystem does not support sane merging skipping merge test");
2308		return;
2309	}
2310
2311	/* Map a fresh VMA between the two split VMAs. */
2312	ptr2 = mmap_(self, variant, &ptr[4 * page_size], page_size,
2313		     PROT_READ | PROT_WRITE, MAP_FIXED, 4 * page_size);
2314	ASSERT_NE(ptr2, MAP_FAILED);
2315
2316	/*
2317	 * Check the procmap to ensure that this VMA merged with the adjacent
2318	 * two. The guard region flag is 'sticky' so should not preclude
2319	 * merging.
2320	 */
2321	ASSERT_EQ(open_self_procmap(&procmap), 0);
2322	ASSERT_TRUE(find_vma_procmap(&procmap, ptr));
2323	ASSERT_EQ(procmap.query.vma_start, (unsigned long)ptr);
2324	ASSERT_EQ(procmap.query.vma_end, (unsigned long)ptr + 10 * page_size);
2325	ASSERT_EQ(close_procmap(&procmap), 0);
2326	/* And, of course, this VMA should have the guard flag set. */
2327	ASSERT_TRUE(check_vmflag_guard(ptr));
2328}
2329
2330TEST_HARNESS_MAIN
Configure Feed

Configure Feed
