syscalls/mprotect/mprotect04.c

/*
 * Copyright (c) 2014 Fujitsu Ltd.
 * Author: Xing Gu <gux.fnst@cn.fujitsu.com>
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it would be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
/*
 * Description:
 *   Verify that,
 *   1) mprotect() succeeds to set a region of memory with no access,
 *      when 'prot' is set to PROT_NONE. An attempt to access the contents
 *      of the region gives rise to the signal SIGSEGV.
 *   2) mprotect() succeeds to set a region of memory to be executed, when
 *      'prot' is set to PROT_EXEC.
 */

#include "config.h"
#include <signal.h>
#include <setjmp.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <sys/mman.h>
#include <stdlib.h>

#include "test.h"
#include "safe_macros.h"

static void sighandler(int sig);

static void setup(void);
static void cleanup(void);

static void testfunc_protnone(void);

static void testfunc_protexec(void);

static void (*testfunc[])(void) = { testfunc_protnone, testfunc_protexec };

char *TCID = "mprotect04";
int TST_TOTAL = ARRAY_SIZE(testfunc);

static volatile int sig_caught;
static sigjmp_buf env;
static unsigned int copy_sz;

int main(int ac, char **av)
{
	int lc;
	int i;

	tst_parse_opts(ac, av, NULL, NULL);

	setup();

	for (lc = 0; TEST_LOOPING(lc); lc++) {
		tst_count = 0;

		for (i = 0; i < TST_TOTAL; i++)
			(*testfunc[i])();
	}

	cleanup();
	tst_exit();
}

static void sighandler(int sig)
{
	sig_caught = sig;
	siglongjmp(env, 1);
}

static void setup(void)
{
	tst_tmpdir();
	tst_sig(NOFORK, sighandler, cleanup);
	copy_sz = getpagesize() * 2;

	TEST_PAUSE;
}

static void testfunc_protnone(void)
{
	char *addr;
	int page_sz;

	sig_caught = 0;

	page_sz = getpagesize();

	addr = SAFE_MMAP(cleanup, 0, page_sz, PROT_READ | PROT_WRITE,
					 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);

	/* Change the protection to PROT_NONE. */
	TEST(mprotect(addr, page_sz, PROT_NONE));

	if (TEST_RETURN == -1) {
		tst_resm(TFAIL | TTERRNO, "mprotect failed");
	} else {
		if (sigsetjmp(env, 1) == 0)
			addr[0] = 1;

		switch (sig_caught) {
		case SIGSEGV:
			tst_resm(TPASS, "test PROT_NONE for mprotect success");
		break;
		case 0:
			tst_resm(TFAIL, "test PROT_NONE for mprotect failed");
		break;
		default:
			tst_brkm(TBROK, cleanup,
			         "received an unexpected signal: %d",
			         sig_caught);
		}
	}

	SAFE_MUNMAP(cleanup, addr, page_sz);
}

#ifdef __ia64__

static char exec_func[] = {
	0x11, 0x00, 0x00, 0x00, 0x01, 0x00, /* nop.m 0x0             */
	0x00, 0x00, 0x00, 0x02, 0x00, 0x80, /* nop.i 0x0             */
	0x08, 0x00, 0x84, 0x00,             /* br.ret.sptk.many b0;; */
};

struct func_desc {
	uint64_t func_addr;
	uint64_t glob_pointer;
};

static __attribute__((noinline)) void *get_func(void *mem)
{
	static struct func_desc fdesc;

	memcpy(mem, exec_func, sizeof(exec_func));

	fdesc.func_addr = (uint64_t)mem;
	fdesc.glob_pointer = 0;

	return &fdesc;
}

#else

static void exec_func(void)
{
	return;
}

static int page_present(void *p)
{
	int fd;

	fd = SAFE_OPEN(cleanup, "page_present", O_WRONLY|O_CREAT, 0644);
	TEST(write(fd, p, 1));
	SAFE_CLOSE(cleanup, fd);

	if (TEST_RETURN >= 0)
		return 1;

	if (TEST_ERRNO != EFAULT)
		tst_brkm(TBROK | TTERRNO, cleanup, "page_present write");

	return 0;
}

static void clear_cache(void *start, int len)
{
#if HAVE_BUILTIN_CLEAR_CACHE == 1
	__builtin___clear_cache(start, start + len);
#else
	tst_brkm(TCONF, cleanup,
		"compiler doesn't have __builtin___clear_cache()");
#endif
}

/*
 * Copy page where &exec_func resides. Also try to copy subsequent page
 * in case exec_func is close to page boundary.
 */
static void *get_func(void *mem)
{
	uintptr_t page_sz = getpagesize();
	uintptr_t page_mask = ~(page_sz - 1);
	uintptr_t func_page_offset = (uintptr_t)&exec_func & (page_sz - 1);
	void *func_copy_start = mem + func_page_offset;
	void *page_to_copy = (void *)((uintptr_t)&exec_func & page_mask);
	void *mem_start = mem;

	/* copy 1st page, if it's not present something is wrong */
	if (!page_present(page_to_copy)) {
		tst_resm(TINFO, "exec_func: %p, page_to_copy: %p\n",
			&exec_func, page_to_copy);
		tst_brkm(TBROK, cleanup, "page_to_copy not present\n");
	}
	memcpy(mem, page_to_copy, page_sz);

	/* copy 2nd page if possible */
	mem += page_sz;
	page_to_copy += page_sz;
	if (page_present(page_to_copy))
		memcpy(mem, page_to_copy, page_sz);
	else
		memset(mem, 0, page_sz);

	clear_cache(mem_start, copy_sz);

	/* return pointer to area where copy of exec_func resides */
	return func_copy_start;
}

#endif

static void testfunc_protexec(void)
{
	void (*func)(void);
	void *p;

	sig_caught = 0;

	p = SAFE_MMAP(cleanup, 0, copy_sz, PROT_READ | PROT_WRITE,
		 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);

	func = get_func(p);

	/* Change the protection to PROT_EXEC. */
	TEST(mprotect(p, copy_sz, PROT_EXEC));

	if (TEST_RETURN == -1) {
		tst_resm(TFAIL | TTERRNO, "mprotect failed");
	} else {
		if (sigsetjmp(env, 1) == 0)
			(*func)();

		switch (sig_caught) {
		case SIGSEGV:
			tst_resm(TFAIL, "test PROT_EXEC for mprotect failed");
		break;
		case 0:
			tst_resm(TPASS, "test PROT_EXEC for mprotect success");
		break;
		default:
			tst_brkm(TBROK, cleanup,
			         "received an unexpected signal: %d",
			         sig_caught);
		}
	}

	SAFE_MUNMAP(cleanup, p, copy_sz);
}

static void cleanup(void)
{
	tst_rmdir();
}