gdb/testsuite/gdb.arch/aarch64-mte-core.c

   1 /* This test program is part of GDB, the GNU debugger.
   2
   3    Copyright 2022-2024 Free Software Foundation, Inc.
   4
   5    This program is free software; you can redistribute it and/or modify
   6    it under the terms of the GNU General Public License as published by
   7    the Free Software Foundation; either version 3 of the License, or
   8    (at your option) any later version.
   9
  10    This program is distributed in the hope that it will be useful,
  11    but WITHOUT ANY WARRANTY; without even the implied warranty of
  12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13    GNU General Public License for more details.
  14
  15    You should have received a copy of the GNU General Public License
  16    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
  17
  18 /* Exercise AArch64's Memory Tagging Extension corefile support.  We allocate
  19    multiple memory mappings with PROT_MTE and assign tag values for all the
  20    existing MTE granules.  */
  21
  22 /* This test was based on the documentation for the AArch64 Memory Tagging
  23    Extension from the Linux Kernel, found in the sources in
  24    Documentation/arm64/memory-tagging-extension.rst.  */
  25
  26 #include <errno.h>
  27 #include <stdio.h>
  28 #include <stdlib.h>
  29 #include <unistd.h>
  30 #include <sys/auxv.h>
  31 #include <sys/mman.h>
  32 #include <sys/prctl.h>
  33
  34 /* From arch/arm64/include/uapi/asm/hwcap.h */
  35 #ifndef HWCAP2_MTE
  36 #define HWCAP2_MTE              (1 << 18)
  37 #endif
  38
  39 /* From arch/arm64/include/uapi/asm/mman.h */
  40 #ifndef PROT_MTE
  41 #define PROT_MTE  0x20
  42 #endif
  43
  44 #ifndef PR_SET_TAGGED_ADDR_CTRL
  45 #define PR_SET_TAGGED_ADDR_CTRL 55
  46 #define PR_TAGGED_ADDR_ENABLE   (1UL << 0)
  47 #endif
  48
  49 /* From include/uapi/linux/prctl.h */
  50 #ifndef PR_MTE_TCF_SHIFT
  51 #define PR_MTE_TCF_SHIFT        1
  52 #define PR_MTE_TCF_SYNC         (1UL << PR_MTE_TCF_SHIFT)
  53 #define PR_MTE_TCF_ASYNC        (2UL << PR_MTE_TCF_SHIFT)
  54 #define PR_MTE_TAG_SHIFT        3
  55 #define PR_MTE_TAG_MASK         (0xffffUL << PR_MTE_TAG_SHIFT)
  56 #endif
  57
  58 #ifdef ASYNC
  59 #define TCF_MODE PR_MTE_TCF_ASYNC
  60 #else
  61 #define TCF_MODE PR_MTE_TCF_SYNC
  62 #endif
  63
  64 #define NMAPS 5
  65
  66 /* We store the pointers and sizes of the memory maps we requested.  Each
  67    of them has a different size.  */
  68 unsigned char *mmap_pointers[NMAPS];
  69
  70 /* Set the allocation tag on the destination address.  */
  71 #define set_tag(tagged_addr) do {                                 \
  72   asm volatile("stg %0, [%0]" : : "r" (tagged_addr) : "memory");  \
  73 } while (0)
  74
  75
  76 uintptr_t
  77 set_logical_tag (uintptr_t ptr, unsigned char tag)
  78 {
  79   ptr &= ~0xFF00000000000000ULL;
  80   ptr |= ((uintptr_t) tag << 56);
  81   return ptr;
  82 }
  83
  84 void
  85 fill_map_with_tags (unsigned char *ptr, size_t size, unsigned char *tag)
  86 {
  87   for (size_t start = 0; start < size; start += 16)
  88     {
  89       set_tag (set_logical_tag (((uintptr_t)ptr + start) & ~(0xFULL), *tag));
  90       *tag = (*tag + 1) % 16;
  91     }
  92 }
  93
  94 int
  95 main (int argc, char **argv)
  96 {
  97   unsigned char *tagged_ptr;
  98   unsigned long page_sz = sysconf (_SC_PAGESIZE);
  99   unsigned long hwcap2 = getauxval (AT_HWCAP2);
 100
 101   /* Bail out if MTE is not supported.  */
 102   if (!(hwcap2 & HWCAP2_MTE))
 103     return 1;
 104
 105   /* Enable the tagged address ABI, synchronous MTE tag check faults and
 106      allow all non-zero tags in the randomly generated set.  */
 107   if (prctl (PR_SET_TAGGED_ADDR_CTRL,
 108              PR_TAGGED_ADDR_ENABLE | TCF_MODE
 109              | (0xfffe << PR_MTE_TAG_SHIFT),
 110              0, 0, 0))
 111     {
 112       perror ("prctl () failed");
 113       return 1;
 114     }
 115
 116   /* Map a big area of NMAPS * 2 pages.  */
 117   unsigned char *big_map = mmap (0, NMAPS * 2 * page_sz, PROT_NONE,
 118                                  MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
 119
 120   if (big_map == MAP_FAILED)
 121     {
 122       perror ("mmap () failed");
 123       return 1;
 124     }
 125
 126   /* Start with a tag of 0x1 so we can crash later.  */
 127   unsigned char tag = 1;
 128
 129   /* From that big area of NMAPS * 2 pages, go through each page and protect
 130      alternating pages.  This should prevent the kernel from merging different
 131      mmap's and force the creation of multiple individual MTE-protected entries
 132      in /proc/<pid>/smaps.  */
 133   for (int i = 0; i < NMAPS; i++)
 134     {
 135       mmap_pointers[i] = big_map + (i * 2 * page_sz);
 136
 137       /* Enable MTE on alternating pages.  */
 138       if (mprotect (mmap_pointers[i], page_sz,
 139                     PROT_READ | PROT_WRITE | PROT_MTE))
 140         {
 141           perror ("mprotect () failed");
 142           return 1;
 143         }
 144
 145       fill_map_with_tags (mmap_pointers[i], page_sz, &tag);
 146     }
 147
 148   /* The following line causes a crash on purpose.  */
 149   *mmap_pointers[0] = 0x4;
 150
 151   return 0;
 152 }