| blob | 5908bc6abe60c98d168a300df3017ab258b9f161 |
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright 2020, Gustavo Luiz Duarte, IBM Corp.
4 *
5 * This test starts a transaction and triggers a signal, forcing a pagefault to
6 * happen when the kernel signal handling code touches the user signal stack.
7 *
8 * In order to avoid pre-faulting the signal stack memory and to force the
9 * pagefault to happen precisely in the kernel signal handling code, the
10 * pagefault handling is done in userspace using the userfaultfd facility.
11 *
12 * Further pagefaults are triggered by crafting the signal handler's ucontext
13 * to point to additional memory regions managed by the userfaultfd, so using
14 * the same mechanism used to avoid pre-faulting the signal stack memory.
15 *
16 * On failure (bug is present) kernel crashes or never returns control back to
17 * userspace. If bug is not present, tests completes almost immediately.
18 */
20 #include <stdio.h>
21 #include <stdlib.h>
22 #include <string.h>
23 #include <linux/userfaultfd.h>
24 #include <poll.h>
25 #include <unistd.h>
26 #include <sys/ioctl.h>
27 #include <sys/syscall.h>
28 #include <fcntl.h>
29 #include <sys/mman.h>
30 #include <pthread.h>
31 #include <signal.h>
32 #include <errno.h>
39 /* Memory handled by userfaultfd */
43 /*
44 * Data that will be copied into the faulting pages (instead of zero-filled
45 * pages). This is used to make the test more reliable and avoid segfaulting
46 * when we return from the signal handler. Since we are making the signal
47 * handler's ucontext point to newly allocated memory, when that memory is
48 * paged-in it will contain the expected content.
49 */
54 /*
55 * Return a chunk of at least 'size' bytes of memory that will be handled by
56 * userfaultfd. If 'backing_data' is not NULL, its content will be save to
57 * 'backing_mem' and then copied into the faulting pages when the page fault
58 * is handled.
59 */
61 {
67 }
71 /* Save the data that will be copied into the faulting page */
75 /* Reserve the requested amount of uf_mem */
77 /* Keep uf_mem_offset aligned to the page size (round up) */
81 }
84 {
99 }
105 }
110 }
112 /* We expect only one kind of event */
116 }
118 /*
119 * We need to handle page faults in units of pages(!).
120 * So, round faulting address down to page boundary.
121 */
133 }
134 }
135 }
138 {
140 pthread_t thr;
147 /* Create and enable userfaultfd object */
152 }
158 }
160 /*
161 * Create a private anonymous mapping. The memory will be demand-zero
162 * paged, that is, not yet allocated. When we actually touch the memory
163 * the related page will be allocated via the userfaultfd mechanism.
164 */
170 }
172 /*
173 * Register the memory range of the mapping we've just mapped to be
174 * handled by the userfaultfd object. In 'mode' we request to track
175 * missing pages (i.e. pages that have not yet been faulted-in).
176 */
183 }
185 /* Create a thread that will process the userfaultfd events */
190 }
191 }
193 /*
194 * Assumption: the signal was delivered while userspace was in transactional or
195 * suspended state, i.e. uc->uc_link != NULL.
196 */
198 {
201 /* Skip 'trap' after returning, otherwise we get a SIGTRAP again */
211 }
214 {
221 }
224 {
226 stack_t ss;
233 /*
234 * Set an alternative stack that will generate a page fault when the
235 * signal is raised. The page fault will be treated via userfaultfd,
236 * i.e. via fault_handler_thread.
237 */
244 }
251 }
253 /* Trigger a SIGTRAP in transactional state */
255 "tbegin.;"
256 "beq 1f;"
257 "trap;"
258 "1: ;"
261 /* Trigger a SIGTRAP in suspended state */
263 "tbegin.;"
264 "beq 1f;"
265 "tsuspend.;"
266 "trap;"
267 "tresume.;"
268 "1: ;"
272 }
275 {
276 /*
277 * Depending on kernel config, the TM Bad Thing might not result in a
278 * crash, instead the kernel never returns control back to userspace, so
279 * set a tight timeout. If the test passes it completes almost
280 * immediately.
281 */
284 }