1 // SPDX-License-Identifier: GPL-2.0
2 // Copyright (C) 2020 ARM Limited
3 
4 #define _GNU_SOURCE
5 
6 #include <stddef.h>
7 #include <stdio.h>
8 #include <string.h>
9 
10 #include "kselftest.h"
11 #include "mte_common_util.h"
12 #include "mte_def.h"
13 
14 #define OVERFLOW_RANGE MT_GRANULE_SIZE
15 
16 static int sizes[] = {
17 	1, 555, 1033, MT_GRANULE_SIZE - 1, MT_GRANULE_SIZE,
18 	/* page size - 1*/ 0, /* page_size */ 0, /* page size + 1 */ 0
19 };
20 
21 enum mte_block_test_alloc {
22 	UNTAGGED_TAGGED,
23 	TAGGED_UNTAGGED,
24 	TAGGED_TAGGED,
25 	BLOCK_ALLOC_MAX,
26 };
27 
28 static int check_buffer_by_byte(int mem_type, int mode)
29 {
30 	char *ptr;
31 	int i, j, item;
32 	bool err;
33 
34 	mte_switch_mode(mode, MTE_ALLOW_NON_ZERO_TAG);
35 	item = sizeof(sizes)/sizeof(int);
36 
37 	for (i = 0; i < item; i++) {
38 		ptr = (char *)mte_allocate_memory(sizes[i], mem_type, 0, true);
39 		if (check_allocated_memory(ptr, sizes[i], mem_type, true) != KSFT_PASS)
40 			return KSFT_FAIL;
41 		mte_initialize_current_context(mode, (uintptr_t)ptr, sizes[i]);
42 		/* Set some value in tagged memory */
43 		for (j = 0; j < sizes[i]; j++)
44 			ptr[j] = '1';
45 		mte_wait_after_trig();
46 		err = cur_mte_cxt.fault_valid;
47 		/* Check the buffer whether it is filled. */
48 		for (j = 0; j < sizes[i] && !err; j++) {
49 			if (ptr[j] != '1')
50 				err = true;
51 		}
52 		mte_free_memory((void *)ptr, sizes[i], mem_type, true);
53 
54 		if (err)
55 			break;
56 	}
57 	if (!err)
58 		return KSFT_PASS;
59 	else
60 		return KSFT_FAIL;
61 }
62 
63 static int check_buffer_underflow_by_byte(int mem_type, int mode,
64 					  int underflow_range)
65 {
66 	char *ptr;
67 	int i, j, item, last_index;
68 	bool err;
69 	char *und_ptr = NULL;
70 
71 	mte_switch_mode(mode, MTE_ALLOW_NON_ZERO_TAG);
72 	item = sizeof(sizes)/sizeof(int);
73 	for (i = 0; i < item; i++) {
74 		ptr = (char *)mte_allocate_memory_tag_range(sizes[i], mem_type, 0,
75 							    underflow_range, 0);
76 		if (check_allocated_memory_range(ptr, sizes[i], mem_type,
77 					       underflow_range, 0) != KSFT_PASS)
78 			return KSFT_FAIL;
79 
80 		mte_initialize_current_context(mode, (uintptr_t)ptr, -underflow_range);
81 		last_index = 0;
82 		/* Set some value in tagged memory and make the buffer underflow */
83 		for (j = sizes[i] - 1; (j >= -underflow_range) &&
84 				       (!cur_mte_cxt.fault_valid); j--) {
85 			ptr[j] = '1';
86 			last_index = j;
87 		}
88 		mte_wait_after_trig();
89 		err = false;
90 		/* Check whether the buffer is filled */
91 		for (j = 0; j < sizes[i]; j++) {
92 			if (ptr[j] != '1') {
93 				err = true;
94 				ksft_print_msg("Buffer is not filled at index:%d of ptr:0x%lx\n",
95 						j, ptr);
96 				break;
97 			}
98 		}
99 		if (err)
100 			goto check_buffer_underflow_by_byte_err;
101 
102 		switch (mode) {
103 		case MTE_NONE_ERR:
104 			if (cur_mte_cxt.fault_valid == true || last_index != -underflow_range) {
105 				err = true;
106 				break;
107 			}
108 			/* There were no fault so the underflow area should be filled */
109 			und_ptr = (char *) MT_CLEAR_TAG((size_t) ptr - underflow_range);
110 			for (j = 0 ; j < underflow_range; j++) {
111 				if (und_ptr[j] != '1') {
112 					err = true;
113 					break;
114 				}
115 			}
116 			break;
117 		case MTE_ASYNC_ERR:
118 			/* Imprecise fault should occur otherwise return error */
119 			if (cur_mte_cxt.fault_valid == false) {
120 				err = true;
121 				break;
122 			}
123 			/*
124 			 * The imprecise fault is checked after the write to the buffer,
125 			 * so the underflow area before the fault should be filled.
126 			 */
127 			und_ptr = (char *) MT_CLEAR_TAG((size_t) ptr);
128 			for (j = last_index ; j < 0 ; j++) {
129 				if (und_ptr[j] != '1') {
130 					err = true;
131 					break;
132 				}
133 			}
134 			break;
135 		case MTE_SYNC_ERR:
136 			/* Precise fault should occur otherwise return error */
137 			if (!cur_mte_cxt.fault_valid || (last_index != (-1))) {
138 				err = true;
139 				break;
140 			}
141 			/* Underflow area should not be filled */
142 			und_ptr = (char *) MT_CLEAR_TAG((size_t) ptr);
143 			if (und_ptr[-1] == '1')
144 				err = true;
145 			break;
146 		default:
147 			err = true;
148 		break;
149 		}
150 check_buffer_underflow_by_byte_err:
151 		mte_free_memory_tag_range((void *)ptr, sizes[i], mem_type, underflow_range, 0);
152 		if (err)
153 			break;
154 	}
155 	return (err ? KSFT_FAIL : KSFT_PASS);
156 }
157 
158 static int check_buffer_overflow_by_byte(int mem_type, int mode,
159 					  int overflow_range)
160 {
161 	char *ptr;
162 	int i, j, item, last_index;
163 	bool err;
164 	size_t tagged_size, overflow_size;
165 	char *over_ptr = NULL;
166 
167 	mte_switch_mode(mode, MTE_ALLOW_NON_ZERO_TAG);
168 	item = sizeof(sizes)/sizeof(int);
169 	for (i = 0; i < item; i++) {
170 		ptr = (char *)mte_allocate_memory_tag_range(sizes[i], mem_type, 0,
171 							    0, overflow_range);
172 		if (check_allocated_memory_range(ptr, sizes[i], mem_type,
173 						 0, overflow_range) != KSFT_PASS)
174 			return KSFT_FAIL;
175 
176 		tagged_size = MT_ALIGN_UP(sizes[i]);
177 
178 		mte_initialize_current_context(mode, (uintptr_t)ptr, sizes[i] + overflow_range);
179 
180 		/* Set some value in tagged memory and make the buffer underflow */
181 		for (j = 0, last_index = 0 ; (j < (sizes[i] + overflow_range)) &&
182 					     (cur_mte_cxt.fault_valid == false); j++) {
183 			ptr[j] = '1';
184 			last_index = j;
185 		}
186 		mte_wait_after_trig();
187 		err = false;
188 		/* Check whether the buffer is filled */
189 		for (j = 0; j < sizes[i]; j++) {
190 			if (ptr[j] != '1') {
191 				err = true;
192 				ksft_print_msg("Buffer is not filled at index:%d of ptr:0x%lx\n",
193 						j, ptr);
194 				break;
195 			}
196 		}
197 		if (err)
198 			goto check_buffer_overflow_by_byte_err;
199 
200 		overflow_size = overflow_range - (tagged_size - sizes[i]);
201 
202 		switch (mode) {
203 		case MTE_NONE_ERR:
204 			if ((cur_mte_cxt.fault_valid == true) ||
205 			    (last_index != (sizes[i] + overflow_range - 1))) {
206 				err = true;
207 				break;
208 			}
209 			/* There were no fault so the overflow area should be filled */
210 			over_ptr = (char *) MT_CLEAR_TAG((size_t) ptr + tagged_size);
211 			for (j = 0 ; j < overflow_size; j++) {
212 				if (over_ptr[j] != '1') {
213 					err = true;
214 					break;
215 				}
216 			}
217 			break;
218 		case MTE_ASYNC_ERR:
219 			/* Imprecise fault should occur otherwise return error */
220 			if (cur_mte_cxt.fault_valid == false) {
221 				err = true;
222 				break;
223 			}
224 			/*
225 			 * The imprecise fault is checked after the write to the buffer,
226 			 * so the overflow area should be filled before the fault.
227 			 */
228 			over_ptr = (char *) MT_CLEAR_TAG((size_t) ptr);
229 			for (j = tagged_size ; j < last_index; j++) {
230 				if (over_ptr[j] != '1') {
231 					err = true;
232 					break;
233 				}
234 			}
235 			break;
236 		case MTE_SYNC_ERR:
237 			/* Precise fault should occur otherwise return error */
238 			if (!cur_mte_cxt.fault_valid || (last_index != tagged_size)) {
239 				err = true;
240 				break;
241 			}
242 			/* Underflow area should not be filled */
243 			over_ptr = (char *) MT_CLEAR_TAG((size_t) ptr + tagged_size);
244 			for (j = 0 ; j < overflow_size; j++) {
245 				if (over_ptr[j] == '1')
246 					err = true;
247 			}
248 			break;
249 		default:
250 			err = true;
251 		break;
252 		}
253 check_buffer_overflow_by_byte_err:
254 		mte_free_memory_tag_range((void *)ptr, sizes[i], mem_type, 0, overflow_range);
255 		if (err)
256 			break;
257 	}
258 	return (err ? KSFT_FAIL : KSFT_PASS);
259 }
260 
261 static int check_buffer_by_block_iterate(int mem_type, int mode, size_t size)
262 {
263 	char *src, *dst;
264 	int j, result = KSFT_PASS;
265 	enum mte_block_test_alloc alloc_type = UNTAGGED_TAGGED;
266 
267 	for (alloc_type = UNTAGGED_TAGGED; alloc_type < (int) BLOCK_ALLOC_MAX; alloc_type++) {
268 		switch (alloc_type) {
269 		case UNTAGGED_TAGGED:
270 			src = (char *)mte_allocate_memory(size, mem_type, 0, false);
271 			if (check_allocated_memory(src, size, mem_type, false) != KSFT_PASS)
272 				return KSFT_FAIL;
273 
274 			dst = (char *)mte_allocate_memory(size, mem_type, 0, true);
275 			if (check_allocated_memory(dst, size, mem_type, true) != KSFT_PASS) {
276 				mte_free_memory((void *)src, size, mem_type, false);
277 				return KSFT_FAIL;
278 			}
279 
280 			break;
281 		case TAGGED_UNTAGGED:
282 			dst = (char *)mte_allocate_memory(size, mem_type, 0, false);
283 			if (check_allocated_memory(dst, size, mem_type, false) != KSFT_PASS)
284 				return KSFT_FAIL;
285 
286 			src = (char *)mte_allocate_memory(size, mem_type, 0, true);
287 			if (check_allocated_memory(src, size, mem_type, true) != KSFT_PASS) {
288 				mte_free_memory((void *)dst, size, mem_type, false);
289 				return KSFT_FAIL;
290 			}
291 			break;
292 		case TAGGED_TAGGED:
293 			src = (char *)mte_allocate_memory(size, mem_type, 0, true);
294 			if (check_allocated_memory(src, size, mem_type, true) != KSFT_PASS)
295 				return KSFT_FAIL;
296 
297 			dst = (char *)mte_allocate_memory(size, mem_type, 0, true);
298 			if (check_allocated_memory(dst, size, mem_type, true) != KSFT_PASS) {
299 				mte_free_memory((void *)src, size, mem_type, true);
300 				return KSFT_FAIL;
301 			}
302 			break;
303 		default:
304 			return KSFT_FAIL;
305 		}
306 
307 		cur_mte_cxt.fault_valid = false;
308 		result = KSFT_PASS;
309 		mte_initialize_current_context(mode, (uintptr_t)dst, size);
310 		/* Set some value in memory and copy*/
311 		memset((void *)src, (int)'1', size);
312 		memcpy((void *)dst, (void *)src, size);
313 		mte_wait_after_trig();
314 		if (cur_mte_cxt.fault_valid) {
315 			result = KSFT_FAIL;
316 			goto check_buffer_by_block_err;
317 		}
318 		/* Check the buffer whether it is filled. */
319 		for (j = 0; j < size; j++) {
320 			if (src[j] != dst[j] || src[j] != '1') {
321 				result = KSFT_FAIL;
322 				break;
323 			}
324 		}
325 check_buffer_by_block_err:
326 		mte_free_memory((void *)src, size, mem_type,
327 				MT_FETCH_TAG((uintptr_t)src) ? true : false);
328 		mte_free_memory((void *)dst, size, mem_type,
329 				MT_FETCH_TAG((uintptr_t)dst) ? true : false);
330 		if (result != KSFT_PASS)
331 			return result;
332 	}
333 	return result;
334 }
335 
336 static int check_buffer_by_block(int mem_type, int mode)
337 {
338 	int i, item, result = KSFT_PASS;
339 
340 	mte_switch_mode(mode, MTE_ALLOW_NON_ZERO_TAG);
341 	item = sizeof(sizes)/sizeof(int);
342 	cur_mte_cxt.fault_valid = false;
343 	for (i = 0; i < item; i++) {
344 		result = check_buffer_by_block_iterate(mem_type, mode, sizes[i]);
345 		if (result != KSFT_PASS)
346 			break;
347 	}
348 	return result;
349 }
350 
351 static int compare_memory_tags(char *ptr, size_t size, int tag)
352 {
353 	int i, new_tag;
354 
355 	for (i = 0 ; i < size ; i += MT_GRANULE_SIZE) {
356 		new_tag = MT_FETCH_TAG((uintptr_t)(mte_get_tag_address(ptr + i)));
357 		if (tag != new_tag) {
358 			ksft_print_msg("FAIL: child mte tag mismatch\n");
359 			return KSFT_FAIL;
360 		}
361 	}
362 	return KSFT_PASS;
363 }
364 
365 static int check_memory_initial_tags(int mem_type, int mode, int mapping)
366 {
367 	char *ptr;
368 	int run, fd;
369 	int total = sizeof(sizes)/sizeof(int);
370 
371 	mte_switch_mode(mode, MTE_ALLOW_NON_ZERO_TAG);
372 	for (run = 0; run < total; run++) {
373 		/* check initial tags for anonymous mmap */
374 		ptr = (char *)mte_allocate_memory(sizes[run], mem_type, mapping, false);
375 		if (check_allocated_memory(ptr, sizes[run], mem_type, false) != KSFT_PASS)
376 			return KSFT_FAIL;
377 		if (compare_memory_tags(ptr, sizes[run], 0) != KSFT_PASS) {
378 			mte_free_memory((void *)ptr, sizes[run], mem_type, false);
379 			return KSFT_FAIL;
380 		}
381 		mte_free_memory((void *)ptr, sizes[run], mem_type, false);
382 
383 		/* check initial tags for file mmap */
384 		fd = create_temp_file();
385 		if (fd == -1)
386 			return KSFT_FAIL;
387 		ptr = (char *)mte_allocate_file_memory(sizes[run], mem_type, mapping, false, fd);
388 		if (check_allocated_memory(ptr, sizes[run], mem_type, false) != KSFT_PASS) {
389 			close(fd);
390 			return KSFT_FAIL;
391 		}
392 		if (compare_memory_tags(ptr, sizes[run], 0) != KSFT_PASS) {
393 			mte_free_memory((void *)ptr, sizes[run], mem_type, false);
394 			close(fd);
395 			return KSFT_FAIL;
396 		}
397 		mte_free_memory((void *)ptr, sizes[run], mem_type, false);
398 		close(fd);
399 	}
400 	return KSFT_PASS;
401 }
402 
403 int main(int argc, char *argv[])
404 {
405 	int err;
406 	size_t page_size = getpagesize();
407 	int item = sizeof(sizes)/sizeof(int);
408 
409 	sizes[item - 3] = page_size - 1;
410 	sizes[item - 2] = page_size;
411 	sizes[item - 1] = page_size + 1;
412 
413 	err = mte_default_setup();
414 	if (err)
415 		return err;
416 
417 	/* Register SIGSEGV handler */
418 	mte_register_signal(SIGSEGV, mte_default_handler);
419 
420 	/* Set test plan */
421 	ksft_set_plan(20);
422 
423 	/* Buffer by byte tests */
424 	evaluate_test(check_buffer_by_byte(USE_MMAP, MTE_SYNC_ERR),
425 	"Check buffer correctness by byte with sync err mode and mmap memory\n");
426 	evaluate_test(check_buffer_by_byte(USE_MMAP, MTE_ASYNC_ERR),
427 	"Check buffer correctness by byte with async err mode and mmap memory\n");
428 	evaluate_test(check_buffer_by_byte(USE_MPROTECT, MTE_SYNC_ERR),
429 	"Check buffer correctness by byte with sync err mode and mmap/mprotect memory\n");
430 	evaluate_test(check_buffer_by_byte(USE_MPROTECT, MTE_ASYNC_ERR),
431 	"Check buffer correctness by byte with async err mode and mmap/mprotect memory\n");
432 
433 	/* Check buffer underflow with underflow size as 16 */
434 	evaluate_test(check_buffer_underflow_by_byte(USE_MMAP, MTE_SYNC_ERR, MT_GRANULE_SIZE),
435 	"Check buffer write underflow by byte with sync mode and mmap memory\n");
436 	evaluate_test(check_buffer_underflow_by_byte(USE_MMAP, MTE_ASYNC_ERR, MT_GRANULE_SIZE),
437 	"Check buffer write underflow by byte with async mode and mmap memory\n");
438 	evaluate_test(check_buffer_underflow_by_byte(USE_MMAP, MTE_NONE_ERR, MT_GRANULE_SIZE),
439 	"Check buffer write underflow by byte with tag check fault ignore and mmap memory\n");
440 
441 	/* Check buffer underflow with underflow size as page size */
442 	evaluate_test(check_buffer_underflow_by_byte(USE_MMAP, MTE_SYNC_ERR, page_size),
443 	"Check buffer write underflow by byte with sync mode and mmap memory\n");
444 	evaluate_test(check_buffer_underflow_by_byte(USE_MMAP, MTE_ASYNC_ERR, page_size),
445 	"Check buffer write underflow by byte with async mode and mmap memory\n");
446 	evaluate_test(check_buffer_underflow_by_byte(USE_MMAP, MTE_NONE_ERR, page_size),
447 	"Check buffer write underflow by byte with tag check fault ignore and mmap memory\n");
448 
449 	/* Check buffer overflow with overflow size as 16 */
450 	evaluate_test(check_buffer_overflow_by_byte(USE_MMAP, MTE_SYNC_ERR, MT_GRANULE_SIZE),
451 	"Check buffer write overflow by byte with sync mode and mmap memory\n");
452 	evaluate_test(check_buffer_overflow_by_byte(USE_MMAP, MTE_ASYNC_ERR, MT_GRANULE_SIZE),
453 	"Check buffer write overflow by byte with async mode and mmap memory\n");
454 	evaluate_test(check_buffer_overflow_by_byte(USE_MMAP, MTE_NONE_ERR, MT_GRANULE_SIZE),
455 	"Check buffer write overflow by byte with tag fault ignore mode and mmap memory\n");
456 
457 	/* Buffer by block tests */
458 	evaluate_test(check_buffer_by_block(USE_MMAP, MTE_SYNC_ERR),
459 	"Check buffer write correctness by block with sync mode and mmap memory\n");
460 	evaluate_test(check_buffer_by_block(USE_MMAP, MTE_ASYNC_ERR),
461 	"Check buffer write correctness by block with async mode and mmap memory\n");
462 	evaluate_test(check_buffer_by_block(USE_MMAP, MTE_NONE_ERR),
463 	"Check buffer write correctness by block with tag fault ignore and mmap memory\n");
464 
465 	/* Initial tags are supposed to be 0 */
466 	evaluate_test(check_memory_initial_tags(USE_MMAP, MTE_SYNC_ERR, MAP_PRIVATE),
467 	"Check initial tags with private mapping, sync error mode and mmap memory\n");
468 	evaluate_test(check_memory_initial_tags(USE_MPROTECT, MTE_SYNC_ERR, MAP_PRIVATE),
469 	"Check initial tags with private mapping, sync error mode and mmap/mprotect memory\n");
470 	evaluate_test(check_memory_initial_tags(USE_MMAP, MTE_SYNC_ERR, MAP_SHARED),
471 	"Check initial tags with shared mapping, sync error mode and mmap memory\n");
472 	evaluate_test(check_memory_initial_tags(USE_MPROTECT, MTE_SYNC_ERR, MAP_SHARED),
473 	"Check initial tags with shared mapping, sync error mode and mmap/mprotect memory\n");
474 
475 	mte_restore_setup();
476 	ksft_print_cnts();
477 	return ksft_get_fail_cnt() == 0 ? KSFT_PASS : KSFT_FAIL;
478 }
479