1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * This test is intended to reproduce a crash that happens when
4  * kvm_arch_hardware_disable is called and it attempts to unregister the user
5  * return notifiers.
6  */
7 
8 #define _GNU_SOURCE
9 
10 #include <fcntl.h>
11 #include <pthread.h>
12 #include <semaphore.h>
13 #include <stdint.h>
14 #include <stdlib.h>
15 #include <unistd.h>
16 #include <sys/wait.h>
17 
18 #include <test_util.h>
19 
20 #include "kvm_util.h"
21 
22 #define VCPU_NUM 4
23 #define SLEEPING_THREAD_NUM (1 << 4)
24 #define FORK_NUM (1ULL << 9)
25 #define DELAY_US_MAX 2000
26 #define GUEST_CODE_PIO_PORT 4
27 
28 sem_t *sem;
29 
30 /* Arguments for the pthreads */
31 struct payload {
32 	struct kvm_vm *vm;
33 	uint32_t index;
34 };
35 
36 static void guest_code(void)
37 {
38 	for (;;)
39 		;  /* Some busy work */
40 	printf("Should not be reached.\n");
41 }
42 
43 static void *run_vcpu(void *arg)
44 {
45 	struct payload *payload = (struct payload *)arg;
46 	struct kvm_run *state = vcpu_state(payload->vm, payload->index);
47 
48 	vcpu_run(payload->vm, payload->index);
49 
50 	TEST_ASSERT(false, "%s: exited with reason %d: %s\n",
51 		    __func__, state->exit_reason,
52 		    exit_reason_str(state->exit_reason));
53 	pthread_exit(NULL);
54 }
55 
56 static void *sleeping_thread(void *arg)
57 {
58 	int fd;
59 
60 	while (true) {
61 		fd = open("/dev/null", O_RDWR);
62 		close(fd);
63 	}
64 	TEST_ASSERT(false, "%s: exited\n", __func__);
65 	pthread_exit(NULL);
66 }
67 
68 static inline void check_create_thread(pthread_t *thread, pthread_attr_t *attr,
69 				       void *(*f)(void *), void *arg)
70 {
71 	int r;
72 
73 	r = pthread_create(thread, attr, f, arg);
74 	TEST_ASSERT(r == 0, "%s: failed to create thread", __func__);
75 }
76 
77 static inline void check_set_affinity(pthread_t thread, cpu_set_t *cpu_set)
78 {
79 	int r;
80 
81 	r = pthread_setaffinity_np(thread, sizeof(cpu_set_t), cpu_set);
82 	TEST_ASSERT(r == 0, "%s: failed set affinity", __func__);
83 }
84 
85 static inline void check_join(pthread_t thread, void **retval)
86 {
87 	int r;
88 
89 	r = pthread_join(thread, retval);
90 	TEST_ASSERT(r == 0, "%s: failed to join thread", __func__);
91 }
92 
93 static void run_test(uint32_t run)
94 {
95 	struct kvm_vm *vm;
96 	cpu_set_t cpu_set;
97 	pthread_t threads[VCPU_NUM];
98 	pthread_t throw_away;
99 	struct payload payloads[VCPU_NUM];
100 	void *b;
101 	uint32_t i, j;
102 
103 	CPU_ZERO(&cpu_set);
104 	for (i = 0; i < VCPU_NUM; i++)
105 		CPU_SET(i, &cpu_set);
106 
107 	vm = vm_create(VM_MODE_DEFAULT, DEFAULT_GUEST_PHY_PAGES, O_RDWR);
108 	kvm_vm_elf_load(vm, program_invocation_name, 0, 0);
109 	vm_create_irqchip(vm);
110 
111 	pr_debug("%s: [%d] start vcpus\n", __func__, run);
112 	for (i = 0; i < VCPU_NUM; ++i) {
113 		vm_vcpu_add_default(vm, i, guest_code);
114 		payloads[i].vm = vm;
115 		payloads[i].index = i;
116 
117 		check_create_thread(&threads[i], NULL, run_vcpu,
118 				    (void *)&payloads[i]);
119 		check_set_affinity(threads[i], &cpu_set);
120 
121 		for (j = 0; j < SLEEPING_THREAD_NUM; ++j) {
122 			check_create_thread(&throw_away, NULL, sleeping_thread,
123 					    (void *)NULL);
124 			check_set_affinity(throw_away, &cpu_set);
125 		}
126 	}
127 	pr_debug("%s: [%d] all threads launched\n", __func__, run);
128 	sem_post(sem);
129 	for (i = 0; i < VCPU_NUM; ++i)
130 		check_join(threads[i], &b);
131 	/* Should not be reached */
132 	TEST_ASSERT(false, "%s: [%d] child escaped the ninja\n", __func__, run);
133 }
134 
135 int main(int argc, char **argv)
136 {
137 	uint32_t i;
138 	int s, r;
139 	pid_t pid;
140 
141 	sem = sem_open("vm_sem", O_CREAT | O_EXCL, 0644, 0);
142 	sem_unlink("vm_sem");
143 
144 	for (i = 0; i < FORK_NUM; ++i) {
145 		pid = fork();
146 		TEST_ASSERT(pid >= 0, "%s: unable to fork", __func__);
147 		if (pid == 0)
148 			run_test(i); /* This function always exits */
149 
150 		pr_debug("%s: [%d] waiting semaphore\n", __func__, i);
151 		sem_wait(sem);
152 		r = (rand() % DELAY_US_MAX) + 1;
153 		pr_debug("%s: [%d] waiting %dus\n", __func__, i, r);
154 		usleep(r);
155 		r = waitpid(pid, &s, WNOHANG);
156 		TEST_ASSERT(r != pid,
157 			    "%s: [%d] child exited unexpectedly status: [%d]",
158 			    __func__, i, s);
159 		pr_debug("%s: [%d] killing child\n", __func__, i);
160 		kill(pid, SIGKILL);
161 	}
162 
163 	sem_destroy(sem);
164 	exit(0);
165 }
166