Commit 3bd61372 authored by Thomas Weißschuh's avatar Thomas Weißschuh Committed by Andrew Morton
Browse files

selftests/mm: virtual_address_range: avoid reading from VM_IO mappings 

The virtual_address_range selftest reads from the start of each mapping
listed in /proc/self/maps.  However not all mappings are valid to be
arbitrarily accessed.

For example the vvar data used for virtual clocks on x86 [vvar_vclock] can
only be accessed if 1) the kernel configuration enables virtual clocks and
2) the hypervisor provided the data for it.  Only the VDSO itself has the
necessary information to know this.  Since commit e93d2521 ("x86/vdso:
Split virtual clock pages into dedicated mapping") the virtual clock data
was split out into its own mapping, leading to EFAULT from read() during
the validation.

Check for the VM_IO flag as a proxy.  It is present for the VVAR mappings
and MMIO ranges can be dangerous to access arbitrarily.

Link: https://lkml.kernel.org/r/20250114-virtual_address_range-tests-v4-4-6fd7269934a5@linutronix.de


Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202412271148.2656e485-lkp@intel.com


Fixes: e93d2521 ("x86/vdso: Split virtual clock pages into dedicated mapping")
Fixes: 01040964 ("selftests/mm: confirm VA exhaustion without reliance on correctness of mmap()")
Signed-off-by: default avatarThomas Weißschuh <thomas.weissschuh@linutronix.de>
Suggested-by: default avatarDavid Hildenbrand <david@redhat.com>
Link: https://lore.kernel.org/lkml/e97c2a5d-c815-4936-a767-ac42a3220a90@redhat.com/


Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
Cc: Anshuman Khandual <khandual@linux.vnet.ibm.com>
Cc: Dev Jain <dev.jain@arm.com>
Cc: Shuah Khan (Samsung OSG) <shuah@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent 3c479b5d

tools/testing/selftests/mm/virtual_address_range.c

+4 −0
Original line number Diff line number Diff line
@@ -15,6 +15,7 @@ 
#include <sys/time.h>

#include <fcntl.h>



#include "vm_util.h"

#include "../kselftest.h"



/*
@@ -159,6 +160,9 @@ static int validate_complete_va_space(void) 
		if (prot[0] != 'r')

			continue;



		if (check_vmflag_io((void *)start_addr))

			continue;



		/*

		 * Confirm whether MAP_CHUNK_SIZE chunk can be found or not.

		 * If write succeeds, no need to check MAP_CHUNK_SIZE - 1

tools/testing/selftests/mm/vm_util.c

+24 −0
Original line number Diff line number Diff line
@@ -400,3 +400,27 @@ unsigned long get_free_hugepages(void) 
	fclose(f);

	return fhp;

}



bool check_vmflag_io(void *addr)

{

	char buffer[MAX_LINE_LENGTH];

	const char *flags;

	size_t flaglen;



	flags = __get_smap_entry(addr, "VmFlags:", buffer, sizeof(buffer));

	if (!flags)

		ksft_exit_fail_msg("%s: No VmFlags for %p\n", __func__, addr);



	while (true) {

		flags += strspn(flags, " ");



		flaglen = strcspn(flags, " ");

		if (!flaglen)

			return false;



		if (flaglen == strlen("io") && !memcmp(flags, "io", flaglen))

			return true;



		flags += flaglen;

	}

}

tools/testing/selftests/mm/vm_util.h

+1 −0
Original line number Diff line number Diff line
@@ -53,6 +53,7 @@ int uffd_unregister(int uffd, void *addr, uint64_t len); 
int uffd_register_with_ioctls(int uffd, void *addr, uint64_t len,

			      bool miss, bool wp, bool minor, uint64_t *ioctls);

unsigned long get_free_hugepages(void);

bool check_vmflag_io(void *addr);



/*

 * On ppc64 this will only work with radix 2M hugepage size