From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8F1CC3ABCC for ; Tue, 13 May 2025 16:35:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D67136B00E8; Tue, 13 May 2025 12:35:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CF2376B00E7; Tue, 13 May 2025 12:35:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B1C546B00E8; Tue, 13 May 2025 12:35:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 8B7BE6B00BB for ; Tue, 13 May 2025 12:35:17 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id EA9101611B0 for ; Tue, 13 May 2025 16:35:18 +0000 (UTC) X-FDA: 83438434716.20.93343C4 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) by imf05.hostedemail.com (Postfix) with ESMTP id 0AD7A100002 for ; Tue, 13 May 2025 16:35:16 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=NOa65zQv; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf05.hostedemail.com: domain of 3w3QjaAUKCIIzghhgmuumrk.iusrot03-ssq1giq.uxm@flex--tabba.bounces.google.com designates 209.85.128.74 as permitted sender) smtp.mailfrom=3w3QjaAUKCIIzghhgmuumrk.iusrot03-ssq1giq.uxm@flex--tabba.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1747154117; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=yTV9f3tL7yhwej+ROnqRZnQFKCSKbjeemsj3pSC/+aM=; b=JjAg34ycvNGGiiImLWzQ6RE8pGN0nomvHJe73IufsRlrbj06CeC0/Ylui7XeT/7/ehcMTP dxQ2s6Z2ZPoqW/CABtyVXw5Za5wwVZsQtUMqyvWuXnPLD9BkF/Aud/JELRzdMu0E25hIky ecMgoV36g92xKXOpOT7bLttGDPFiBuk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747154117; a=rsa-sha256; cv=none; b=Bu3PO4xI3InN5Y96fZA3jea3aURvwyLgKvqESz4gmSjgxMg7h04kqKaPkjwS3TFG3zlVil vu8K0/S5xYmJRge82bZX7ygy4isMg+JWc4ReApl7rvk0PvCH2o4zt0/bs+hFC99ITStaJ9 0m4S0qwIHVnXDRd0K8saF9zsZvT83yE= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=NOa65zQv; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf05.hostedemail.com: domain of 3w3QjaAUKCIIzghhgmuumrk.iusrot03-ssq1giq.uxm@flex--tabba.bounces.google.com designates 209.85.128.74 as permitted sender) smtp.mailfrom=3w3QjaAUKCIIzghhgmuumrk.iusrot03-ssq1giq.uxm@flex--tabba.bounces.google.com Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-442d472cf84so27251795e9.2 for ; Tue, 13 May 2025 09:35:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747154115; x=1747758915; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=yTV9f3tL7yhwej+ROnqRZnQFKCSKbjeemsj3pSC/+aM=; b=NOa65zQvudvamYrnKOe1tsg+/G3mRBtgr8ZZKAWTW+xq6PqQCj+Oke3rno47ZujSYp Kvnes8DaZ1yPVjeliWIwvH7SbKGy8BNHwCMI/ZFVOHRQvodN4/FQiXsMam5b2AgoR7mr CIiz60iiv2ke9luXxU05exfzpXWVL7X5vlpfN4huKaOj8X9aI/22gTlcA8EkTtYbWZ4p EsoosH56M6/zW17GdiZ62DKnEEa9yGDvv2MlSRWYBG+fE6Ygy5AES20J6gTZQ3cfpL36 7Rw1VURMhoPDOlel78S3rHT0AZW1fkKmLPcL5tlj7uFa3UphOAZFUzdVhfmh9LxIUKrk P1Lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747154115; x=1747758915; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yTV9f3tL7yhwej+ROnqRZnQFKCSKbjeemsj3pSC/+aM=; b=c1Zftpri8t/xVm6BX1CZqCGlQUIV+I9pxvHdwAK5TlhKjs9q6vaHABl7TcflMdSwM0 wOHHb97sJPFWDgFXQ086IEYHrjYuHJIgAfhofVCIJmdd9tN85vw0Xjgr+s/ix802cJZP AgQZdqi28IyCxjvdwNJCeXiTfnG38wHPp78K9UPL/0sFmZq7UYFG7lb2jgsaUlU0ZWCj v6xwfK1POoKYmD7d2mOkq8oDFYOvsw+8eXeKMK7k+tba+EeHqGUvT3CxfrQ8q2WjRP42 na6KnHFNIPWdma7yUzI5MhSJQ2B4wF5+eARQEN/Ei4zp3SerNjFzHJdlyk0jIaxa4+XL S3LA== X-Forwarded-Encrypted: i=1; AJvYcCX8y+QOEJRkNikPjXXpTSn482XYD1ozdUC1ZwIq4Bzup6YP2Toedc1yvSnvgbUly9y8611PA4ievQ==@kvack.org X-Gm-Message-State: AOJu0YzeoADpCzX0ky9kunYqShbi96eXzdCW+DIVjwwmEywOqRevrwXb h9+SFPsDAvGD8JLUpPF1P8LcDC5HTHTwf1ItI5Z51++ntHl8K8x5YrtQlK1Q9CXWilrQwjyUpw= = X-Google-Smtp-Source: AGHT+IF3CKWr5dNaEltZziFd3JjzPKtbdKkHc+WfmpUsuWTg9V5wBHK5NPq3RbL6OwinlprEvGRdG11d/w== X-Received: from wmbbd22.prod.google.com ([2002:a05:600c:1f16:b0:43b:b74b:9350]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3511:b0:43d:ed:acd5 with SMTP id 5b1f17b1804b1-442f20d5d72mr168515e9.10.1747154115630; Tue, 13 May 2025 09:35:15 -0700 (PDT) Date: Tue, 13 May 2025 17:34:38 +0100 In-Reply-To: <20250513163438.3942405-1-tabba@google.com> Mime-Version: 1.0 References: <20250513163438.3942405-1-tabba@google.com> X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250513163438.3942405-18-tabba@google.com> Subject: [PATCH v9 17/17] KVM: selftests: Test guest_memfd same-range validation From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, peterx@redhat.com, pankaj.gupta@amd.com, ira.weiny@intel.com, tabba@google.com Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: djuu4pead3rm5fkoy75sc6m84pc5qjdy X-Rspam-User: X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 0AD7A100002 X-HE-Tag: 1747154116-577601 X-HE-Meta: U2FsdGVkX1/IJeO52CjGe2R1yGkhQCH4ktg9/QICHGpGs+busVzYMdm3aEj553fgaaU+o71px/S71edvZxx0SHcFgP4LMHT1oJ16VlFP65aHE9VXQ8psgjmc2w+i22Dk3C5J75VoZjiSdiK/Wq+8WUbW2k6e1nlDsv0PPyUDg/e+BAJ4jVB4RBFHlPRHX2FXuewWDwIR2e3DDR5mRf5qmvxpFDfuT0a01ZnUfG6vvj5MZ+FtHv0Xs0VynJq9mJ+p4gSR1JoJzcwHYsB7l2pTk8DMC29kA84ntwKCw2J4V9U1w5bYeoAl0cyNvPs2sAQz4y+KuNwfpSdKxFUAG29v+4Tx2NY6AgiOtk9WgkRk4h+LJYmvpbQ1DfXc/skME0H/Htbdq1dT84bSV2xgBCXEmfnWSGF7fBUeKOoSIgDrRw37Md03iId74u56Zd8IeLUOUaPKQgKZml0yvMbjsU5XXFtjNzeKKYnAT39x21EdEL+Oegwj7zM0+fcIwSotKes+cZh/81p51lySMhFIhsuQ93o2YkJ/BFzE2sGpWMpNwq1GpFM8/AfSgF4CrOeNS3+e49mrkG0U0l3bWluRhsNO+amkLop0T1k6r5uiMM0qvP7lTi3nzoPfVfopuiCRHqO1rDBOleXF5vULpb8Z9W08FR8zptnG22PBaO3p1QIxrSpWSm0grJaP6DvCq6pYqFFmzSuiSwkY+df7WFahexcsX7oBl4W84y8Uv7P9ZPB090bla4tXY8NqmzFiwCDO8/fJzWcrQOi0204f9bg+u9wJu572UuAnANDcLfPdhwkz8u1A3PZtmSd8v/Co9TG1UStj3TO82gKGQ8UPW/l7EyaCf6/xwyN0R1E27CFZDwydlB1N4AuE3Kn4HA1TZYJM/ko5mtxZ4t75ydmeN81ZYeoQF/eunHtBFGZyl1Lr/9AIzWYNJL92eHTfEJVY2u62cYPnqNWoWSJ/sfHGfSSyFX/ JmlW1bMZ 4VxkYPZ+W0TjpNaF1HAAJzaymS+Z5DlNo9imOtwAiBgRhm3kQcnmLOwDjhW6vCVoGdNboNNOa5L66XNGXTRaoVX4Ab8UuLwoURees0Lx52vCDf8VynC19y8YojVLbplpS+gQfrYx1RsGySDoIHzgfvjDu4mT4PJCdcy/y3oXoBNIU1uw3HyBXn+oJgUpFK8ddyZdDiVySoXDYbCPN78qL3/XwlMUkWrWHRNxOoGXJxNSZrHffkALOkGDNR2lx/GXhvaCeqtUgN3ezkrajVpmH5fYhn1CYu3amTMKz+0BVgPWiL+Hfmas9Et6b7WWjd3leYbHFHxO36109bQJPLkEmiUPMfyzDKEO2koPGdS6vii9d8Mno+qn4pEeqO57IXq4Pmw5hwUKgAI6AKI08o/kO6LpXpvjoHXt0OkKwYQQJ/1NUf3y3Z4LuoWIO8ZBLynzk7CohZmZ2N9FPPZ6nKJIwKA0xWvJTP3S80bHilzdxlzGSceeYpBDt36PfC0cKqrDx/FRkTJYZU1RINccVOqc0JrblTBZCabem3HU6CLaKz239pMQoCQU2jrjYh3QBDXnBpumkU9pRoxsh6k1DEl6Wi6RC9YRRDEUQXnHGqZU9xGAMbtudb+bUJcQOiQS8l9B55CDNaTJpiR0J9Qg/HaxoghGy1A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Ackerley Tng Add some selftests for guest_memfd same-range validation, which check that the slot userspace_addr covers the same range as the memory in guest_memfd: + When slot->userspace_addr is set to 0, there should be no range match validation on guest_memfd binding. + guest_memfd binding should fail if + slot->userspace_addr is not from guest_memfd + slot->userspace_addr is mmap()ed from some other file + slot->userspace_addr is mmap()ed from some other guest_memfd + slot->userspace_addr is mmap()ed from a different range in the same guest_memfd + guest_memfd binding should succeed if slot->userspace_addr is mmap()ed from the same range in the same guest_memfd provided in slot->guest_memfd Signed-off-by: Ackerley Tng Signed-off-by: Fuad Tabba --- .../testing/selftests/kvm/guest_memfd_test.c | 168 ++++++++++++++++++ 1 file changed, 168 insertions(+) diff --git a/tools/testing/selftests/kvm/guest_memfd_test.c b/tools/testing/selftests/kvm/guest_memfd_test.c index 443c49185543..60aaba5808a5 100644 --- a/tools/testing/selftests/kvm/guest_memfd_test.c +++ b/tools/testing/selftests/kvm/guest_memfd_test.c @@ -197,6 +197,173 @@ static void test_create_guest_memfd_multiple(struct kvm_vm *vm) close(fd1); } +#define GUEST_MEMFD_TEST_SLOT 10 +#define GUEST_MEMFD_TEST_GPA 0x100000000 + +static void +test_bind_guest_memfd_disabling_range_match_validation(struct kvm_vm *vm, + int fd) +{ + size_t page_size = getpagesize(); + int ret; + + ret = __vm_set_user_memory_region2(vm, GUEST_MEMFD_TEST_SLOT, + KVM_MEM_GUEST_MEMFD, + GUEST_MEMFD_TEST_GPA, page_size, 0, + fd, 0); + TEST_ASSERT(!ret, + "setting slot->userspace_addr to 0 should disable validation"); + ret = __vm_set_user_memory_region2(vm, GUEST_MEMFD_TEST_SLOT, + KVM_MEM_GUEST_MEMFD, + GUEST_MEMFD_TEST_GPA, 0, 0, + fd, 0); + TEST_ASSERT(!ret, "Deleting memslot should work"); +} + +static void +test_bind_guest_memfd_anon_memory_in_userspace_addr(struct kvm_vm *vm, int fd) +{ + size_t page_size = getpagesize(); + void *userspace_addr; + int ret; + + userspace_addr = mmap(NULL, page_size, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + + ret = __vm_set_user_memory_region2(vm, GUEST_MEMFD_TEST_SLOT, + KVM_MEM_GUEST_MEMFD, + GUEST_MEMFD_TEST_GPA, page_size, + userspace_addr, fd, 0); + TEST_ASSERT(ret == -1, + "slot->userspace_addr is not from the guest_memfd and should fail"); +} + +static void test_bind_guest_memfd_shared_memory_other_file_in_userspace_addr( + struct kvm_vm *vm, int fd) +{ + size_t page_size = getpagesize(); + void *userspace_addr; + int other_fd; + int ret; + + other_fd = memfd_create("shared_memory_other_file", 0); + TEST_ASSERT(other_fd > 0, "Creating other file should succeed"); + + userspace_addr = mmap(NULL, page_size, PROT_READ | PROT_WRITE, + MAP_SHARED, other_fd, 0); + + ret = __vm_set_user_memory_region2(vm, GUEST_MEMFD_TEST_SLOT, + KVM_MEM_GUEST_MEMFD, + GUEST_MEMFD_TEST_GPA, page_size, + userspace_addr, fd, 0); + TEST_ASSERT(ret == -1, + "slot->userspace_addr is not from the guest_memfd and should fail"); + + TEST_ASSERT(!munmap(userspace_addr, page_size), + "munmap() to cleanup should succeed"); + + close(other_fd); +} + +static void +test_bind_guest_memfd_other_guest_memfd_in_userspace_addr(struct kvm_vm *vm, + int fd) +{ + size_t page_size = getpagesize(); + void *userspace_addr; + int other_fd; + int ret; + + other_fd = vm_create_guest_memfd(vm, page_size * 2, + GUEST_MEMFD_FLAG_SUPPORT_SHARED); + TEST_ASSERT(other_fd > 0, "Creating other file should succeed"); + + userspace_addr = mmap(NULL, page_size, PROT_READ | PROT_WRITE, + MAP_SHARED, other_fd, 0); + + ret = __vm_set_user_memory_region2(vm, GUEST_MEMFD_TEST_SLOT, + KVM_MEM_GUEST_MEMFD, + GUEST_MEMFD_TEST_GPA, page_size, + userspace_addr, fd, 0); + TEST_ASSERT(ret == -1, + "slot->userspace_addr is not from the guest_memfd and should fail"); + + TEST_ASSERT(!munmap(userspace_addr, page_size), + "munmap() to cleanup should succeed"); + + close(other_fd); +} + +static void +test_bind_guest_memfd_other_range_in_userspace_addr(struct kvm_vm *vm, int fd) +{ + size_t page_size = getpagesize(); + void *userspace_addr; + int ret; + + userspace_addr = mmap(NULL, page_size, PROT_READ | PROT_WRITE, + MAP_SHARED, fd, page_size); + + ret = __vm_set_user_memory_region2(vm, GUEST_MEMFD_TEST_SLOT, + KVM_MEM_GUEST_MEMFD, + GUEST_MEMFD_TEST_GPA, page_size, + userspace_addr, fd, 0); + TEST_ASSERT(ret == -1, + "slot->userspace_addr is not from the same range and should fail"); + + TEST_ASSERT(!munmap(userspace_addr, page_size), + "munmap() to cleanup should succeed"); +} + +static void +test_bind_guest_memfd_same_range_in_userspace_addr(struct kvm_vm *vm, int fd) +{ + size_t page_size = getpagesize(); + void *userspace_addr; + int ret; + + userspace_addr = mmap(NULL, page_size, PROT_READ | PROT_WRITE, + MAP_SHARED, fd, page_size); + + ret = __vm_set_user_memory_region2(vm, GUEST_MEMFD_TEST_SLOT, + KVM_MEM_GUEST_MEMFD, + GUEST_MEMFD_TEST_GPA, page_size, + userspace_addr, fd, page_size); + TEST_ASSERT(!ret, + "slot->userspace_addr is the same range and should succeed"); + + TEST_ASSERT(!munmap(userspace_addr, page_size), + "munmap() to cleanup should succeed"); + + ret = __vm_set_user_memory_region2(vm, GUEST_MEMFD_TEST_SLOT, + KVM_MEM_GUEST_MEMFD, + GUEST_MEMFD_TEST_GPA, 0, 0, + fd, 0); + TEST_ASSERT(!ret, "Deleting memslot should work"); +} + +static void test_bind_guest_memfd_wrt_userspace_addr(struct kvm_vm *vm) +{ + size_t page_size = getpagesize(); + int fd; + + if (!vm_check_cap(vm, KVM_CAP_GUEST_MEMFD) || + !vm_check_cap(vm, KVM_CAP_GMEM_SHARED_MEM)) + return; + + fd = vm_create_guest_memfd(vm, page_size * 2, + GUEST_MEMFD_FLAG_SUPPORT_SHARED); + + test_bind_guest_memfd_disabling_range_match_validation(vm, fd); + test_bind_guest_memfd_anon_memory_in_userspace_addr(vm, fd); + test_bind_guest_memfd_shared_memory_other_file_in_userspace_addr(vm, fd); + test_bind_guest_memfd_other_guest_memfd_in_userspace_addr(vm, fd); + test_bind_guest_memfd_other_range_in_userspace_addr(vm, fd); + test_bind_guest_memfd_same_range_in_userspace_addr(vm, fd); + + close(fd); +} + static void test_with_type(unsigned long vm_type, uint64_t guest_memfd_flags, bool expect_mmap_allowed) { @@ -214,6 +381,7 @@ static void test_with_type(unsigned long vm_type, uint64_t guest_memfd_flags, vm = vm_create_barebones_type(vm_type); test_create_guest_memfd_multiple(vm); + test_bind_guest_memfd_wrt_userspace_addr(vm); test_create_guest_memfd_invalid_sizes(vm, guest_memfd_flags, page_size); fd = vm_create_guest_memfd(vm, total_size, guest_memfd_flags); -- 2.49.0.1045.g170613ef41-goog