capdirty: first, minimal test in cheritest

nwf · nwf-msr · commit af050bb4cb64 · 2021-01-31T17:01:14.000Z
diff --git a/bin/cheribsdtest/cheribsdtest.c b/bin/cheribsdtest/cheribsdtest.c
@@ -878,6 +878,10 @@ static const struct cheri_test cheri_tests[] = {
 	  .ct_desc = "read capabilities from a faulted copy-on-write page",
 	  .ct_func = cheribsdtest_vm_cow_write, },
 
+	{ .ct_name = "cheribsdtest_vm_capdirty",
+	  .ct_desc = "verify capdirty marking and mincore",
+	  .ct_func = cheribsdtest_vm_capdirty, },
+
 #if 0
 	{ .ct_name = "cheribsdtest_vm_swap",
 	  .ct_desc = "check tags are swapped out by swap pager",
diff --git a/bin/cheribsdtest/cheribsdtest.h b/bin/cheribsdtest/cheribsdtest.h
@@ -649,6 +649,7 @@ DECLARE_CHERIBSD_TEST(cheribsdtest_vm_tag_tmpfile_private);
 DECLARE_CHERIBSD_TEST(cheribsdtest_vm_tag_tmpfile_private_prefault);
 DECLARE_CHERIBSD_TEST(cheribsdtest_vm_cow_read);
 DECLARE_CHERIBSD_TEST(cheribsdtest_vm_cow_write);
+DECLARE_CHERIBSD_TEST(cheribsdtest_vm_capdirty);
 const char	*xfail_need_writable_tmp(const char *name);
 
 #if 0
diff --git a/bin/cheribsdtest/cheribsdtest_vm.c b/bin/cheribsdtest/cheribsdtest_vm.c
@@ -602,3 +602,73 @@ cheribsdtest_vm_cow_write(const struct cheri_test *ctp __unused)
 	CHERIBSDTEST_CHECK_SYSCALL(close(fd));
 	cheribsdtest_success();
 }
+
+/*
+ * Store a cap to a page and check that mincore reports it CAPSTORE.
+ *
+ * Due to a shortage of bits in mincore()'s uint8_t reporting bit vector, this
+ * particular test is not able to distinguish CAPSTORE and CAPDIRTY and so is
+ * not sensitive to the vm.pmap.enter_capstore_as_capdirty sysctl.
+ *
+ * On the other hand, this test is sensitive to the vm.capstore_on_alloc sysctl:
+ * if that is asserted, our cap-capable anonymous memory will be installed
+ * CAPSTORE (and possibly even CAPDIRTY, in light of the above) whereas, if this
+ * sysctl is clear, our initial view of said memory will be !CAPSTORE.
+ */
+void
+cheribsdtest_vm_capdirty(const struct cheri_test *ctp __unused)
+{
+	static const size_t npg = 2;
+	size_t sz = npg * getpagesize();
+	uint8_t capstore_on_alloc;
+	size_t capstore_on_alloc_sz = sizeof(capstore_on_alloc);
+
+	void * __capability *pg0;
+	unsigned char mcv[npg] = { 0 };
+
+	CHERIBSDTEST_CHECK_SYSCALL(
+	    sysctlbyname("vm.capstore_on_alloc", &capstore_on_alloc,
+	        &capstore_on_alloc_sz, NULL, 0));
+
+	pg0 = CHERIBSDTEST_CHECK_SYSCALL(
+	    mmap(NULL, sz, PROT_READ | PROT_WRITE, MAP_ANON, -1, 0));
+
+	void * __capability *pg1 = (void *)&((char *)pg0)[getpagesize()];
+
+	/*
+	 * Pages are ZFOD and so will not be CAPSTORE, or, really, anything
+	 * else, either.
+	 */
+	CHERIBSDTEST_CHECK_SYSCALL(mincore(pg0, sz, &mcv[0]));
+	CHERIBSDTEST_VERIFY2(mcv[0] == 0, "page 0 status 0");
+	CHERIBSDTEST_VERIFY2(mcv[1] == 0, "page 1 status 0");
+
+	/*
+	 * Write data to page 0, causing it to become allocated and MODIFIED.
+	 * If vm.capstore_on_alloc, then it should be CAPSTORE as well, despite
+	 * having never been the target of a capability store.
+	 */
+	*(char *)pg0 = 0x42;
+
+	CHERIBSDTEST_CHECK_SYSCALL(mincore(pg0, sz, &mcv[0]));
+	CHERIBSDTEST_VERIFY2(
+	    (mcv[0] & MINCORE_MODIFIED) != 0, "page 0 modified 1");
+	CHERIBSDTEST_VERIFY2(
+	    !(mcv[0] & MINCORE_CAPSTORE) == !capstore_on_alloc,
+	    "page 0 capstore 1");
+
+	/*
+	 * Write a capability to page 1 and check that it is MODIFIED and
+	 * CAPSTORE regardless of vm.capstore_on_alloc.
+	 */
+	*pg1 = (void * __capability)pg0;
+
+	CHERIBSDTEST_CHECK_SYSCALL(mincore(pg0, sz, &mcv[0]));
+	CHERIBSDTEST_VERIFY2(
+	    (mcv[1] & MINCORE_MODIFIED) != 0, "page 1 modified 2");
+	CHERIBSDTEST_VERIFY2(
+	    (mcv[1] & MINCORE_CAPSTORE) != 0, "page 1 capstore 2");
+
+	CHERIBSDTEST_CHECK_SYSCALL(munmap(pg0, sz));
+	cheribsdtest_success();
+}
