Syscalls operating on memory mappings manage their address space via owning capabilities. They must adhere to a certain set of rules[1] in order to ensure memory safety. Address space management syscalls are only allowed to manipulate mappings that are within the range of the owning capability and have appropriate permissions.
Tests to validate the capability's tag, bounds, range as well as permissions have been added. As certain flags and syscalls conflict with the reservation model or lack implementation, a check to verify appropriate handling of the same has also been added. Lastly, testcases to verify mmap/unmap of CHERI unreprentable address/length have been added.
Review branch: https://git.morello-project.org/chaitanya_prakash/linux/-/tree/review/morell...
This patch series has been tested on: https://git.morello-project.org/amitdaniel/linux/-/tree/review/purecap_mm_re...
[1]https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-ca...
Changes in V7: - Modified the do-while loop used to generate unrepresentable address/length - Added tag validity check for test_cheri_representability() - Corrected representable_base such that the value is computed using address rather than the base - Updated commit messages
Changes in V6:
https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org/...
- Updated commit messages and in code comments as required. - Moved struct initial_data back to bootstrap.c - Defined __maybe_unused in freestanding.h - Defined a fixed address to be shared among the tests. - Modified negative madvise() test to make use of the common private mapping. - Renamed test_mmap_bounds_check and test_mremap_bounds_check testcases to test_check_mmap_reservation and test_check_mremap_reservation respectively. - Modified the do-while loop used to generate unrepresentable length/address. - Added checks to validate that the bounds and length of ptr1 and ptr2 are of cheri representable length and their base is aligned according to the alignment mask. - Added a test to ensure mmap(owning_cap,..., MAP_FIXED fails if the underlying reservation has been destroyed.
Changes in V5:
https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org/...
- Added representability testcase. - Removed global struct reg_data and called get_pagesize() with auxv passed in main(). - Removed VERIFY_ERRNO macro and made use of extended EXPECT_EQ - As helper functions have been removed, the inline attribute line is of no use and has been deleted. - Used a common mapping to avoid creating and destroying mappings repeatedly. - Removed positive testcases as they are not unique to PCuABI - Corrected the error code to reflect -ENOMEM instead of -ERESERVATION when mremap() tries to move a mapping without MREMAP_MAYMOVE flag - Reworded commit messages and restructured code.
Changes in V4:
https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org/...
-Corrected subject of cover letter
Changes in V3:
https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org/...
- Added get_pagesize() function and VERRIFY_ERRNO() macro - Added LoadCap and StoreCap permissions testcase - Added validity_tag_check testcases - Added reservation tests - Renamed variable "addr" to "ptr" to avoid confusion when manipulating both addresses and capabilities - Cleaned up syscall_mmap and syscall_mmap2 testcases - Restructured code into testcases that check tags, range, bounds and permissions - Improved range_check testcases - Improved commit messages - Removed helper functions, tests directly written in testcase functions - Removed signal handling and ddc register testcases
Changes in V2:
https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org/...
- Added link to the review branch - Removed unnecessary whitespace
Changes in V1:
https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org/...
Amit Daniel Kachhap (1): kselftests/arm64: morello: mmap: Test unrepresentable addresses
Chaitanya S Prakash (10): kselftests/arm64: morello: Create wrapper functions for frequently invoked syscalls kselftests/arm64: morello: Add get_pagesize() function kselftests/arm64: morello: mmap: Clean up existing testcases kselftests/arm64: morello: mmap: Add MAP_GROWSDOWN testcase kselftests/arm64: morello: mmap: Add validity tag check testcases kselftests/arm64: morello: mmap: Add capability range testcases kselftests/arm64: morello: mmap: Add mmap() reservation testcases kselftests/arm64: morello: mmap: Add mremap() reservation check testcases kselftests/arm64: morello: mmap: Add permission check testcases kselftests/arm64: morello: mmap: Add brk() testcase
.../selftests/arm64/morello/bootstrap.c | 6 - .../selftests/arm64/morello/freestanding.c | 15 + .../selftests/arm64/morello/freestanding.h | 68 ++- tools/testing/selftests/arm64/morello/mmap.c | 552 +++++++++++++++++- 4 files changed, 603 insertions(+), 38 deletions(-)