Inicio Explorar Axuda
Iniciar sesión
samsung-sm8650
/
android_kernel_samsung_sm8650_ksu
2
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Rama: S9210ZCU4AXK4
Ramas Etiquetas
android_kernel_...
/
drivers
/
uh
/
rkp_test.c

rkp_test.c 15 KB
Permalink Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638 
  1. #include <linux/module.h>
    2. 

  2. #include <linux/sched/signal.h>
    3. 

  3. #include <linux/proc_fs.h>
    4. 

  4. #include <linux/mm.h>
    5. 

  5. #include <linux/rkp.h>
    6. 

  6. #include <linux/delay.h>
    7. 

  7. #include <linux/slab.h>
    8. 

  8. 

  9. /*
    10. 

  10.  * BIT[0:1]	TYPE	PXN BIT
    11. 

  11.  * 01		BLOCK	53	For LEVEL 0, 1, 2 //defined by L012_BLOCK_PXN
    12. 

  12.  * 11		TABLE	59	For LEVEL 0, 1, 2 //defined by L012_TABLE_PXN
    13. 

  13.  * 11		PAGE	53	For LEVEL 3       //defined by L3_PAGE_PXN
    14. 

  14.  */
    15. 

  15. #define L012_BLOCK_PXN (_AT(pmdval_t, 1) << 53)
    16. 

  16. #define L012_TABLE_PXN (_AT(pmdval_t, 1) << 59)
    17. 

  17. #define L3_PAGE_PXN    (_AT(pmdval_t, 1) << 53)
    18. 

  18. 

  19. #define MEM_END		0xfffffffffffff000 /* 4K aligned */
    20. 

  20. #define DESC_MASK	0xFFFFFFFFF000
    21. 

  21. 

  22. #define RKP_PA_READ	0
    23. 

  23. #define RKP_PA_WRITE	1
    24. 

  24. 

  25. /* BUF define */
    26. 

  26. #define RKP_BUF_SIZE	8192
    27. 

  27. #define RKP_LINE_MAX	80
    28. 

  28. 

  29. /* FIMC */
    30. 

  30. #define CDH_SIZE		SZ_128K		/* CDH : Camera Debug Helper */
    31. 

  31. #define IS_RCHECKER_SIZE_RO	(SZ_4M + SZ_1M)
    32. 

  32. #define IS_RCHECKER_SIZE_RW	(SZ_256K)
    33. 

  33. #define RCHECKER_SIZE	(IS_RCHECKER_SIZE_RO + IS_RCHECKER_SIZE_RW)
    34. 

  34. 

  35. #ifdef CONFIG_KASAN
    36. 

  36. #define LIB_OFFSET		(VMALLOC_START + 0xF6000000 - 0x8000000)
    37. 

  37. #else
    38. 

  38. #define LIB_OFFSET		(VMALLOC_START + 0x1000000000UL + 0xF6000000 - 0x8000000)
    39. 

  39. #endif
    40. 

  40. 

  41. #define __LIB_START		(LIB_OFFSET + 0x04000000 - CDH_SIZE)
    42. 

  42. #define LIB_START		(__LIB_START)
    43. 

  43. 

  44. #define VRA_LIB_ADDR	(LIB_START + CDH_SIZE)
    45. 

  45. #define VRA_LIB_SIZE	(SZ_512K + SZ_256K)
    46. 

  46. 

  47. #define DDK_LIB_ADDR	(LIB_START + VRA_LIB_SIZE + CDH_SIZE)
    48. 

  48. #define DDK_LIB_SIZE	((SZ_2M + SZ_1M + SZ_256K) + SZ_1M + RCHECKER_SIZE)
    49. 

  49. 

  50. #define RTA_LIB_ADDR	(LIB_START + VRA_LIB_SIZE + DDK_LIB_SIZE + CDH_SIZE)
    51. 

  51. #define RTA_LIB_SIZE	(SZ_2M + SZ_2M)
    52. 

  52. 

  53. #define VRA_CODE_SIZE	SZ_512K
    54. 

  54. #define VRA_DATA_SIZE	SZ_256K
    55. 

  55. 

  56. #define DDK_CODE_SIZE	(SZ_2M + SZ_1M + SZ_256K + IS_RCHECKER_SIZE_RO)
    57. 

  57. #define DDK_DATA_SIZE	SZ_1M
    58. 

  58. 

  59. #define RTA_CODE_SIZE	SZ_2M
    60. 

  60. #define RTA_DATA_SIZE	SZ_2M
    61. 

  61. 

  62. #define LIB_END			(RTA_LIB_ADDR + RTA_CODE_SIZE + RTA_DATA_SIZE)
    63. 

  63. 

  64. static char rkp_test_buf[RKP_BUF_SIZE];
    65. 

  65. static unsigned long rkp_test_len = 0;
    66. 

  66. static unsigned long prot_user_l2 = 1;
    67. 

  67. 

  68. static DEFINE_RAW_SPINLOCK(par_lock);
    69. 

  69. static u64 *ha1;
    70. 

  70. static u64 *ha2;
    71. 

  71. 

  72. struct test_data {
    73. 

  73. 	u64 iter;
    74. 

  74. 	u64 pxn;
    75. 

  75. 	u64 no_pxn;
    76. 

  76. 	u64 read;
    77. 

  77. 	u64 write;
    78. 

  78. 	u64 cred_bkptr_match;
    79. 

  79. 	u64 cred_bkptr_mismatch;
    80. 

  80. };
    81. 

  81. 

  82. static void buf_print(const char *fmt, ...)
    83. 

  83. {
    84. 

  84. 	va_list aptr;
    85. 

  85. 

  86. 	if (rkp_test_len > RKP_BUF_SIZE - RKP_LINE_MAX) {
    87. 

  87. 		pr_err("RKP_TEST: Error Maximum buf");
    88. 

  88. 		return;
    89. 

  89. 	}
    90. 

  90. 	va_start(aptr, fmt);
    91. 

  91. 	rkp_test_len += vsprintf(rkp_test_buf+rkp_test_len, fmt, aptr);
    92. 

  92. 	va_end(aptr);
    93. 

  93. }
    94. 

  94. 

  95. //if RO, return true; RW return false
    96. 

  96. static bool hyp_check_page_ro(u64 va)
    97. 

  97. {
    98. 

  98. 	unsigned long flags;
    99. 

  99. 	u64 par = 0;
    100. 

  100. 

  101. 	raw_spin_lock_irqsave(&par_lock, flags);
    102. 

  102. 	uh_call(UH_APP_RKP, RKP_TEST_GET_PAR, (unsigned long)va, RKP_PA_WRITE, 0, 0);
    103. 

  103. 	par = *ha1;
    104. 

  104. 	raw_spin_unlock_irqrestore(&par_lock, flags);
    105. 

  105. 

  106. 	return (par & 0x1) ? true : false;
    107. 

  107. }
    108. 

  108. 

  109. static void hyp_check_l23pgt_rw(u64 *pg_l, unsigned int level, struct test_data *test)
    110. 

  110. {
    111. 

  111. 	unsigned int i;
    112. 

  112. 

  113. 	// Level is 1 2
    114. 

  114. 	if (level >= 3)
    115. 

  115. 		return;
    116. 

  116. 

  117. 	for (i = 0; i < 512; i++) {
    118. 

  118. 		if ((pg_l[i] & 3) == 3) {
    119. 

  119. 			test[level].iter++;
    120. 

  120. 			if (hyp_check_page_ro((u64)phys_to_virt(pg_l[i] & DESC_MASK)))
    121. 

  121. 				test[level].read++;
    122. 

  122. 			else
    123. 

  123. 				test[level].write++;
    124. 

  124. 

  125. 			hyp_check_l23pgt_rw((u64 *) (phys_to_virt(pg_l[i] & DESC_MASK)), level + 1, test);
    126. 

  126. 		}
    127. 

  127. 	}
    128. 

  128. }
    129. 

  129. 

  130. static pmd_t *get_addr_pmd(struct mm_struct *mm, unsigned long addr)
    131. 

  131. {
    132. 

  132. 	pgd_t *pgd;
    133. 

  133. 	pud_t *pud;
    134. 

  134. 	pmd_t *pmd;
    135. 

  135. 

  136. 	pgd = pgd_offset(mm, addr);
    137. 

  137. 	if (pgd_none(*pgd))
    138. 

  138. 		return NULL;
    139. 

  139. 

  140. 	pud = pud_offset((p4d_t *)pgd, addr);
    141. 

  141. 	if (pud_none(*pud))
    142. 

  142. 		return NULL;
    143. 

  143. 

  144. 	pmd = pmd_offset(pud, addr);
    145. 

  145. 	if (pmd_none(*pmd))
    146. 

  146. 		return NULL;
    147. 

  147. 

  148. 	return pmd;
    149. 

  149. }
    150. 

  150. 

  151. static int test_case_user_pgtable_ro(void)
    152. 

  152. {
    153. 

  153. 	struct task_struct *task;
    154. 

  154. 	struct test_data test[3] = {{0}, {0}, {0} };
    155. 

  155. 	struct mm_struct *mm = NULL;
    156. 

  156. 	int i;
    157. 

  157. 

  158. 	for_each_process(task) {
    159. 

  159. 		mm = task->active_mm;
    160. 

  160. 		if (!(mm) || !(mm->context.id.counter) || !(mm->pgd))
    161. 

  161. 			continue;
    162. 

  162. 

  163. 		if (hyp_check_page_ro((u64)(mm->pgd)))
    164. 

  164. 			test[0].read++;
    165. 

  165. 		else
    166. 

  166. 			test[0].write++;
    167. 

  167. 

  168. 		test[0].iter++;
    169. 

  169. 		hyp_check_l23pgt_rw(((u64 *) (mm->pgd)), 1, test);
    170. 

  170. 	}
    171. 

  171. 

  172. 	for (i = 0; i < 3; i++) {
    173. 

  173. 		buf_print("\t\tL%d TOTAL PAGES %6llu | READ ONLY %6llu | WRITABLE %6llu\n",
    174. 

  174. 			i+1, test[i].iter, test[i].read, test[i].write);
    175. 

  175. 	}
    176. 

  176. 

  177. 	//L1 and L2 pgtable should be RO
    178. 

  178. 	if ((!prot_user_l2) && (test[0].write == 0))
    179. 

  179. 		return 0;
    180. 

  180. 

  181. 	if ((test[0].write == 0) && (test[1].write == 0))
    182. 

  182. 		return 0; //pass
    183. 

  183. 	else
    184. 

  184. 		return 1; //fail
    185. 

  185. }
    186. 

  186. 

  187. static int test_case_kernel_pgtable_ro(void)
    188. 

  188. {
    189. 

  189. 	struct test_data test[3] = {{0}, {0}, {0} };
    190. 

  190. 	int i = 0;
    191. 

  191. 	// Check for swapper_pg_dir
    192. 

  192. 	test[0].iter++;
    193. 

  193. 	if (hyp_check_page_ro((u64)swapper_pg_dir))
    194. 

  194. 		test[0].read++;
    195. 

  195. 	else
    196. 

  196. 		test[0].write++;
    197. 

  197. 

  198. 	hyp_check_l23pgt_rw((u64 *)swapper_pg_dir, 1, test);
    199. 

  199. 

  200. 	for (i = 0; i < 3; i++)
    201. 

  201. 		buf_print("\t\tL%d TOTAL PAGE TABLES %6llu | READ ONLY %6llu |WRITABLE %6llu\n",
    202. 

  202. 			i+1, test[i].iter, test[i].read, test[i].write);
    203. 

  203. 

  204. 	if ((test[0].write == 0) && (test[1].write == 0))
    205. 

  205. 		return 0;
    206. 

  206. 	else
    207. 

  207. 		return 1;
    208. 

  208. }
    209. 

  209. 

  210. static int test_case_kernel_l3pgt_ro(void)
    211. 

  211. {
    212. 

  212. 	int rw = 0, ro = 0, i = 0;
    213. 

  213. 	u64 addrs[] = {
    214. 

  214. 		(u64)_text,
    215. 

  215. 		(u64)_etext
    216. 

  216. 	};
    217. 

  217. 	int len = sizeof(addrs)/sizeof(u64);
    218. 

  218. 

  219. 	pmd_t *pmd;
    220. 

  220. 	u64 pgt_addr;
    221. 

  221. 

  222. 	for (i = 0; i < len; i++) {
    223. 

  223. 		pmd = get_addr_pmd(&init_mm, addrs[i]);
    224. 

  224. 

  225. 		pgt_addr = (u64)phys_to_virt(((u64)(pmd_val(*pmd))) & DESC_MASK);
    226. 

  226. 		if (hyp_check_page_ro(pgt_addr))
    227. 

  227. 			ro++;
    228. 

  228. 		else
    229. 

  229. 			rw++;
    230. 

  230. 	}
    231. 

  231. 

  232. 	buf_print("\t\tKERNEL TEXT HEAD TAIL L3PGT | RO %6u | RW %6u\n", ro, rw);
    233. 

  233. 	return (rw == 0) ? 0 : 1;
    234. 

  234. }
    235. 

  235. 

  236. // return true if addr mapped, otherwise return false
    237. 

  237. static bool page_pxn_set(unsigned long addr, u64 *xn, u64 *x, u64 *v_x)
    238. 

  238. {
    239. 

  239. 	pgd_t *pgd;
    240. 

  240. 	pud_t *pud;
    241. 

  241. 	pmd_t *pmd;
    242. 

  242. 	pte_t *pte;
    243. 

  243. 

  244. 	pgd = pgd_offset_k(addr);
    245. 

  245. 	if (pgd_none(*pgd))
    246. 

  246. 		return false;
    247. 

  247. 

  248. 	pud = pud_offset((p4d_t *)pgd, addr);
    249. 

  249. 	if (pud_none(*pud))
    250. 

  250. 		return false;
    251. 

  251. 

  252. 	if (pud_sect(*pud)) {
    253. 

  253. 		if ((pud_val(*pud) & L012_BLOCK_PXN) > 0)
    254. 

  254. 			*xn += 1;
    255. 

  255. 		else
    256. 

  256. 			*x += 1;
    257. 

  257. 		return true;
    258. 

  258. 	}
    259. 

  259. 

  260. 	pmd = pmd_offset(pud, addr);
    261. 

  261. 	if (pmd_none(*pmd))
    262. 

  262. 		return false;
    263. 

  263. 

  264. 	if (pmd_sect(*pmd)) {
    265. 

  265. 		if ((pmd_val(*pmd) & L012_BLOCK_PXN) > 0)
    266. 

  266. 			*xn += 1;
    267. 

  267. 		else
    268. 

  268. 			*x += 1;
    269. 

  269. 		return true;
    270. 

  270. 	}
    271. 

  271. 

  272. 	if ((pmd_val(*pmd) & L012_TABLE_PXN) > 0) {
    273. 

  273. 		*xn += 1;
    274. 

  274. 		return true;
    275. 

  275. 	}
    276. 

  276. 

  277. 	// If pmd is table, such as kernel text head and tail, need to check L3
    278. 

  278. 	pte = pte_offset_kernel(pmd, addr);
    279. 

  279. 	if (pte_none(*pte))
    280. 

  280. 		return false;
    281. 

  281. 

  282. 	if ((pte_val(*pte) & L3_PAGE_PXN) > 0)
    283. 

  283. 		*xn += 1;
    284. 

  284. 	else {
    285. 

  285. 		if (addr >= (u64)__end_rodata) {
    286. 

  286. 			u64 res = 0;
    287. 

  287. 			uh_call(UH_APP_RKP, RKP_TEST_TEXT_VALID, addr, (u64)&res, 0, 0);
    288. 

  288. 			if (res)
    289. 

  289. 				*v_x += 1;
    290. 

  290. 		}
    291. 

  291. 		*x += 1;
    292. 

  292. 	}
    293. 

  293. 	return true;
    294. 

  294. }
    295. 

  295. 

  296. static void count_pxn(unsigned long pxn, int level, struct test_data *test)
    297. 

  297. {
    298. 

  298. 	test[level].iter++;
    299. 

  299. 	if (pxn)
    300. 

  300. 		test[level].pxn++;
    301. 

  301. 	else
    302. 

  302. 		test[level].no_pxn++;
    303. 

  303. }
    304. 

  304. 

  305. static void walk_pte(pmd_t *pmd, int level, struct test_data *test)
    306. 

  306. {
    307. 

  307. 	pte_t *pte = pte_offset_kernel(pmd, 0UL);
    308. 

  308. 	unsigned int i;
    309. 

  309. 	unsigned long prot;
    310. 

  310. 

  311. 	for (i = 0; i < PTRS_PER_PTE; i++, pte++) {
    312. 

  312. 		if (pte_none(*pte)) {
    313. 

  313. 			continue;
    314. 

  314. 		} else {
    315. 

  315. 			prot = pte_val(*pte) & L3_PAGE_PXN;
    316. 

  316. 			count_pxn(prot, level, test);
    317. 

  317. 		}
    318. 

  318. 	}
    319. 

  319. }
    320. 

  320. 

  321. static void walk_pmd(pud_t *pud, int level, struct test_data *test)
    322. 

  322. {
    323. 

  323. 	pmd_t *pmd = pmd_offset(pud, 0UL);
    324. 

  324. 	unsigned int i;
    325. 

  325. 	unsigned long prot;
    326. 

  326. 

  327. 	for (i = 0; i < PTRS_PER_PMD; i++, pmd++) {
    328. 

  328. 		if (pmd_none(*pmd)) {
    329. 

  329. 			continue;
    330. 

  330. 		} else if (pmd_sect(*pmd)) {
    331. 

  331. 			prot = pmd_val(*pmd) & L012_BLOCK_PXN;
    332. 

  332. 			count_pxn(prot, level, test);
    333. 

  333. 		} else {
    334. 

  334. 		/*
    335. 

  335. 		 * For user space, all L2 should have PXN, including block and
    336. 

  336. 		 * table. Only kernel text head and tail L2 table can have no
    337. 

  337. 		 * pxn, and kernel text middle L2 blocks can have no pxn
    338. 

  338. 		 */
    339. 

  339. 			BUG_ON(pmd_bad(*pmd));
    340. 

  340. 			prot = pmd_val(*pmd) & L012_TABLE_PXN;
    341. 

  341. 			count_pxn(prot, level, test);
    342. 

  342. 			walk_pte(pmd, level+1, test);
    343. 

  343. 		}
    344. 

  344. 	}
    345. 

  345. }
    346. 

  346. 

  347. static void walk_pud(pgd_t *pgd, int level, struct test_data *test)
    348. 

  348. {
    349. 

  349. 	pud_t *pud = pud_offset((p4d_t *)pgd, 0UL);
    350. 

  350. 	unsigned int i;
    351. 

  351. 

  352. 	for (i = 0; i < PTRS_PER_PUD; i++, pud++) {
    353. 

  353. 		if (pud_none(*pud) || pud_sect(*pud)) {
    354. 

  354. 			continue;
    355. 

  355. 		} else {
    356. 

  356. 			BUG_ON(pud_bad(*pud));
    357. 

  357. 			walk_pmd(pud, level, test);
    358. 

  358. 		}
    359. 

  359. 	}
    360. 

  360. }
    361. 

  361. 

  362. #define rkp_pgd_table		(_AT(pgdval_t, 1) << 1)
    363. 

  363. #define rkp_pgd_bad(pgd)	(!(pgd_val(pgd) & rkp_pgd_table))
    364. 

  364. static void walk_pgd(struct mm_struct *mm, int level, struct test_data *test)
    365. 

  365. {
    366. 

  366. 	pgd_t *pgd = pgd_offset(mm, 0UL);
    367. 

  367. 	unsigned int i;
    368. 

  368. 	unsigned long prot;
    369. 

  369. 

  370. 	for (i = 0; i < PTRS_PER_PGD; i++, pgd++) {
    371. 

  371. 		if (rkp_pgd_bad(*pgd)) {
    372. 

  372. 			continue;
    373. 

  373. 		} else { //table
    374. 

  374. 			prot = pgd_val(*pgd) & L012_TABLE_PXN;
    375. 

  375. 			count_pxn(prot, level, test);
    376. 

  376. 			walk_pud(pgd, level+1, test);
    377. 

  377. 		}
    378. 

  378. 	}
    379. 

  379. }
    380. 

  380. 

  381. #define MB (1024 * 1024)
    382. 

  382. #define ROBUFS_MAX (20 * MB / PAGE_SIZE)
    383. 

  383. #define ALLOC_DELAY 10
    384. 

  384. #define ALLOC_TRY_MAX 20
    385. 

  385. 

  386. static int test_case_guest_mem_alloc_and_free(void) {
    387. 

  387. 	u64* robufs;
    388. 

  388. 	int i, size = 0, alloc_try_cnt;
    389. 

  389. 

  390. 	robufs = kmalloc_array(ROBUFS_MAX, sizeof(u64), GFP_KERNEL);
    391. 

  391. 

  392. 	buf_print("guest_mem allocation start\n");
    393. 

  393. 	for (i = 0; i < ROBUFS_MAX; i++) {
    394. 

  394. 		alloc_try_cnt = 0;
    395. 

  395. 		robufs[i] = (u64)rkp_ro_alloc();
    396. 

  396. 

  397. 		while (!robufs[i] && alloc_try_cnt < ALLOC_TRY_MAX) {
    398. 

  398. 			alloc_try_cnt++;
    399. 

  399. 

  400. 			printk("ALLOC_TRY_CNT %d, Let's wait %d ms", alloc_try_cnt, ALLOC_DELAY);
    401. 

  401. 			buf_print("ALLOC_TRY_CNT %d, Let's wait %d ms\n", alloc_try_cnt, ALLOC_DELAY);
    402. 

  402. 

  403. 			msleep(ALLOC_DELAY);
    404. 

  404. 			robufs[i] = (u64)rkp_ro_alloc();
    405. 

  405. 		}
    406. 

  406. 

  407. 		if (alloc_try_cnt >= ALLOC_TRY_MAX) {
    408. 

  408. 			break;
    409. 

  409. 		}
    410. 

  410. 	}
    411. 

  411. 

  412. 	size = i;
    413. 

  413. 	printk("guest_mem allocation done. allocated size: 0x%lx", size * PAGE_SIZE);
    414. 

  414. 	buf_print("guest_mem allocation done. allocated size: 0x%lx\n", size * PAGE_SIZE);
    415. 

  415. 

  416. 	msleep(100);
    417. 

  417. 

  418. 	printk("guest_mem free start");
    419. 

  419. 	buf_print("guest_mem free start\n");
    420. 

  420. 

  421. 	for (i = 0; i < size; i++) {
    422. 

  422. 		rkp_ro_free((void *) robufs[i]);
    423. 

  423. 	}
    424. 

  424. 

  425. 	printk("guest_mem free done.");
    426. 

  426. 	buf_print("guest_mem free done.\n");
    427. 

  427. 

  428. 	kfree(robufs);
    429. 

  429. 

  430. 	return 0;
    431. 

  431. }
    432. 

  432. 

  433. static int test_case_user_pxn(void)
    434. 

  434. {
    435. 

  435. 	struct task_struct *task = NULL;
    436. 

  436. 	struct mm_struct *mm = NULL;
    437. 

  437. 	struct test_data test[3] = {{0}, {0}, {0} };
    438. 

  438. 	int i = 0;
    439. 

  439. 

  440. 	for_each_process(task) {
    441. 

  441. 		mm = task->active_mm;
    442. 

  442. 		if (!(mm) || !(mm->context.id.counter) || !(mm->pgd))
    443. 

  443. 			continue;
    444. 

  444. 

  445. 		/* Check if PXN bit is set */
    446. 

  446. 		walk_pgd(mm, 0, test);
    447. 

  447. 	}
    448. 

  448. 

  449. 	for (i = 0; i < 3; i++) {
    450. 

  450. 		buf_print("\t\tL%d TOTAL ENTRIES %6llu | PXN %6llu | NO_PXN %6llu\n",
    451. 

  451. 			i+1, test[i].iter, test[i].pxn, test[i].no_pxn);
    452. 

  452. 	}
    453. 

  453. 

  454. 	//all 2nd level entries should be PXN
    455. 

  455. 	if (test[0].no_pxn == 0) {
    456. 

  456. 		prot_user_l2 = 0;
    457. 

  457. 		return 0;
    458. 

  458. 	} else if (test[1].no_pxn == 0) {
    459. 

  459. 		prot_user_l2 = 1;
    460. 

  460. 		return 0;
    461. 

  461. 	} else {
    462. 

  462. 		return 1;
    463. 

  463. 	}
    464. 

  464. }
    465. 

  465. 

  466. struct mem_range {
    467. 

  467. 	u64 start_va;
    468. 

  468. 	u64 size; //in bytes
    469. 

  469. 	char *info;
    470. 

  470. 	bool no_rw;
    471. 

  471. 	bool no_x;
    472. 

  472. };
    473. 

  473. 

  474. struct test_case {
    475. 

  475. 	int (*fn)(void);
    476. 

  476. 	char *describe;
    477. 

  477. };
    478. 

  478. 

  479. static int test_case_kernel_range_rwx(void)
    480. 

  480. {
    481. 

  481. 	int ret = 0;
    482. 

  482. 	u64 ro = 0, rw = 0;
    483. 

  483. 	u64 xn = 0, x = 0;
    484. 

  484. 	u64 v_x = 0;
    485. 

  485. 	int i;
    486. 

  486. 	u64 j;
    487. 

  487. 	bool mapped = false;
    488. 

  488. 	u64 va_temp;
    489. 

  489. 

  490. 	struct mem_range test_ranges[] = {
    491. 

  491. 		{(u64)VMALLOC_START, ((u64)_text) - ((u64)VMALLOC_START), "VMALLOC -  STEXT", false, true},
    492. 

  492. 		{((u64)_text), ((u64)_etext) - ((u64)_text), "STEXT - ETEXT", true, false},
    493. 

  493. 		{((u64)_etext), ((u64) __end_rodata) - ((u64)_etext), "ETEXT - ERODATA", true, true},
    494. 

  494. #ifdef CONFIG_USE_DIRECT_IS_CONTROL /* FIMC */
    495. 

  495. 		{((u64) __end_rodata), VRA_LIB_ADDR-((u64) __end_rodata), "ERODATA - S_FIMC", false, true},
    496. 

  496. 		{VRA_LIB_ADDR, VRA_CODE_SIZE, "VRA CODE", true, false},
    497. 

  497. 		{VRA_LIB_ADDR + VRA_CODE_SIZE, VRA_DATA_SIZE, "VRA DATA", false, true},
    498. 

  498. 		{DDK_LIB_ADDR, DDK_CODE_SIZE, "DDK CODE", true, false},
    499. 

  499. 		{DDK_LIB_ADDR + DDK_CODE_SIZE, DDK_DATA_SIZE, "DDK_DATA", false, true},
    500. 

  500. 		{RTA_LIB_ADDR, RTA_CODE_SIZE, "RTA CODE", true, false},
    501. 

  501. 		{RTA_LIB_ADDR + RTA_CODE_SIZE, RTA_DATA_SIZE, "RTA DATA", false, true},
    502. 

  502. 		{LIB_END, MEM_END - LIB_END, "E_FIMC - MEM END", false, true},
    503. 

  503. #else
    504. 

  504. 		{((u64) __end_rodata), MEM_END-((u64) __end_rodata), "ERODATA -MEM_END", false, true},
    505. 

  505. #endif
    506. 

  506. 

  507. 	};
    508. 

  508. 	int len = sizeof(test_ranges)/sizeof(struct mem_range);
    509. 

  509. 

  510. 	buf_print("\t\t| MEMORY RANGES  | %16s - %16s | %8s %8s %8s %8s\n",
    511. 

  511. 		"START", "END", "RO", "RW", "PXN", "PX");
    512. 

  512. 	for (i = 0; i < len; i++) {
    513. 

  513. 		for (j = 0; j < test_ranges[i].size/PAGE_SIZE; j++) {
    514. 

  514. 			va_temp = test_ranges[i].start_va + j*PAGE_SIZE;
    515. 

  515. 			mapped = page_pxn_set(va_temp, &xn, &x, &v_x);
    516. 

  516. 			if (!mapped)
    517. 

  517. 				continue;
    518. 

  518. 			// only for mapped pages
    519. 

  519. 			if (hyp_check_page_ro(va_temp))
    520. 

  520. 				ro += 1;
    521. 

  521. 			else
    522. 

  522. 				rw += 1;
    523. 

  523. 		}
    524. 

  524. 

  525. 		buf_print("\t\t|%s| %016llx - %016llx | %8llu %8llu %8llu %8llu\n",
    526. 

  526. 			test_ranges[i].info, test_ranges[i].start_va,
    527. 

  527. 			test_ranges[i].start_va + test_ranges[i].size,
    528. 

  528. 			ro, rw, xn, x);
    529. 

  529. 

  530. 		if (test_ranges[i].no_rw && (rw != 0)) {
    531. 

  531. 			buf_print("RKP_TEST FAILED, NO RW PAGE ALLOWED, rw=%llu\n", rw);
    532. 

  532. 			ret++;
    533. 

  533. 		}
    534. 

  534. 

  535. 		if (test_ranges[i].no_x && (x != 0)) {
    536. 

  536. 			if (x == v_x)
    537. 

  537. 				break;
    538. 

  538. 			buf_print("RKP_TEST FAILED, NO X PAGE ALLOWED, x=%llu\n", x);
    539. 

  539. 			ret++;
    540. 

  540. 		}
    541. 

  541. 

  542. 		if ((rw != 0) && (x != 0)) {
    543. 

  543. 			if (x == v_x)
    544. 

  544. 				break;
    545. 

  545. 			buf_print("RKP_TEST FAILED, NO RWX PAGE ALLOWED, rw=%llu, x=%llu\n", rw, x);
    546. 

  546. 			ret++;
    547. 

  547. 		}
    548. 

  548. 

  549. 		ro = 0; rw = 0;
    550. 

  550. 		xn = 0; x = 0;
    551. 

  551. 		v_x = 0;
    552. 

  552. 	}
    553. 

  553. 

  554. 	return ret;
    555. 

  555. }
    556. 

  556. 

  557. ssize_t	rkp_read(struct file *filep, char __user *buffer, size_t count, loff_t *ppos)
    558. 

  558. {
    559. 

  559. 	int ret = 0, temp_ret = 0, i = 0;
    560. 

  560. 	struct test_case tc_funcs[] = {
    561. 

  561. 		{test_case_user_pxn,		"TEST USER_PXN"},
    562. 

  562. 		{test_case_user_pgtable_ro,	"TEST USER_PGTABLE_RO"},
    563. 

  563. 		{test_case_kernel_pgtable_ro,	"TEST KERNEL_PGTABLE_RO"},
    564. 

  564. 		{test_case_kernel_l3pgt_ro,	"TEST KERNEL TEXT HEAD TAIL L3PGT RO"},
    565. 

  565. 		{test_case_kernel_range_rwx,	"TEST KERNEL_RANGE_RWX"},
    566. 

  566. 		{test_case_guest_mem_alloc_and_free,	"TEST GUEST_MEM_ALLOC_AND_FREE"},
    567. 

  567. 	};
    568. 

  568. 	int tc_num = sizeof(tc_funcs)/sizeof(struct test_case);
    569. 

  569. 

  570. 	static bool done = false;
    571. 

  571. 

  572. 	if (done)
    573. 

  573. 		return 0;
    574. 

  574. 	done = true;
    575. 

  575. 

  576. 	if ((!ha1) || (!ha2)) {
    577. 

  577. 		buf_print("ERROR RKP_TEST ha1 is NULL\n");
    578. 

  578. 		goto error;
    579. 

  579. 	}
    580. 

  580. 

  581. 	for (i = 0; i < tc_num; i++) {
    582. 

  582. 		buf_print("RKP_TEST_CASE %d ===========> RUNNING %s\n", i, tc_funcs[i].describe);
    583. 

  583. 		temp_ret = tc_funcs[i].fn();
    584. 

  584. 

  585. 		if (temp_ret) {
    586. 

  586. 			buf_print("RKP_TEST_CASE %d ===========> %s FAILED WITH %d ERRORS\n",
    587. 

  587. 				i, tc_funcs[i].describe, temp_ret);
    588. 

  588. 		} else {
    589. 

  589. 			buf_print("RKP_TEST_CASE %d ===========> %s PASSED\n", i, tc_funcs[i].describe);
    590. 

  590. 		}
    591. 

  591. 

  592. 		ret += temp_ret;
    593. 

  593. 	}
    594. 

  594. 

  595. 	if (ret)
    596. 

  596. 		buf_print("RKP_TEST SUMMARY: FAILED WITH %d ERRORS\n", ret);
    597. 

  597. 	else
    598. 

  598. 		buf_print("RKP_TEST SUMMARY: PASSED\n");
    599. 

  599. 

  600. error:
    601. 

  601. 	return simple_read_from_buffer(buffer, count, ppos, rkp_test_buf, rkp_test_len);
    602. 

  602. }
    603. 

  603. 

  604. static const struct proc_ops rkp_proc_fops = {
    605. 

  605. 	.proc_read	= rkp_read,
    606. 

  606. };
    607. 

  607. 

  608. static int __init rkp_test_init(void)
    609. 

  609. {
    610. 

  610. 	u64 va;
    611. 

  611. 

  612. 	if (proc_create("rkp_test", 0444, NULL, &rkp_proc_fops) == NULL) {
    613. 

  613. 		pr_err("RKP_TEST: Error creating proc entry");
    614. 

  614. 		return -1;
    615. 

  615. 	}
    616. 

  616. 

  617. 	va = __get_free_page(GFP_KERNEL | __GFP_ZERO);
    618. 

  618. 	if (!va)
    619. 

  619. 		return -1;
    620. 

  620. 	uh_call(UH_APP_RKP, RKP_TEST_INIT, va, 0, 0, 0);
    621. 

  621. 

  622. 	ha1 = (u64 *)va;
    623. 

  623. 	ha2 = (u64 *)(va + 8);
    624. 

  624. 

  625. 	return 0;
    626. 

  626. }
    627. 

  627. 

  628. static void __exit rkp_test_exit(void)
    629. 

  629. {
    630. 

  630. 	uh_call(UH_APP_RKP, RKP_TEST_EXIT, (u64)ha1, 0, 0, 0);
    631. 

  631. 	free_page((unsigned long)ha1);
    632. 

  632. 

  633. 	remove_proc_entry("rkp_test", NULL);
    634. 

  634. }
    635. 

  635. 

  636. module_init(rkp_test_init);
    637. 

  637. module_exit(rkp_test_exit);
    638. 

  638.