From: Djordje Kovacevic <djordje.kovacevic@xxxxxxx> The RMM/Host could inject Synchronous External Aborts in to the Realm for various reasons. RMM injects the SEA for : * Instruction/Data fetch from an IPA that is in RIPAS_EMPTY state * Instruction fetch from an Unprotected IPA. Trigger these conditions from within the Realm and verify that the SEAs are received. Signed-off-by: Djordje Kovacevic <djordje.kovacevic@xxxxxxx> Signed-off-by: Suzuki K Poulose <suzuki.poulose@xxxxxxx> Signed-off-by: Joey Gouly <joey.gouly@xxxxxxx> --- arm/Makefile.arm64 | 1 + arm/realm-sea.c | 143 +++++++++++++++++++++++++++++++++++++++++++++ arm/unittests.cfg | 6 ++ 3 files changed, 150 insertions(+) create mode 100644 arm/realm-sea.c diff --git a/arm/Makefile.arm64 b/arm/Makefile.arm64 index 90ec6815..8448af36 100644 --- a/arm/Makefile.arm64 +++ b/arm/Makefile.arm64 @@ -35,6 +35,7 @@ tests += $(TEST_DIR)/cache.flat tests += $(TEST_DIR)/debug.flat tests += $(TEST_DIR)/realm-rsi.flat tests += $(TEST_DIR)/realm-fpu.flat +tests += $(TEST_DIR)/realm-sea.flat include $(SRCDIR)/$(TEST_DIR)/Makefile.common diff --git a/arm/realm-sea.c b/arm/realm-sea.c new file mode 100644 index 00000000..5ef3e2a4 --- /dev/null +++ b/arm/realm-sea.c @@ -0,0 +1,143 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2022 Arm Limited. + * All rights reserved. + */ +#include <libcflat.h> +#include <vmalloc.h> +#include <asm/ptrace.h> +#include <asm/thread_info.h> +#include <asm/mmu.h> +#include <asm/rsi.h> +#include <linux/compiler.h> +#include <alloc_page.h> +#include <asm/pgtable.h> + +typedef void (*empty_fn)(void); + +static bool test_passed; + +/* + * The virtual address of the page that the test has made the access to + * in order to cause the I/DAbort with I/DFSC = Synchronous External Abort. + */ +static void* target_page_va; + +/* + * Ensure that the @va is the executable location from EL1: + * - SCTLR_EL1.WXN must be off. + * - Disable the access from EL0 (controlled by AP[1] in PTE). + */ +static void enable_instruction_fetch(void* va) +{ + unsigned long sctlr = read_sysreg(sctlr_el1); + if (sctlr & SCTLR_EL1_WXN) { + sctlr &= ~SCTLR_EL1_WXN; + write_sysreg(sctlr, sctlr_el1); + isb(); + flush_tlb_all(); + } + + mmu_clear_user(current_thread_info()->pgtable, (u64)va); +} + +static void data_abort_handler(struct pt_regs *regs, unsigned int esr) +{ + if ((esr & ESR_EL1_FSC_MASK) == ESR_EL1_FSC_EXTABT) + test_passed = true; + + report_info("esr = %x", esr); + /* + * Advance the PC to complete the test. + */ + regs->pc += 4; +} + +static void data_access_to_empty(void) +{ + test_passed = false; + target_page_va = alloc_page(); + phys_addr_t empty_ipa = virt_to_phys(target_page_va); + + arm_set_memory_shared(empty_ipa, SZ_4K); + + install_exception_handler(EL1H_SYNC, ESR_EL1_EC_DABT_EL1, data_abort_handler); + READ_ONCE(((char*)target_page_va)[0x55]); + install_exception_handler(EL1H_SYNC, ESR_EL1_EC_DABT_EL1, NULL); + + report(test_passed, " "); +} + +static void instruction_abort_handler(struct pt_regs *regs, unsigned int esr) +{ + if (((esr & ESR_EL1_FSC_MASK) == ESR_EL1_FSC_EXTABT) && + (regs->pc == (u64)target_page_va)) + test_passed = true; + + report_info("esr = %x", esr); + /* + * Simulate the RET instruction to complete the test. + */ + regs->pc = regs->regs[30]; +} + +static void instr_fetch_from_empty(void) +{ + phys_addr_t empty_ipa; + + test_passed = false; + target_page_va = alloc_page(); + enable_instruction_fetch(target_page_va); + + empty_ipa = virt_to_phys((void*)target_page_va); + + arm_set_memory_shared(empty_ipa, SZ_4K); + + install_exception_handler(EL1H_SYNC, ESR_EL1_EC_IABT_EL1, instruction_abort_handler); + /* + * This should cause the IAbort with IFSC = SEA + */ + ((empty_fn)target_page_va)(); + install_exception_handler(EL1H_SYNC, ESR_EL1_EC_IABT_EL1, NULL); + + report(test_passed, " "); +} + +static void instr_fetch_from_unprotected(void) +{ + test_passed = false; + /* + * The test will attempt to execute an instruction from the start of + * the unprotected IPA space. + */ + target_page_va = vmap(PTE_NS_SHARED, SZ_4K); + enable_instruction_fetch(target_page_va); + + install_exception_handler(EL1H_SYNC, ESR_EL1_EC_IABT_EL1, instruction_abort_handler); + /* + * This should cause the IAbort with IFSC = SEA + */ + ((empty_fn)target_page_va)(); + install_exception_handler(EL1H_SYNC, ESR_EL1_EC_IABT_EL1, NULL); + + report(test_passed, " "); +} + +int main(int argc, char **argv) +{ + report_prefix_push("in_realm_sea"); + + report_prefix_push("data_access_to_empty"); + data_access_to_empty(); + report_prefix_pop(); + + report_prefix_push("instr_fetch_from_empty"); + instr_fetch_from_empty(); + report_prefix_pop(); + + report_prefix_push("instr_fetch_from_unprotected"); + instr_fetch_from_unprotected(); + report_prefix_pop(); + + return report_summary(); +} diff --git a/arm/unittests.cfg b/arm/unittests.cfg index a60dc6a9..bc2354c7 100644 --- a/arm/unittests.cfg +++ b/arm/unittests.cfg @@ -305,3 +305,9 @@ smp = 2 groups = nodefault realms accel = kvm arch = arm64 + +[realm-sea] +file = realm-sea.flat +groups = nodefault realms +accel = kvm +arch = arm64 -- 2.17.1