The patch titled
Subject: selftests/mm: virtual_address_range: avoid reading from VM_IO mappings
has been added to the -mm mm-unstable branch. Its filename is
selftests-mm-virtual_address_range-avoid-reading-from-vm_io-mappings.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/selftests-mm-virtual_address_range-avoid-reading-from-vm_io-mappings.patch
This patch will later appear in the mm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Thomas WeiÃ?schuh <thomas.weissschuh@xxxxxxxxxxxxx>
Subject: selftests/mm: virtual_address_range: avoid reading from VM_IO mappings
Date: Mon, 13 Jan 2025 14:15:38 +0100
The virtual_address_range selftest reads from the start of each mapping
listed in /proc/self/maps. However not all mappings are valid to be
arbitrarily accessed.
For example the vvar data used for virtual clocks on x86 [vvar_vclock] can
only be accessed if 1) the kernel configuration enables virtual clocks and
2) the hypervisor provided the data for it. Only the VDSO itself has the
necessary information to know this. Since commit e93d2521b27f ("x86/vdso:
Split virtual clock pages into dedicated mapping") the virtual clock data
was split out into its own mapping, leading to EFAULT from read() during
the validation.
Check for the VM_IO flag as a proxy. It is present for the VVAR mappings
and MMIO ranges can be dangerous to access arbitrarily.
Link: https://lkml.kernel.org/r/20250113-virtual_address_range-tests-v3-4-f4a8e6b7feed@xxxxxxxxxxxxx
Fixes: e93d2521b27f ("x86/vdso: Split virtual clock pages into dedicated mapping")
Fixes: 010409649885 ("selftests/mm: confirm VA exhaustion without reliance on correctness of mmap()")
Signed-off-by: Thomas WeiÃ?schuh <thomas.weissschuh@xxxxxxxxxxxxx>
Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
Closes: https://lore.kernel.org/oe-lkp/202412271148.2656e485-lkp@xxxxxxxxx
Suggested-by: David Hildenbrand <david@xxxxxxxxxx>
Link: https://lore.kernel.org/lkml/e97c2a5d-c815-4936-a767-ac42a3220a90@xxxxxxxxxx/
Cc: Dev Jain <dev.jain@xxxxxxx>
Cc: Shuah Khan (Samsung OSG) <shuah@xxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
tools/testing/selftests/mm/virtual_address_range.c | 4 ++
tools/testing/selftests/mm/vm_util.c | 21 +++++++++++
tools/testing/selftests/mm/vm_util.h | 1
3 files changed, 26 insertions(+)
--- a/tools/testing/selftests/mm/virtual_address_range.c~selftests-mm-virtual_address_range-avoid-reading-from-vm_io-mappings
+++ a/tools/testing/selftests/mm/virtual_address_range.c
@@ -15,6 +15,7 @@
#include <sys/time.h>
#include <fcntl.h>
+#include "vm_util.h"
#include "../kselftest.h"
/*
@@ -159,6 +160,9 @@ static int validate_complete_va_space(vo
if (prot[0] != 'r')
continue;
+ if (check_vmflag_io((void *)start_addr))
+ continue;
+
/*
* Confirm whether MAP_CHUNK_SIZE chunk can be found or not.
* If write succeeds, no need to check MAP_CHUNK_SIZE - 1
--- a/tools/testing/selftests/mm/vm_util.c~selftests-mm-virtual_address_range-avoid-reading-from-vm_io-mappings
+++ a/tools/testing/selftests/mm/vm_util.c
@@ -400,3 +400,24 @@ unsigned long get_free_hugepages(void)
fclose(f);
return fhp;
}
+
+bool check_vmflag_io(void *addr)
+{
+ char *saveptr, *flag, *strtok_arg;
+ char buffer[MAX_LINE_LENGTH];
+
+ strtok_arg = __get_smap_entry(addr, "VmFlags:", buffer, sizeof(buffer));
+ if (!strtok_arg)
+ ksft_exit_fail_msg("%s: No VmFlags for %p\n", __func__, addr);
+
+ while (true) {
+ flag = strtok_r(strtok_arg, " ", &saveptr);
+ if (!flag)
+ break;
+ if (strcmp(flag, "io") == 0)
+ return true;
+ strtok_arg = NULL;
+ }
+
+ return false;
+}
--- a/tools/testing/selftests/mm/vm_util.h~selftests-mm-virtual_address_range-avoid-reading-from-vm_io-mappings
+++ a/tools/testing/selftests/mm/vm_util.h
@@ -53,6 +53,7 @@ int uffd_unregister(int uffd, void *addr
int uffd_register_with_ioctls(int uffd, void *addr, uint64_t len,
bool miss, bool wp, bool minor, uint64_t *ioctls);
unsigned long get_free_hugepages(void);
+bool check_vmflag_io(void *addr);
/*
* On ppc64 this will only work with radix 2M hugepage size
_
Patches currently in -mm which might be from thomas.weissschuh@xxxxxxxxxxxxx are
selftests-mm-virtual_address_range-mmap-without-prot_write.patch
selftests-mm-virtual_address_range-unmap-chunks-after-validation.patch
selftests-mm-vm_util-split-up-proc-self-smaps-parsing.patch
selftests-mm-virtual_address_range-avoid-reading-from-vm_io-mappings.patch
