From patchwork Thu Nov 15 09:00:08 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pengfei Xu <pengfei.xu@intel.com>
X-Patchwork-Id: 998171
Return-Path: <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=lists.linux.it
	(client-ip=2001:1418:10:5::2; helo=picard.linux.it;
	envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=intel.com
Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 42wZwQ3Yjxz9sBQ
	for <incoming@patchwork.ozlabs.org>;
	Thu, 15 Nov 2018 19:56:17 +1100 (AEDT)
Received: from picard.linux.it (localhost [IPv6:::1])
	by picard.linux.it (Postfix) with ESMTP id 70DAB3E74CE
	for <incoming@patchwork.ozlabs.org>;
	Thu, 15 Nov 2018 09:56:14 +0100 (CET)
X-Original-To: ltp@lists.linux.it
Delivered-To: ltp@picard.linux.it
Received: from in-4.smtp.seeweb.it (in-4.smtp.seeweb.it
	[IPv6:2001:4b78:1:20::4])
	by picard.linux.it (Postfix) with ESMTP id 055653E6607
	for <ltp@lists.linux.it>; Thu, 15 Nov 2018 09:56:11 +0100 (CET)
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by in-4.smtp.seeweb.it (Postfix) with ESMTPS id 6396610011D5
	for <ltp@lists.linux.it>; Thu, 15 Nov 2018 09:56:08 +0100 (CET)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
	by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	15 Nov 2018 00:56:04 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,235,1539673200"; d="scan'208";a="108745153"
Received: from xpf-desktop.sh.intel.com ([10.239.13.102])
	by orsmga002.jf.intel.com with ESMTP; 15 Nov 2018 00:56:04 -0800
From: Pengfei Xu <pengfei.xu@intel.com>
To: ltp@lists.linux.it, Pengfei Xu <pengfei.xu@intel.com>,
	Cyril Hrubis <chrubis@suse.cz>, Ricardo Neri <ricardo.neri@intel.com>
Date: Thu, 15 Nov 2018 17:00:08 +0800
Message-Id: <20181115090008.11440-1-pengfei.xu@intel.com>
X-Mailer: git-send-email 2.14.1
X-Virus-Scanned: clamav-milter 0.99.2 at in-4.smtp.seeweb.it
X-Virus-Status: Clean
X-Spam-Status: No, score=-0.0 required=7.0 tests=SPF_PASS autolearn=disabled
	version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	in-4.smtp.seeweb.it
Subject: [LTP] [PATCH v3 ltp] Add Intel umip(User Mode Instruction
	Prevention) basic function tests
X-BeenThere: ltp@lists.linux.it
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Linux Test Project <ltp.lists.linux.it>
List-Unsubscribe: <https://lists.linux.it/options/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=unsubscribe>
List-Archive: <http://lists.linux.it/pipermail/ltp/>
List-Post: <mailto:ltp@lists.linux.it>
List-Help: <mailto:ltp-request@lists.linux.it?subject=help>
List-Subscribe: <https://lists.linux.it/listinfo/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=subscribe>
MIME-Version: 1.0
Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it
Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>

umip is a security feature present in new Intel Processors.
  Intel CPU like ICE lake or newer is required.
  When umip enabled, it prevents the execution of certain instructions
  and situation as below:
    when Current Privilege Level (CPL) is greater than 0, user space
    applications could not access to system-wide settings such as
    the global and local descriptor tables, the segment selectors to
    the current task state and the local descriptor table.
  umip is enabled by default at boot.
  umip will protect below instructions in user mode:
    * SGDT - Store Global Descriptor Table
    * SIDT - Store Interrupt Descriptor Table
    * SLDT - Store Local Descriptor Table
    * SMSW - Store Machine Status Word
    * STR  - Store Task Register
  If CPU not support umip, you still could comment cpuinfo check code
  to verify anyway.

Signed-off-by: Pengfei Xu <pengfei.xu@intel.com>
---
 runtest/secure_umip                           |   2 +
 testcases/kernel/security/umip/Makefile       |   7 +
 testcases/kernel/security/umip/umip_gp_test.c | 203 ++++++++++++++++++++++++++
 3 files changed, 212 insertions(+)
 create mode 100644 runtest/secure_umip
 create mode 100644 testcases/kernel/security/umip/Makefile
 create mode 100644 testcases/kernel/security/umip/umip_gp_test.c

diff --git a/runtest/secure_umip b/runtest/secure_umip
new file mode 100644
index 000000000..4082bc2a3
--- /dev/null
+++ b/runtest/secure_umip
@@ -0,0 +1,2 @@
+#DESCRIPTION: CPU security feature UMIP test
+umip_instruction_test umip_gp_test
diff --git a/testcases/kernel/security/umip/Makefile b/testcases/kernel/security/umip/Makefile
new file mode 100644
index 000000000..18896b6f2
--- /dev/null
+++ b/testcases/kernel/security/umip/Makefile
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+top_srcdir		?= ../../../..
+
+include $(top_srcdir)/include/mk/testcases.mk
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/security/umip/umip_gp_test.c b/testcases/kernel/security/umip/umip_gp_test.c
new file mode 100644
index 000000000..12a6d9c53
--- /dev/null
+++ b/testcases/kernel/security/umip/umip_gp_test.c
@@ -0,0 +1,203 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+/*
+ * testcases/security/umip/umip_gp_test.c
+ * Copyright (C) 2018 Intel Corporation
+ * Author: Neri, Ricardo <ricardo.neri@intel.com>
+ *	 Pengfei, Xu   <pengfei.xu@intel.com>
+ */
+
+/*
+ * This test will check if Intel umip(User-Mode Execution Prevention) is
+ * working.
+ *
+ * Intel CPU of ICE lake or newer is required for the test
+ * kconfig requirement:CONFIG_X86_INTEL_UMIP=y
+ *
+ */
+
+#define _GNU_SOURCE
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/wait.h>
+#include <signal.h>
+
+#include "tst_test.h"
+
+#define CPUINFO_FILE "/proc/cpuinfo"
+
+#define GDT_LEN 10
+#define IDT_LEN 10
+#define EXIT_VALUE 200
+
+static int fd = -1, sigsegv_cnt;
+
+static struct tcase {
+	enum {
+	sgdt,
+	sidt,
+	sldt,
+	smsw,
+	str
+	} option;
+	int exp_sig;
+} tcases[] = {
+	{sgdt, SIGSEGV},
+	{sidt, SIGSEGV},
+	{sldt, SIGSEGV},
+	{smsw, SIGSEGV},
+	{str, SIGSEGV},
+};
+
+static void asm_sgdt(void)
+{
+	unsigned char val[GDT_LEN];
+
+	memset(val, 0, sizeof(val));
+	tst_res(TINFO, "TEST sgdt, sgdt result save at [%p]", val);
+	asm volatile("sgdt %0\n" : "=m" (val));
+	tst_res(TINFO, "Test sgdt instruction finished");
+}
+
+static void asm_sidt(void)
+{
+	unsigned char val[IDT_LEN];
+
+	memset(val, 0, sizeof(val));
+	tst_res(TINFO, "TEST sidt, sidt result save at [%p]\n", val);
+	asm volatile("sidt %0\n" : "=m" (val));
+	tst_res(TINFO, "Test sidt instruction finished");
+}
+
+static void asm_sldt(void)
+{
+	unsigned long val;
+
+	tst_res(TINFO, "TEST sldt, sldt result save at [%p]\n", &val);
+	asm volatile("sldt %0\n" : "=m" (val));
+	tst_res(TINFO, "Test sldt instruction finished");
+}
+
+static void asm_smsw(void)
+{
+	unsigned long val;
+
+	tst_res(TINFO, "TEST smsw, smsw result save at [%p]\n", &val);
+	asm volatile("smsw %0\n" : "=m" (val));
+	tst_res(TINFO, "Test sidt instruction finished");
+}
+
+static void asm_str(void)
+{
+	unsigned long val;
+
+	tst_res(TINFO, "TEST str, str result save at [%p]\n", &val);
+	asm volatile("str %0\n" : "=m" (val));
+	tst_res(TINFO, "Test str instruction finished");
+}
+
+static void verify_umip_instruction(unsigned int n)
+{
+	int es = -1, status;
+	pid_t pid;
+	struct tcase *tc = &tcases[n];
+
+	pid = SAFE_FORK();
+	if (pid == 0) {
+		switch (tc->option) {
+		case 0:
+			asm_sgdt();
+			break;
+		case 1:
+			asm_sidt();
+			break;
+		case 2:
+			asm_sldt();
+			break;
+		case 3:
+			asm_smsw();
+			break;
+		case 4:
+			asm_str();
+			break;
+		default:
+			tst_brk(TCONF, "Invalid tcase parameter:%d",
+				tc->option);
+		}
+	} else {
+		sleep(1);
+		SAFE_KILL(pid, SIGINT);
+	}
+
+	SAFE_WAITPID(pid, &status, 0);
+
+	if (WIFEXITED(status)) {
+		es = WEXITSTATUS(status);
+		tst_res(TPASS, "Child pid stopped as expected status:%d",
+			status);
+	} else
+		tst_res(TFAIL, "Could not get pid return value");
+	if (es == EXIT_VALUE) {
+		tst_res(TPASS, "Received expected return value %d", es);
+	} else {
+		tst_res(TWARN,
+			"Please confirm kconfig already set CONFIG_X86_INTEL_UMIP=y");
+		tst_res(TFAIL,
+			"Didn't receive SIGSEGV #11, return %d, expect:%d",
+			es, EXIT_VALUE);
+	}
+}
+
+static void sig_handler(int signal)
+{
+	int exp_sigsegv = 11;
+
+	if (exp_sigsegv == signal) {
+		sigsegv_cnt++;
+		tst_res(TPASS, "Received SIGSEGV signal:%d, num:%d",
+			signal, sigsegv_cnt);
+		// signal handler by app, kernel will not kill, need exit
+		exit(EXIT_VALUE);
+	} else {
+		tst_res(TWARN, "Received unexpected signal:%d", signal);
+	}
+}
+
+static void setup(void)
+{
+	int max = 2048, find = 0;
+	char buf[max];
+
+	// cpuinfo should contain umip
+	fd = SAFE_OPEN(CPUINFO_FILE, O_RDONLY);
+	if (read(fd, buf, max) < 0)
+		tst_brk(TCONF, "read /proc/cpuinfo failed");
+	else if (strstr(buf, "umip")) {
+		tst_res(TINFO, "cpuinfo contain umip, cpu support umip");
+		find = 1;
+	}
+	if (find == 0)
+		tst_brk(TCONF,
+			"cpuinfo does not contain umip, not support umip");
+	SAFE_CLOSE(fd);
+
+	SAFE_SIGNAL(SIGSEGV, sig_handler);
+}
+
+static void cleanup(void)
+{
+	if (fd != -1)
+		SAFE_CLOSE(fd);
+}
+
+static struct tst_test test = {
+	.min_kver = "4.1",
+	.setup = setup,
+	.tcnt = ARRAY_SIZE(tcases),
+	.forks_child = 1,
+	.test = verify_umip_instruction,
+	.cleanup = cleanup,
+	.needs_root = 1,
+};