[PATCH 13/14] KVM: arm64: Enable the CONFIG_TEST UBSan for PKVM.

Mon, 14 Sep 2020 10:31:21 -0700 

From: George Popescu <georgep...@google.com>

Test the UBsan functionality for the hyp/nVHE code.
Because modules are not supported inside of hyp/nVHE code, the default
testing module for UBSan can not be used. For this purpose new functions
are defined inside of hyp/nVHE.

Test UBSan only when the hypervisor is initialized to prevent spamming
the boot messages.

Signed-off-by: George Popescu <georgep...@google.com>
---
 arch/arm64/kvm/Kconfig               |   3 +
 arch/arm64/kvm/arm.c                 |   8 ++
 arch/arm64/kvm/hyp/nvhe/Makefile     |   1 +
 arch/arm64/kvm/hyp/nvhe/ubsan_test.c | 115 +++++++++++++++++++++++++++
 4 files changed, 127 insertions(+)
 create mode 100644 arch/arm64/kvm/hyp/nvhe/ubsan_test.c

diff --git a/arch/arm64/kvm/Kconfig b/arch/arm64/kvm/Kconfig
index 318c8f2df245..b6581f2512fb 100644
--- a/arch/arm64/kvm/Kconfig
+++ b/arch/arm64/kvm/Kconfig
@@ -60,6 +60,9 @@ config KVM_ARM_PMU
 config KVM_INDIRECT_VECTORS
        def_bool HARDEN_BRANCH_PREDICTOR || RANDOMIZE_BASE
 
+config NVHE_KVM_TEST_UBSAN
+       def_bool (TEST_UBSAN != n)
+
 endif # KVM
 
 endif # VIRTUALIZATION
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index eff57069e103..5468fa5599cf 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -1297,6 +1297,14 @@ static void cpu_init_hyp_mode(void)
        BUG_ON(!system_capabilities_finalized());
        __kvm_call_hyp((void *)pgd_ptr, hyp_stack_ptr, vector_ptr, tpidr_el2);
 
+#ifdef CONFIG_NVHE_KVM_TEST_UBSAN
+       static bool test_ubsan_run;
+
+       if (!test_ubsan_run && (smp_processor_id() == 0)) {
+               test_ubsan_run = true;
+               kvm_call_hyp_nvhe(__kvm_test_ubsan);
+       }
+#endif
        /*
         * Disabling SSBD on a non-VHE system requires us to enable SSBS
         * at EL2.
diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile
index cc082e516353..2b495fe41f2b 100644
--- a/arch/arm64/kvm/hyp/nvhe/Makefile
+++ b/arch/arm64/kvm/hyp/nvhe/Makefile
@@ -12,6 +12,7 @@ obj-y += ../vgic-v3-sr.o ../aarch32.o 
../vgic-v2-cpuif-proxy.o ../entry.o \
 
 CFLAGS_ubsan.hyp.tmp.o += -I $(srctree)/lib/
 obj-$(CONFIG_UBSAN) += ubsan.o
+obj-$(CONFIG_NVHE_KVM_TEST_UBSAN) += ubsan_test.o
 
 obj-y := $(patsubst %.o,%.hyp.o,$(obj-y))
 extra-y := $(patsubst %.hyp.o,%.hyp.tmp.o,$(obj-y))
diff --git a/arch/arm64/kvm/hyp/nvhe/ubsan_test.c 
b/arch/arm64/kvm/hyp/nvhe/ubsan_test.c
new file mode 100644
index 000000000000..f4e7b3ed3cf5
--- /dev/null
+++ b/arch/arm64/kvm/hyp/nvhe/ubsan_test.c
@@ -0,0 +1,115 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/percpu-defs.h>
+#include <asm/kvm_asm.h>
+
+typedef void(*test_ubsan_fp)(void);
+
+static void test_ubsan_add_overflow(void)
+{
+       volatile int val = INT_MAX;
+
+       val += 2;
+}
+
+static void test_ubsan_sub_overflow(void)
+{
+       volatile int val = INT_MIN;
+       volatile int val2 = 2;
+
+       val -= val2;
+}
+
+static void test_ubsan_mul_overflow(void)
+{
+       volatile int val = INT_MAX / 2;
+
+       val *= 3;
+}
+
+static void test_ubsan_negate_overflow(void)
+{
+       volatile int val = INT_MIN;
+
+       val = -val;
+}
+
+static void test_ubsan_divrem_overflow(void)
+{
+       volatile int val = 16;
+       volatile int val2 = 0;
+
+       val /= val2;
+}
+
+static void test_ubsan_shift_out_of_bounds(void)
+{
+       volatile int val = -1;
+       int val2 = 10;
+
+       val2 <<= val;
+}
+
+static void test_ubsan_out_of_bounds(void)
+{
+       volatile int i = 4, j = 5;
+       volatile int arr[4];
+
+       arr[j] = i;
+}
+
+static void test_ubsan_load_invalid_value(void)
+{
+       volatile char *dst, *src;
+       bool val, val2, *ptr;
+       char c = 4;
+
+       dst = (char *)&val;
+       src = &c;
+       *dst = *src;
+
+       ptr = &val2;
+       val2 = val;
+}
+
+static void test_ubsan_misaligned_access(void)
+{
+       volatile char arr[5] __aligned(4) = {1, 2, 3, 4, 5};
+       volatile int *ptr, val = 6;
+
+       ptr = (int *)(arr + 1);
+       *ptr = val;
+}
+
+static void test_ubsan_object_size_mismatch(void)
+{
+       /* "((aligned(8)))" helps this not into be misaligned for ptr-access. */
+       volatile int val __aligned(8) = 4;
+       volatile long long *ptr, val2;
+
+       ptr = (long long *)&val;
+       val2 = *ptr;
+}
+
+static const test_ubsan_fp test_ubsan_array[] = {
+       test_ubsan_out_of_bounds,
+       test_ubsan_add_overflow,
+       test_ubsan_sub_overflow,
+       test_ubsan_mul_overflow,
+       test_ubsan_negate_overflow,
+       test_ubsan_divrem_overflow,
+       test_ubsan_shift_out_of_bounds,
+       test_ubsan_load_invalid_value,
+       test_ubsan_misaligned_access,
+       test_ubsan_object_size_mismatch,
+};
+
+void __kvm_test_ubsan(void)
+{
+       unsigned int i;
+
+       for (i = 0; i < ARRAY_SIZE(test_ubsan_array); i++)
+               test_ubsan_array[i]();
+}
-- 
2.28.0.618.gf4bc123cb7-goog

Reply via email to