Add a selftest to verify that converting a shared guest_memfd page to a private page fails if the page has an elevated reference count. When KVM converts a shared page to a private one, it expects the page to have a reference count equal to the reference counts taken by the filemap. If another kernel subsystem holds a reference to the page, for example via pin_user_pages(), the conversion must be aborted. This test uses vmsplice to increment the refcount of a specific page. The reference is kept on the page by not reading data out from vmsplice's destination pipe. It then attempts to convert a range of pages, including the page with elevated refcount, from shared to private. The test asserts that both bulk and single-page conversion attempts correctly fail with EAGAIN for the pinned page. After the page is unpinned, the test verifies that subsequent conversions succeed. Signed-off-by: Ackerley Tng Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- .../kvm/guest_memfd_conversions_test.c | 78 +++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/tools/testing/selftests/kvm/guest_memfd_conversions_test.c b/tools/testing/selftests/kvm/guest_memfd_conversions_test.c index c1a9cc7c9fae..872747432545 100644 --- a/tools/testing/selftests/kvm/guest_memfd_conversions_test.c +++ b/tools/testing/selftests/kvm/guest_memfd_conversions_test.c @@ -396,6 +396,84 @@ GMEM_CONVERSION_TEST_INIT_SHARED(forked_accesses) kvm_munmap(test_state, sizeof(*test_state)); } +static int pin_pipe[2] = { -1, -1 }; + +static void pin_pages(void *vaddr, uint64_t size) +{ + struct iovec iov = { + .iov_base = vaddr, + .iov_len = size, + }; + + if (pin_pipe[1] < 0) + TEST_ASSERT_EQ(pipe(pin_pipe), 0); + + TEST_ASSERT_EQ(vmsplice(pin_pipe[1], &iov, 1, 0), size); +} + +static void unpin_pages(void) +{ + close(pin_pipe[1]); + pin_pipe[1] = -1; + close(pin_pipe[0]); + pin_pipe[0] = -1; +} + +static void test_convert_to_private_fails(test_data_t *t, loff_t pgoff, + size_t nr_pages, + loff_t expected_error_offset) +{ + loff_t offset = pgoff * page_size; + loff_t error_offset = -1ul; + int ret; + + do { + ret = __gmem_set_private(t->gmem_fd, offset, + nr_pages * page_size, &error_offset); + } while (ret == -1 && errno == EINTR); + TEST_ASSERT(ret == -1 && errno == EAGAIN, + "Wanted EAGAIN on page %lu, got %d (ret = %d)", pgoff, + errno, ret); + TEST_ASSERT_EQ(error_offset, expected_error_offset); +} + +GMEM_CONVERSION_MULTIPAGE_TEST_INIT_SHARED(elevated_refcount, 4) +{ + int i; + + pin_pages(t->mem + test_page * page_size, page_size); + + for (i = 0; i < nr_pages; i++) + test_shared(t, i, 0, 'A', 'B'); + + /* + * Converting in bulk should fail as long any page in the range has + * unexpected refcounts. + */ + test_convert_to_private_fails(t, 0, nr_pages, test_page * page_size); + + for (i = 0; i < nr_pages; i++) { + /* + * Converting page-wise should also fail as long any page in the + * range has unexpected refcounts. + */ + if (i == test_page) + test_convert_to_private_fails(t, i, 1, test_page * page_size); + else + test_convert_to_private(t, i, 'B', 'C'); + } + + unpin_pages(); + + gmem_set_private(t->gmem_fd, 0, nr_pages * page_size); + + for (i = 0; i < nr_pages; i++) { + char expected = i == test_page ? 'B' : 'C'; + + test_private(t, i, expected, 'D'); + } +} + int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM)); -- 2.53.0.rc1.225.gd81095ad13-goog