1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Written by Dave Hansen <dave.hansen (at) intel.com> 4 */ 5 6 #include <stdlib.h> 7 #include <sys/types.h> 8 #include <unistd.h> 9 #include <stdio.h> 10 #include <errno.h> 11 #include <sys/types.h> 12 #include <sys/stat.h> 13 #include <unistd.h> 14 #include <sys/mman.h> 15 #include <string.h> 16 #include <fcntl.h> 17 #include "mpx-debug.h" 18 #include "mpx-mm.h" 19 #include "mpx-hw.h" 20 21 unsigned long bounds_dir_global; 22 23 #define mpx_dig_abort() __mpx_dig_abort(__FILE__, __func__, __LINE__) 24 static void inline __mpx_dig_abort(const char *file, const char *func, int line) 25 { 26 fprintf(stderr, "MPX dig abort @ %s::%d in %s()\n", file, line, func); 27 printf("MPX dig abort @ %s::%d in %s()\n", file, line, func); 28 abort(); 29 } 30 31 /* 32 * run like this (BDIR finds the probably bounds directory): 33 * 34 * BDIR="$(cat /proc/$pid/smaps | grep -B1 2097152 \ 35 * | head -1 | awk -F- '{print $1}')"; 36 * ./mpx-dig $pid 0x$BDIR 37 * 38 * NOTE: 39 * assumes that the only 2097152-kb VMA is the bounds dir 40 */ 41 42 long nr_incore(void *ptr, unsigned long size_bytes) 43 { 44 int i; 45 long ret = 0; 46 long vec_len = size_bytes / PAGE_SIZE; 47 unsigned char *vec = malloc(vec_len); 48 int incore_ret; 49 50 if (!vec) 51 mpx_dig_abort(); 52 53 incore_ret = mincore(ptr, size_bytes, vec); 54 if (incore_ret) { 55 printf("mincore ret: %d\n", incore_ret); 56 perror("mincore"); 57 mpx_dig_abort(); 58 } 59 for (i = 0; i < vec_len; i++) 60 ret += vec[i]; 61 free(vec); 62 return ret; 63 } 64 65 int open_proc(int pid, char *file) 66 { 67 static char buf[100]; 68 int fd; 69 70 snprintf(&buf[0], sizeof(buf), "/proc/%d/%s", pid, file); 71 fd = open(&buf[0], O_RDONLY); 72 if (fd < 0) 73 perror(buf); 74 75 return fd; 76 } 77 78 struct vaddr_range { 79 unsigned long start; 80 unsigned long end; 81 }; 82 struct vaddr_range *ranges; 83 int nr_ranges_allocated; 84 int nr_ranges_populated; 85 int last_range = -1; 86 87 int __pid_load_vaddrs(int pid) 88 { 89 int ret = 0; 90 int proc_maps_fd = open_proc(pid, "maps"); 91 char linebuf[10000]; 92 unsigned long start; 93 unsigned long end; 94 char rest[1000]; 95 FILE *f = fdopen(proc_maps_fd, "r"); 96 97 if (!f) 98 mpx_dig_abort(); 99 nr_ranges_populated = 0; 100 while (!feof(f)) { 101 char *readret = fgets(linebuf, sizeof(linebuf), f); 102 int parsed; 103 104 if (readret == NULL) { 105 if (feof(f)) 106 break; 107 mpx_dig_abort(); 108 } 109 110 parsed = sscanf(linebuf, "%lx-%lx%s", &start, &end, rest); 111 if (parsed != 3) 112 mpx_dig_abort(); 113 114 dprintf4("result[%d]: %lx-%lx<->%s\n", parsed, start, end, rest); 115 if (nr_ranges_populated >= nr_ranges_allocated) { 116 ret = -E2BIG; 117 break; 118 } 119 ranges[nr_ranges_populated].start = start; 120 ranges[nr_ranges_populated].end = end; 121 nr_ranges_populated++; 122 } 123 last_range = -1; 124 fclose(f); 125 close(proc_maps_fd); 126 return ret; 127 } 128 129 int pid_load_vaddrs(int pid) 130 { 131 int ret; 132 133 dprintf2("%s(%d)\n", __func__, pid); 134 if (!ranges) { 135 nr_ranges_allocated = 4; 136 ranges = malloc(nr_ranges_allocated * sizeof(ranges[0])); 137 dprintf2("%s(%d) allocated %d ranges @ %p\n", __func__, pid, 138 nr_ranges_allocated, ranges); 139 assert(ranges != NULL); 140 } 141 do { 142 ret = __pid_load_vaddrs(pid); 143 if (!ret) 144 break; 145 if (ret == -E2BIG) { 146 dprintf2("%s(%d) need to realloc\n", __func__, pid); 147 nr_ranges_allocated *= 2; 148 ranges = realloc(ranges, 149 nr_ranges_allocated * sizeof(ranges[0])); 150 dprintf2("%s(%d) allocated %d ranges @ %p\n", __func__, 151 pid, nr_ranges_allocated, ranges); 152 assert(ranges != NULL); 153 dprintf1("reallocating to hold %d ranges\n", nr_ranges_allocated); 154 } 155 } while (1); 156 157 dprintf2("%s(%d) done\n", __func__, pid); 158 159 return ret; 160 } 161 162 static inline int vaddr_in_range(unsigned long vaddr, struct vaddr_range *r) 163 { 164 if (vaddr < r->start) 165 return 0; 166 if (vaddr >= r->end) 167 return 0; 168 return 1; 169 } 170 171 static inline int vaddr_mapped_by_range(unsigned long vaddr) 172 { 173 int i; 174 175 if (last_range > 0 && vaddr_in_range(vaddr, &ranges[last_range])) 176 return 1; 177 178 for (i = 0; i < nr_ranges_populated; i++) { 179 struct vaddr_range *r = &ranges[i]; 180 181 if (vaddr_in_range(vaddr, r)) 182 continue; 183 last_range = i; 184 return 1; 185 } 186 return 0; 187 } 188 189 const int bt_entry_size_bytes = sizeof(unsigned long) * 4; 190 191 void *read_bounds_table_into_buf(unsigned long table_vaddr) 192 { 193 #ifdef MPX_DIG_STANDALONE 194 static char bt_buf[MPX_BOUNDS_TABLE_SIZE_BYTES]; 195 off_t seek_ret = lseek(fd, table_vaddr, SEEK_SET); 196 if (seek_ret != table_vaddr) 197 mpx_dig_abort(); 198 199 int read_ret = read(fd, &bt_buf, sizeof(bt_buf)); 200 if (read_ret != sizeof(bt_buf)) 201 mpx_dig_abort(); 202 return &bt_buf; 203 #else 204 return (void *)table_vaddr; 205 #endif 206 } 207 208 int dump_table(unsigned long table_vaddr, unsigned long base_controlled_vaddr, 209 unsigned long bde_vaddr) 210 { 211 unsigned long offset_inside_bt; 212 int nr_entries = 0; 213 int do_abort = 0; 214 char *bt_buf; 215 216 dprintf3("%s() base_controlled_vaddr: 0x%012lx bde_vaddr: 0x%012lx\n", 217 __func__, base_controlled_vaddr, bde_vaddr); 218 219 bt_buf = read_bounds_table_into_buf(table_vaddr); 220 221 dprintf4("%s() read done\n", __func__); 222 223 for (offset_inside_bt = 0; 224 offset_inside_bt < MPX_BOUNDS_TABLE_SIZE_BYTES; 225 offset_inside_bt += bt_entry_size_bytes) { 226 unsigned long bt_entry_index; 227 unsigned long bt_entry_controls; 228 unsigned long this_bt_entry_for_vaddr; 229 unsigned long *bt_entry_buf; 230 int i; 231 232 dprintf4("%s() offset_inside_bt: 0x%lx of 0x%llx\n", __func__, 233 offset_inside_bt, MPX_BOUNDS_TABLE_SIZE_BYTES); 234 bt_entry_buf = (void *)&bt_buf[offset_inside_bt]; 235 if (!bt_buf) { 236 printf("null bt_buf\n"); 237 mpx_dig_abort(); 238 } 239 if (!bt_entry_buf) { 240 printf("null bt_entry_buf\n"); 241 mpx_dig_abort(); 242 } 243 dprintf4("%s() reading *bt_entry_buf @ %p\n", __func__, 244 bt_entry_buf); 245 if (!bt_entry_buf[0] && 246 !bt_entry_buf[1] && 247 !bt_entry_buf[2] && 248 !bt_entry_buf[3]) 249 continue; 250 251 nr_entries++; 252 253 bt_entry_index = offset_inside_bt/bt_entry_size_bytes; 254 bt_entry_controls = sizeof(void *); 255 this_bt_entry_for_vaddr = 256 base_controlled_vaddr + bt_entry_index*bt_entry_controls; 257 /* 258 * We sign extend vaddr bits 48->63 which effectively 259 * creates a hole in the virtual address space. 260 * This calculation corrects for the hole. 261 */ 262 if (this_bt_entry_for_vaddr > 0x00007fffffffffffUL) 263 this_bt_entry_for_vaddr |= 0xffff800000000000; 264 265 if (!vaddr_mapped_by_range(this_bt_entry_for_vaddr)) { 266 printf("bt_entry_buf: %p\n", bt_entry_buf); 267 printf("there is a bte for %lx but no mapping\n", 268 this_bt_entry_for_vaddr); 269 printf(" bde vaddr: %016lx\n", bde_vaddr); 270 printf("base_controlled_vaddr: %016lx\n", base_controlled_vaddr); 271 printf(" table_vaddr: %016lx\n", table_vaddr); 272 printf(" entry vaddr: %016lx @ offset %lx\n", 273 table_vaddr + offset_inside_bt, offset_inside_bt); 274 do_abort = 1; 275 mpx_dig_abort(); 276 } 277 if (DEBUG_LEVEL < 4) 278 continue; 279 280 printf("table entry[%lx]: ", offset_inside_bt); 281 for (i = 0; i < bt_entry_size_bytes; i += sizeof(unsigned long)) 282 printf("0x%016lx ", bt_entry_buf[i]); 283 printf("\n"); 284 } 285 if (do_abort) 286 mpx_dig_abort(); 287 dprintf4("%s() done\n", __func__); 288 return nr_entries; 289 } 290 291 int search_bd_buf(char *buf, int len_bytes, unsigned long bd_offset_bytes, 292 int *nr_populated_bdes) 293 { 294 unsigned long i; 295 int total_entries = 0; 296 297 dprintf3("%s(%p, %x, %lx, ...) buf end: %p\n", __func__, buf, 298 len_bytes, bd_offset_bytes, buf + len_bytes); 299 300 for (i = 0; i < len_bytes; i += sizeof(unsigned long)) { 301 unsigned long bd_index = (bd_offset_bytes + i) / sizeof(unsigned long); 302 unsigned long *bounds_dir_entry_ptr = (unsigned long *)&buf[i]; 303 unsigned long bounds_dir_entry; 304 unsigned long bd_for_vaddr; 305 unsigned long bt_start; 306 unsigned long bt_tail; 307 int nr_entries; 308 309 dprintf4("%s() loop i: %ld bounds_dir_entry_ptr: %p\n", __func__, i, 310 bounds_dir_entry_ptr); 311 312 bounds_dir_entry = *bounds_dir_entry_ptr; 313 if (!bounds_dir_entry) { 314 dprintf4("no bounds dir at index 0x%lx / 0x%lx " 315 "start at offset:%lx %lx\n", bd_index, bd_index, 316 bd_offset_bytes, i); 317 continue; 318 } 319 dprintf3("found bounds_dir_entry: 0x%lx @ " 320 "index 0x%lx buf ptr: %p\n", bounds_dir_entry, i, 321 &buf[i]); 322 /* mask off the enable bit: */ 323 bounds_dir_entry &= ~0x1; 324 (*nr_populated_bdes)++; 325 dprintf4("nr_populated_bdes: %p\n", nr_populated_bdes); 326 dprintf4("*nr_populated_bdes: %d\n", *nr_populated_bdes); 327 328 bt_start = bounds_dir_entry; 329 bt_tail = bounds_dir_entry + MPX_BOUNDS_TABLE_SIZE_BYTES - 1; 330 if (!vaddr_mapped_by_range(bt_start)) { 331 printf("bounds directory 0x%lx points to nowhere\n", 332 bounds_dir_entry); 333 mpx_dig_abort(); 334 } 335 if (!vaddr_mapped_by_range(bt_tail)) { 336 printf("bounds directory end 0x%lx points to nowhere\n", 337 bt_tail); 338 mpx_dig_abort(); 339 } 340 /* 341 * Each bounds directory entry controls 1MB of virtual address 342 * space. This variable is the virtual address in the process 343 * of the beginning of the area controlled by this bounds_dir. 344 */ 345 bd_for_vaddr = bd_index * (1UL<<20); 346 347 nr_entries = dump_table(bounds_dir_entry, bd_for_vaddr, 348 bounds_dir_global+bd_offset_bytes+i); 349 total_entries += nr_entries; 350 dprintf5("dir entry[%4ld @ %p]: 0x%lx %6d entries " 351 "total this buf: %7d bd_for_vaddrs: 0x%lx -> 0x%lx\n", 352 bd_index, buf+i, 353 bounds_dir_entry, nr_entries, total_entries, 354 bd_for_vaddr, bd_for_vaddr + (1UL<<20)); 355 } 356 dprintf3("%s(%p, %x, %lx, ...) done\n", __func__, buf, len_bytes, 357 bd_offset_bytes); 358 return total_entries; 359 } 360 361 int proc_pid_mem_fd = -1; 362 363 void *fill_bounds_dir_buf_other(long byte_offset_inside_bounds_dir, 364 long buffer_size_bytes, void *buffer) 365 { 366 unsigned long seekto = bounds_dir_global + byte_offset_inside_bounds_dir; 367 int read_ret; 368 off_t seek_ret = lseek(proc_pid_mem_fd, seekto, SEEK_SET); 369 370 if (seek_ret != seekto) 371 mpx_dig_abort(); 372 373 read_ret = read(proc_pid_mem_fd, buffer, buffer_size_bytes); 374 /* there shouldn't practically be short reads of /proc/$pid/mem */ 375 if (read_ret != buffer_size_bytes) 376 mpx_dig_abort(); 377 378 return buffer; 379 } 380 void *fill_bounds_dir_buf_self(long byte_offset_inside_bounds_dir, 381 long buffer_size_bytes, void *buffer) 382 383 { 384 unsigned char vec[buffer_size_bytes / PAGE_SIZE]; 385 char *dig_bounds_dir_ptr = 386 (void *)(bounds_dir_global + byte_offset_inside_bounds_dir); 387 /* 388 * use mincore() to quickly find the areas of the bounds directory 389 * that have memory and thus will be worth scanning. 390 */ 391 int incore_ret; 392 393 int incore = 0; 394 int i; 395 396 dprintf4("%s() dig_bounds_dir_ptr: %p\n", __func__, dig_bounds_dir_ptr); 397 398 incore_ret = mincore(dig_bounds_dir_ptr, buffer_size_bytes, &vec[0]); 399 if (incore_ret) { 400 printf("mincore ret: %d\n", incore_ret); 401 perror("mincore"); 402 mpx_dig_abort(); 403 } 404 for (i = 0; i < sizeof(vec); i++) 405 incore += vec[i]; 406 dprintf4("%s() total incore: %d\n", __func__, incore); 407 if (!incore) 408 return NULL; 409 dprintf3("%s() total incore: %d\n", __func__, incore); 410 return dig_bounds_dir_ptr; 411 } 412 413 int inspect_pid(int pid) 414 { 415 static int dig_nr; 416 long offset_inside_bounds_dir; 417 char bounds_dir_buf[sizeof(unsigned long) * (1UL << 15)]; 418 char *dig_bounds_dir_ptr; 419 int total_entries = 0; 420 int nr_populated_bdes = 0; 421 int inspect_self; 422 423 if (getpid() == pid) { 424 dprintf4("inspecting self\n"); 425 inspect_self = 1; 426 } else { 427 dprintf4("inspecting pid %d\n", pid); 428 mpx_dig_abort(); 429 } 430 431 for (offset_inside_bounds_dir = 0; 432 offset_inside_bounds_dir < MPX_BOUNDS_TABLE_SIZE_BYTES; 433 offset_inside_bounds_dir += sizeof(bounds_dir_buf)) { 434 static int bufs_skipped; 435 int this_entries; 436 437 if (inspect_self) { 438 dig_bounds_dir_ptr = 439 fill_bounds_dir_buf_self(offset_inside_bounds_dir, 440 sizeof(bounds_dir_buf), 441 &bounds_dir_buf[0]); 442 } else { 443 dig_bounds_dir_ptr = 444 fill_bounds_dir_buf_other(offset_inside_bounds_dir, 445 sizeof(bounds_dir_buf), 446 &bounds_dir_buf[0]); 447 } 448 if (!dig_bounds_dir_ptr) { 449 bufs_skipped++; 450 continue; 451 } 452 this_entries = search_bd_buf(dig_bounds_dir_ptr, 453 sizeof(bounds_dir_buf), 454 offset_inside_bounds_dir, 455 &nr_populated_bdes); 456 total_entries += this_entries; 457 } 458 printf("mpx dig (%3d) complete, SUCCESS (%8d / %4d)\n", ++dig_nr, 459 total_entries, nr_populated_bdes); 460 return total_entries + nr_populated_bdes; 461 } 462 463 #ifdef MPX_DIG_REMOTE 464 int main(int argc, char **argv) 465 { 466 int err; 467 char *c; 468 unsigned long bounds_dir_entry; 469 int pid; 470 471 printf("mpx-dig starting...\n"); 472 err = sscanf(argv[1], "%d", &pid); 473 printf("parsing: '%s', err: %d\n", argv[1], err); 474 if (err != 1) 475 mpx_dig_abort(); 476 477 err = sscanf(argv[2], "%lx", &bounds_dir_global); 478 printf("parsing: '%s': %d\n", argv[2], err); 479 if (err != 1) 480 mpx_dig_abort(); 481 482 proc_pid_mem_fd = open_proc(pid, "mem"); 483 if (proc_pid_mem_fd < 0) 484 mpx_dig_abort(); 485 486 inspect_pid(pid); 487 return 0; 488 } 489 #endif 490 491 long inspect_me(struct mpx_bounds_dir *bounds_dir) 492 { 493 int pid = getpid(); 494 495 pid_load_vaddrs(pid); 496 bounds_dir_global = (unsigned long)bounds_dir; 497 dprintf4("enter %s() bounds dir: %p\n", __func__, bounds_dir); 498 return inspect_pid(pid); 499 } 500
