// Copyright 2018 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package mm import ( "testing" "gvisor.googlesource.com/gvisor/pkg/sentry/arch" "gvisor.googlesource.com/gvisor/pkg/sentry/context" "gvisor.googlesource.com/gvisor/pkg/sentry/context/contexttest" "gvisor.googlesource.com/gvisor/pkg/sentry/limits" "gvisor.googlesource.com/gvisor/pkg/sentry/memmap" "gvisor.googlesource.com/gvisor/pkg/sentry/pgalloc" "gvisor.googlesource.com/gvisor/pkg/sentry/platform" "gvisor.googlesource.com/gvisor/pkg/sentry/usermem" "gvisor.googlesource.com/gvisor/pkg/syserror" ) func testMemoryManager(ctx context.Context) *MemoryManager { p := platform.FromContext(ctx) mfp := pgalloc.MemoryFileProviderFromContext(ctx) mm := NewMemoryManager(p, mfp) mm.layout = arch.MmapLayout{ MinAddr: p.MinUserAddress(), MaxAddr: p.MaxUserAddress(), BottomUpBase: p.MinUserAddress(), TopDownBase: p.MaxUserAddress(), } return mm } func (mm *MemoryManager) realUsageAS() uint64 { return uint64(mm.vmas.Span()) } func TestUsageASUpdates(t *testing.T) { ctx := contexttest.Context(t) mm := testMemoryManager(ctx) defer mm.DecUsers(ctx) addr, err := mm.MMap(ctx, memmap.MMapOpts{ Length: 2 * usermem.PageSize, }) if err != nil { t.Fatalf("MMap got err %v want nil", err) } realUsage := mm.realUsageAS() if mm.usageAS != realUsage { t.Fatalf("usageAS believes %v bytes are mapped; %v bytes are actually mapped", mm.usageAS, realUsage) } mm.MUnmap(ctx, addr, usermem.PageSize) realUsage = mm.realUsageAS() if mm.usageAS != realUsage { t.Fatalf("usageAS believes %v bytes are mapped; %v bytes are actually mapped", mm.usageAS, realUsage) } } func TestBrkDataLimitUpdates(t *testing.T) { limitSet := limits.NewLimitSet() limitSet.Set(limits.Data, limits.Limit{}) // zero RLIMIT_DATA ctx := contexttest.WithLimitSet(contexttest.Context(t), limitSet) mm := testMemoryManager(ctx) defer mm.DecUsers(ctx) // Try to extend the brk by one page and expect doing so to fail. oldBrk, _ := mm.Brk(ctx, 0) if newBrk, _ := mm.Brk(ctx, oldBrk+usermem.PageSize); newBrk != oldBrk { t.Errorf("brk() increased data segment above RLIMIT_DATA (old brk = %#x, new brk = %#x", oldBrk, newBrk) } } // TestIOAfterUnmap ensures that IO fails after unmap. func TestIOAfterUnmap(t *testing.T) { ctx := contexttest.Context(t) mm := testMemoryManager(ctx) defer mm.DecUsers(ctx) addr, err := mm.MMap(ctx, memmap.MMapOpts{ Length: usermem.PageSize, Private: true, Perms: usermem.Read, MaxPerms: usermem.AnyAccess, }) if err != nil { t.Fatalf("MMap got err %v want nil", err) } // IO works before munmap. b := make([]byte, 1) n, err := mm.CopyIn(ctx, addr, b, usermem.IOOpts{}) if err != nil { t.Errorf("CopyIn got err %v want nil", err) } if n != 1 { t.Errorf("CopyIn got %d want 1", n) } err = mm.MUnmap(ctx, addr, usermem.PageSize) if err != nil { t.Fatalf("MUnmap got err %v want nil", err) } n, err = mm.CopyIn(ctx, addr, b, usermem.IOOpts{}) if err != syserror.EFAULT { t.Errorf("CopyIn got err %v want EFAULT", err) } if n != 0 { t.Errorf("CopyIn got %d want 0", n) } } // TestIOAfterMProtect tests IO interaction with mprotect permissions. func TestIOAfterMProtect(t *testing.T) { ctx := contexttest.Context(t) mm := testMemoryManager(ctx) defer mm.DecUsers(ctx) addr, err := mm.MMap(ctx, memmap.MMapOpts{ Length: usermem.PageSize, Private: true, Perms: usermem.ReadWrite, MaxPerms: usermem.AnyAccess, }) if err != nil { t.Fatalf("MMap got err %v want nil", err) } // Writing works before mprotect. b := make([]byte, 1) n, err := mm.CopyOut(ctx, addr, b, usermem.IOOpts{}) if err != nil { t.Errorf("CopyOut got err %v want nil", err) } if n != 1 { t.Errorf("CopyOut got %d want 1", n) } err = mm.MProtect(addr, usermem.PageSize, usermem.Read, false) if err != nil { t.Errorf("MProtect got err %v want nil", err) } // Without IgnorePermissions, CopyOut should no longer succeed. n, err = mm.CopyOut(ctx, addr, b, usermem.IOOpts{}) if err != syserror.EFAULT { t.Errorf("CopyOut got err %v want EFAULT", err) } if n != 0 { t.Errorf("CopyOut got %d want 0", n) } // With IgnorePermissions, CopyOut should succeed despite mprotect. n, err = mm.CopyOut(ctx, addr, b, usermem.IOOpts{ IgnorePermissions: true, }) if err != nil { t.Errorf("CopyOut got err %v want nil", err) } if n != 1 { t.Errorf("CopyOut got %d want 1", n) } }