[PATCH 10/10] selftests/x86: Check restoring FPU state with larger xstate_size

[Andrei Vagin]

Add two new test cases to sigframe_fpu_portability.c:

The first test case (test_larger_xstate_size) verifies that the kernel
can restore FPU state from a signal frame that has xstate_size larger
than the current task's fpstate->user_size, but the buffer doesn't
contain states of any unsupported features. This test case emulates a
case when a process is migrated from a newer cpu to an older cpu, but
the process doesn't use any unsupported features.

The second test case (test_unsupported_xfeatures) verifies that the
kernel correctly rejects restoring FPU state from a signal frame if it
contains states of any unsupported features.

Signed-off-by: Andrei Vagin <avagin@xxxxxxxxxx>
---
 .../selftests/x86/sigframe_fpu_portability.c  | 129 +++++++++++++++++-
 1 file changed, 128 insertions(+), 1 deletion(-)

diff --git a/tools/testing/selftests/x86/sigframe_fpu_portability.c b/tools/testing/selftests/x86/sigframe_fpu_portability.c
index 462219905303..b349efcf05c3 100644
--- a/tools/testing/selftests/x86/sigframe_fpu_portability.c
+++ b/tools/testing/selftests/x86/sigframe_fpu_portability.c
@@ -27,6 +27,14 @@
  * - test_insufficient_xstate_size:
  *   Verifies that the kernel rejects a frame if xstate_size is too small for
  *   the features enabled in xfeatures.
+ *
+ * - test_larger_xstate_size:
+ *   Verifies that the kernel restores state from a frame with xstate_size
+ *   larger than the current task's size, if no unsupported features are active.
+ *
+ * - test_unsupported_xfeatures:
+ *   Verifies that the kernel rejects a frame if it contains unsupported
+ *   features in the xsave header.
  */
 
 #define SIGFRAME_XSTATE_HDR_OFFSET	512
@@ -203,15 +211,134 @@ static void test_insufficient_xstate_size(void)
 	clearhandler(SIGSEGV);
 }
 
+static char fpu_buffer[8192] __attribute__((aligned(64)));
+#define UNSUPPORTED_XFEATURE (1ULL<<62)
+
+static void __handle_larger_xstate_size(int sig, siginfo_t *si, void *ucp, bool mod_xhdr)
+{
+	ucontext_t *uc = ucp;
+	void *fp = uc->uc_mcontext.fpregs;
+	struct _fpx_sw_bytes *sw = get_fpx_sw_bytes(fp);
+	size_t copy_size;
+	uint64_t *ymmh_p, xfeatures;
+	struct xsave_buffer *xbuf;
+
+	if (sw->magic1 != FP_XSTATE_MAGIC1) {
+		sig_print("magic1 is not valid\n");
+		return;
+	}
+
+	copy_size = sw->xstate_size;
+	if (copy_size > sizeof(fpu_buffer)) {
+		sig_print("fpu_buffer is too small\n");
+		return;
+	}
+
+	memset(fpu_buffer, 0, sizeof(fpu_buffer));
+	memcpy(fpu_buffer, fp, copy_size);
+
+	xbuf = (struct xsave_buffer *)fpu_buffer;
+	sw = get_fpx_sw_bytes(fpu_buffer);
+
+	sw->xstate_size += 64;
+	sw->extended_size += 64;
+	xfeatures = get_fpx_sw_bytes_features(xbuf);
+	set_fpx_sw_bytes_features(fpu_buffer, xfeatures | UNSUPPORTED_XFEATURE);
+
+	*(uint32_t *)((char *)fpu_buffer + sw->xstate_size) = FP_XSTATE_MAGIC2;
+
+	if (mod_xhdr) {
+		xfeatures = get_xstatebv(xbuf);
+		set_xstatebv(xbuf, xfeatures | UNSUPPORTED_XFEATURE);
+	}
+
+	ymmh_p = (uint64_t *)(fpu_buffer + ymm_offset);
+	ymmh_p[0] = TEST_YMMH_VAL;
+	ymmh_p[1] = TEST_YMMH_VAL + 1;
+
+	/* Update fpregs to point to the new buffer */
+	uc->uc_mcontext.fpregs = (fpregset_t)fpu_buffer;
+}
+
+static void handle_larger_xstate_size(int sig, siginfo_t *si, void *ucp)
+{
+	__handle_larger_xstate_size(sig, si, ucp, false);
+}
+
+static void test_larger_xstate_size(void)
+{
+	uint64_t v[4] = {0, 0, 0, 0};
+
+	sig_err_buf[0] = 0;
+	sethandler(SIGUSR1, handle_larger_xstate_size, 0);
+
+	v[0] = 0x1111111111111111ULL;
+	v[1] = 0x2222222222222222ULL;
+	v[2] = 0x3333333333333333ULL;
+	v[3] = 0x4444444444444444ULL;
+	write_ymm0(v);
+
+	raise(SIGUSR1);
+	v[0] = v[1] = v[2] = v[3] = 0;
+	read_ymm0(v);
+
+	if (sig_err_buf[0])
+		ksft_test_result_fail("%s\n", sig_err_buf);
+	else if (v[2] == TEST_YMMH_VAL && v[3] == TEST_YMMH_VAL + 1)
+		ksft_test_result_pass("YMM state restored correctly with larger xstate_size\n");
+	else
+		ksft_test_result_fail(
+				"Got upper bits: 0x%lx 0x%lx (expected %lx %lx)\n",
+			       v[2], v[3], TEST_YMMH_VAL, TEST_YMMH_VAL + 1);
+
+	clearhandler(SIGUSR1);
+}
+
+static void handle_unsupported_xfeatures(int sig, siginfo_t *si, void *ucp)
+{
+	__handle_larger_xstate_size(sig, si, ucp, true);
+}
+
+static void test_unsupported_xfeatures(void)
+{
+	uint64_t v[4] = {0, 0, 0, 0};
+
+	sig_err_buf[0] = 0;
+
+	sethandler(SIGUSR1, handle_unsupported_xfeatures, 0);
+	sethandler(SIGSEGV, handle_segv, 0);
+
+	v[0] = 0x1111111111111111ULL;
+	v[1] = 0x2222222222222222ULL;
+	v[2] = 0x3333333333333333ULL;
+	v[3] = 0x4444444444444444ULL;
+	write_ymm0(v);
+
+	if (sigsetjmp(segv_jmpbuf, 1) == 0) {
+		raise(SIGUSR1);
+		sig_print("raise(SIGUSR1) returned (expected SIGSEGV)\n");
+	}
+
+	clearhandler(SIGUSR1);
+	clearhandler(SIGSEGV);
+
+	if (sig_err_buf[0])
+		ksft_test_result_fail("%s\n", sig_err_buf);
+	else
+		ksft_test_result_pass("Unsupported feature in xsave header triggered SIGSEGV\n");
+}
+
 int main(void)
 {
 	ksft_print_header();
-	ksft_set_plan(2);
+	ksft_set_plan(4);
 
 	check_avx_support();
 
 	test_shrunk_xstate_size();
 	test_insufficient_xstate_size();
+	test_larger_xstate_size();
+	test_unsupported_xfeatures();
 
 	ksft_finished();
 	return 0;
-- 
2.54.0.1189.g8c84645362-goog