1 // SPDX-License-Identifier: GPL-2.0
3 * Tests Memory Protection Keys (see Documentation/core-api/protection-keys.rst)
5 * There are examples in here of:
6 * * how to set protection keys on memory
7 * * how to set/clear bits in pkey registers (the rights register)
8 * * how to handle SEGV_PKUERR signals and extract pkey-relevant
9 * information from the siginfo
12 * make sure KSM and KSM COW breaking works
13 * prefault pages in at malloc, or not
14 * protect MPX bounds tables with protection keys?
15 * make sure VMA splitting/merging is working correctly
16 * OOMs can destroy mm->mmap (see exit_mmap()), so make sure it is immune to pkeys
17 * look for pkey "leaks" where it is still set on a VMA but "freed" back to the kernel
18 * do a plain mprotect() to a mprotect_pkey() area and make sure the pkey sticks
21 * gcc -o protection_keys -O2 -g -std=gnu99 -pthread -Wall protection_keys.c -lrt -ldl -lm
22 * gcc -m32 -o protection_keys_32 -O2 -g -std=gnu99 -pthread -Wall protection_keys.c -lrt -ldl -lm
25 #define __SANE_USERSPACE_TYPES__
27 #include <linux/futex.h>
30 #include <sys/syscall.h>
40 #include <sys/types.h>
45 #include <sys/ptrace.h>
48 #include "pkey-helpers.h"
55 char dprint_in_signal_buffer[DPRINT_IN_SIGNAL_BUF_SIZE];
57 void cat_into_file(char *str, char *file)
59 int fd = open(file, O_RDWR);
62 dprintf2("%s(): writing '%s' to '%s'\n", __func__, str, file);
64 * these need to be raw because they are called under
68 fprintf(stderr, "error opening '%s'\n", str);
73 ret = write(fd, str, strlen(str));
74 if (ret != strlen(str)) {
75 perror("write to file failed");
76 fprintf(stderr, "filename: '%s' str: '%s'\n", file, str);
82 #if CONTROL_TRACING > 0
83 static int warned_tracing;
84 int tracing_root_ok(void)
88 fprintf(stderr, "WARNING: not run as root, "
89 "can not do tracing control\n");
99 #if CONTROL_TRACING > 0
100 #define TRACEDIR "/sys/kernel/debug/tracing"
103 if (!tracing_root_ok())
106 sprintf(pidstr, "%d", getpid());
107 cat_into_file("0", TRACEDIR "/tracing_on");
108 cat_into_file("\n", TRACEDIR "/trace");
110 cat_into_file("function_graph", TRACEDIR "/current_tracer");
111 cat_into_file("1", TRACEDIR "/options/funcgraph-proc");
113 cat_into_file("nop", TRACEDIR "/current_tracer");
115 cat_into_file(pidstr, TRACEDIR "/set_ftrace_pid");
116 cat_into_file("1", TRACEDIR "/tracing_on");
117 dprintf1("enabled tracing\n");
121 void tracing_off(void)
123 #if CONTROL_TRACING > 0
124 if (!tracing_root_ok())
126 cat_into_file("0", "/sys/kernel/debug/tracing/tracing_on");
130 void abort_hooks(void)
132 fprintf(stderr, "running %s()...\n", __func__);
134 #ifdef SLEEP_ON_ABORT
135 sleep(SLEEP_ON_ABORT);
140 * This attempts to have roughly a page of instructions followed by a few
141 * instructions that do a write, and another page of instructions. That
142 * way, we are pretty sure that the write is in the second page of
143 * instructions and has at least a page of padding behind it.
145 * *That* lets us be sure to madvise() away the write instruction, which
146 * will then fault, which makes sure that the fault code handles
147 * execute-only memory properly.
150 /* This way, both 4K and 64K alignment are maintained */
151 __attribute__((__aligned__(65536)))
153 __attribute__((__aligned__(PAGE_SIZE)))
155 void lots_o_noops_around_write(int *write_to_me)
157 dprintf3("running %s()\n", __func__);
159 /* Assume this happens in the second page of instructions: */
160 *write_to_me = __LINE__;
161 /* pad out by another page: */
163 dprintf3("%s() done\n", __func__);
166 void dump_mem(void *dumpme, int len_bytes)
168 char *c = (void *)dumpme;
171 for (i = 0; i < len_bytes; i += sizeof(u64)) {
172 u64 *ptr = (u64 *)(c + i);
173 dprintf1("dump[%03d][@%p]: %016llx\n", i, ptr, *ptr);
177 static u32 hw_pkey_get(int pkey, unsigned long flags)
179 u64 pkey_reg = __read_pkey_reg();
181 dprintf1("%s(pkey=%d, flags=%lx) = %x / %d\n",
182 __func__, pkey, flags, 0, 0);
183 dprintf2("%s() raw pkey_reg: %016llx\n", __func__, pkey_reg);
185 return (u32) get_pkey_bits(pkey_reg, pkey);
188 static int hw_pkey_set(int pkey, unsigned long rights, unsigned long flags)
190 u32 mask = (PKEY_DISABLE_ACCESS|PKEY_DISABLE_WRITE);
191 u64 old_pkey_reg = __read_pkey_reg();
194 /* make sure that 'rights' only contains the bits we expect: */
195 assert(!(rights & ~mask));
197 /* modify bits accordingly in old pkey_reg and assign it */
198 new_pkey_reg = set_pkey_bits(old_pkey_reg, pkey, rights);
200 __write_pkey_reg(new_pkey_reg);
202 dprintf3("%s(pkey=%d, rights=%lx, flags=%lx) = %x"
203 " pkey_reg now: %016llx old_pkey_reg: %016llx\n",
204 __func__, pkey, rights, flags, 0, __read_pkey_reg(),
209 void pkey_disable_set(int pkey, int flags)
211 unsigned long syscall_flags = 0;
214 u64 orig_pkey_reg = read_pkey_reg();
216 dprintf1("START->%s(%d, 0x%x)\n", __func__,
218 pkey_assert(flags & (PKEY_DISABLE_ACCESS | PKEY_DISABLE_WRITE));
220 pkey_rights = hw_pkey_get(pkey, syscall_flags);
222 dprintf1("%s(%d) hw_pkey_get(%d): %x\n", __func__,
223 pkey, pkey, pkey_rights);
225 pkey_assert(pkey_rights >= 0);
227 pkey_rights |= flags;
229 ret = hw_pkey_set(pkey, pkey_rights, syscall_flags);
231 /* pkey_reg and flags have the same format */
232 shadow_pkey_reg = set_pkey_bits(shadow_pkey_reg, pkey, pkey_rights);
233 dprintf1("%s(%d) shadow: 0x%016llx\n",
234 __func__, pkey, shadow_pkey_reg);
236 pkey_assert(ret >= 0);
238 pkey_rights = hw_pkey_get(pkey, syscall_flags);
239 dprintf1("%s(%d) hw_pkey_get(%d): %x\n", __func__,
240 pkey, pkey, pkey_rights);
242 dprintf1("%s(%d) pkey_reg: 0x%016llx\n",
243 __func__, pkey, read_pkey_reg());
245 pkey_assert(read_pkey_reg() >= orig_pkey_reg);
246 dprintf1("END<---%s(%d, 0x%x)\n", __func__,
250 void pkey_disable_clear(int pkey, int flags)
252 unsigned long syscall_flags = 0;
254 int pkey_rights = hw_pkey_get(pkey, syscall_flags);
255 u64 orig_pkey_reg = read_pkey_reg();
257 pkey_assert(flags & (PKEY_DISABLE_ACCESS | PKEY_DISABLE_WRITE));
259 dprintf1("%s(%d) hw_pkey_get(%d): %x\n", __func__,
260 pkey, pkey, pkey_rights);
261 pkey_assert(pkey_rights >= 0);
263 pkey_rights &= ~flags;
265 ret = hw_pkey_set(pkey, pkey_rights, 0);
266 shadow_pkey_reg = set_pkey_bits(shadow_pkey_reg, pkey, pkey_rights);
267 pkey_assert(ret >= 0);
269 pkey_rights = hw_pkey_get(pkey, syscall_flags);
270 dprintf1("%s(%d) hw_pkey_get(%d): %x\n", __func__,
271 pkey, pkey, pkey_rights);
273 dprintf1("%s(%d) pkey_reg: 0x%016llx\n", __func__,
274 pkey, read_pkey_reg());
276 assert(read_pkey_reg() <= orig_pkey_reg);
279 void pkey_write_allow(int pkey)
281 pkey_disable_clear(pkey, PKEY_DISABLE_WRITE);
283 void pkey_write_deny(int pkey)
285 pkey_disable_set(pkey, PKEY_DISABLE_WRITE);
287 void pkey_access_allow(int pkey)
289 pkey_disable_clear(pkey, PKEY_DISABLE_ACCESS);
291 void pkey_access_deny(int pkey)
293 pkey_disable_set(pkey, PKEY_DISABLE_ACCESS);
296 /* Failed address bound checks: */
298 # define SEGV_BNDERR 3
302 # define SEGV_PKUERR 4
305 static char *si_code_str(int si_code)
307 if (si_code == SEGV_MAPERR)
308 return "SEGV_MAPERR";
309 if (si_code == SEGV_ACCERR)
310 return "SEGV_ACCERR";
311 if (si_code == SEGV_BNDERR)
312 return "SEGV_BNDERR";
313 if (si_code == SEGV_PKUERR)
314 return "SEGV_PKUERR";
319 int last_si_pkey = -1;
320 void signal_handler(int signum, siginfo_t *si, void *vucontext)
322 ucontext_t *uctxt = vucontext;
326 #if defined(__i386__) || defined(__x86_64__) /* arch */
333 dprint_in_signal = 1;
334 dprintf1(">>>>===============SIGSEGV============================\n");
335 dprintf1("%s()::%d, pkey_reg: 0x%016llx shadow: %016llx\n",
337 __read_pkey_reg(), shadow_pkey_reg);
339 trapno = uctxt->uc_mcontext.gregs[REG_TRAPNO];
340 ip = uctxt->uc_mcontext.gregs[REG_IP_IDX];
341 fpregs = (char *) uctxt->uc_mcontext.fpregs;
343 dprintf2("%s() trapno: %d ip: 0x%016lx info->si_code: %s/%d\n",
344 __func__, trapno, ip, si_code_str(si->si_code),
347 #if defined(__i386__) || defined(__x86_64__) /* arch */
350 * 32-bit has some extra padding so that userspace can tell whether
351 * the XSTATE header is present in addition to the "legacy" FPU
352 * state. We just assume that it is here.
356 pkey_reg_offset = pkey_reg_xstate_offset();
357 pkey_reg_ptr = (void *)(&fpregs[pkey_reg_offset]);
360 * If we got a PKEY fault, we *HAVE* to have at least one bit set in
363 dprintf1("pkey_reg_xstate_offset: %d\n", pkey_reg_xstate_offset());
365 dump_mem(pkey_reg_ptr - 128, 256);
366 pkey_assert(*pkey_reg_ptr);
369 dprintf1("siginfo: %p\n", si);
370 dprintf1(" fpregs: %p\n", fpregs);
372 if ((si->si_code == SEGV_MAPERR) ||
373 (si->si_code == SEGV_ACCERR) ||
374 (si->si_code == SEGV_BNDERR)) {
375 printf("non-PK si_code, exiting...\n");
379 si_pkey_ptr = siginfo_get_pkey_ptr(si);
380 dprintf1("si_pkey_ptr: %p\n", si_pkey_ptr);
381 dump_mem((u8 *)si_pkey_ptr - 8, 24);
382 siginfo_pkey = *si_pkey_ptr;
383 pkey_assert(siginfo_pkey < NR_PKEYS);
384 last_si_pkey = siginfo_pkey;
387 * need __read_pkey_reg() version so we do not do shadow_pkey_reg
390 dprintf1("signal pkey_reg from pkey_reg: %016llx\n",
392 dprintf1("pkey from siginfo: %016llx\n", siginfo_pkey);
393 #if defined(__i386__) || defined(__x86_64__) /* arch */
394 dprintf1("signal pkey_reg from xsave: %08x\n", *pkey_reg_ptr);
395 *(u64 *)pkey_reg_ptr = 0x00000000;
396 dprintf1("WARNING: set PKEY_REG=0 to allow faulting instruction to continue\n");
397 #elif defined(__powerpc64__) /* arch */
398 /* restore access and let the faulting instruction continue */
399 pkey_access_allow(siginfo_pkey);
402 dprintf1("<<<<==================================================\n");
403 dprint_in_signal = 0;
406 int wait_all_children(void)
409 return waitpid(-1, &status, 0);
414 dprint_in_signal = 1;
415 dprintf2("[%d] SIGCHLD: %d\n", getpid(), x);
416 dprint_in_signal = 0;
419 void setup_sigsegv_handler(void)
422 struct sigaction newact;
423 struct sigaction oldact;
425 /* #PF is mapped to sigsegv */
426 int signum = SIGSEGV;
428 newact.sa_handler = 0;
429 newact.sa_sigaction = signal_handler;
431 /*sigset_t - signals to block while in the handler */
432 /* get the old signal mask. */
433 rs = sigprocmask(SIG_SETMASK, 0, &newact.sa_mask);
434 pkey_assert(rs == 0);
436 /* call sa_sigaction, not sa_handler*/
437 newact.sa_flags = SA_SIGINFO;
439 newact.sa_restorer = 0; /* void(*)(), obsolete */
440 r = sigaction(signum, &newact, &oldact);
441 r = sigaction(SIGALRM, &newact, &oldact);
445 void setup_handlers(void)
447 signal(SIGCHLD, &sig_chld);
448 setup_sigsegv_handler();
451 pid_t fork_lazy_child(void)
456 pkey_assert(forkret >= 0);
457 dprintf3("[%d] fork() ret: %d\n", getpid(), forkret);
462 dprintf1("child sleeping...\n");
469 int sys_mprotect_pkey(void *ptr, size_t size, unsigned long orig_prot,
474 dprintf2("%s(0x%p, %zx, prot=%lx, pkey=%lx)\n", __func__,
475 ptr, size, orig_prot, pkey);
478 sret = syscall(SYS_mprotect_key, ptr, size, orig_prot, pkey);
480 dprintf2("SYS_mprotect_key sret: %d\n", sret);
481 dprintf2("SYS_mprotect_key prot: 0x%lx\n", orig_prot);
482 dprintf2("SYS_mprotect_key failed, errno: %d\n", errno);
483 if (DEBUG_LEVEL >= 2)
484 perror("SYS_mprotect_pkey");
489 int sys_pkey_alloc(unsigned long flags, unsigned long init_val)
491 int ret = syscall(SYS_pkey_alloc, flags, init_val);
492 dprintf1("%s(flags=%lx, init_val=%lx) syscall ret: %d errno: %d\n",
493 __func__, flags, init_val, ret, errno);
500 unsigned long init_val = 0x0;
502 dprintf1("%s()::%d, pkey_reg: 0x%016llx shadow: %016llx\n",
503 __func__, __LINE__, __read_pkey_reg(), shadow_pkey_reg);
504 ret = sys_pkey_alloc(0, init_val);
506 * pkey_alloc() sets PKEY register, so we need to reflect it in
509 dprintf4("%s()::%d, ret: %d pkey_reg: 0x%016llx"
510 " shadow: 0x%016llx\n",
511 __func__, __LINE__, ret, __read_pkey_reg(),
514 /* clear both the bits: */
515 shadow_pkey_reg = set_pkey_bits(shadow_pkey_reg, ret,
517 dprintf4("%s()::%d, ret: %d pkey_reg: 0x%016llx"
518 " shadow: 0x%016llx\n",
520 __LINE__, ret, __read_pkey_reg(),
523 * move the new state in from init_val
524 * (remember, we cheated and init_val == pkey_reg format)
526 shadow_pkey_reg = set_pkey_bits(shadow_pkey_reg, ret,
529 dprintf4("%s()::%d, ret: %d pkey_reg: 0x%016llx"
530 " shadow: 0x%016llx\n",
531 __func__, __LINE__, ret, __read_pkey_reg(),
533 dprintf1("%s()::%d errno: %d\n", __func__, __LINE__, errno);
534 /* for shadow checking: */
536 dprintf4("%s()::%d, ret: %d pkey_reg: 0x%016llx"
537 " shadow: 0x%016llx\n",
538 __func__, __LINE__, ret, __read_pkey_reg(),
543 int sys_pkey_free(unsigned long pkey)
545 int ret = syscall(SYS_pkey_free, pkey);
546 dprintf1("%s(pkey=%ld) syscall ret: %d\n", __func__, pkey, ret);
551 * I had a bug where pkey bits could be set by mprotect() but
552 * not cleared. This ensures we get lots of random bit sets
553 * and clears on the vma and pte pkey bits.
555 int alloc_random_pkey(void)
557 int max_nr_pkey_allocs;
560 int alloced_pkeys[NR_PKEYS];
563 memset(alloced_pkeys, 0, sizeof(alloced_pkeys));
565 /* allocate every possible key and make a note of which ones we got */
566 max_nr_pkey_allocs = NR_PKEYS;
567 for (i = 0; i < max_nr_pkey_allocs; i++) {
568 int new_pkey = alloc_pkey();
571 alloced_pkeys[nr_alloced++] = new_pkey;
574 pkey_assert(nr_alloced > 0);
575 /* select a random one out of the allocated ones */
576 random_index = rand() % nr_alloced;
577 ret = alloced_pkeys[random_index];
578 /* now zero it out so we don't free it next */
579 alloced_pkeys[random_index] = 0;
581 /* go through the allocated ones that we did not want and free them */
582 for (i = 0; i < nr_alloced; i++) {
584 if (!alloced_pkeys[i])
586 free_ret = sys_pkey_free(alloced_pkeys[i]);
587 pkey_assert(!free_ret);
589 dprintf1("%s()::%d, ret: %d pkey_reg: 0x%016llx"
590 " shadow: 0x%016llx\n", __func__,
591 __LINE__, ret, __read_pkey_reg(), shadow_pkey_reg);
595 int mprotect_pkey(void *ptr, size_t size, unsigned long orig_prot,
598 int nr_iterations = random() % 100;
602 int rpkey = alloc_random_pkey();
603 ret = sys_mprotect_pkey(ptr, size, orig_prot, pkey);
604 dprintf1("sys_mprotect_pkey(%p, %zx, prot=0x%lx, pkey=%ld) ret: %d\n",
605 ptr, size, orig_prot, pkey, ret);
606 if (nr_iterations-- < 0)
609 dprintf1("%s()::%d, ret: %d pkey_reg: 0x%016llx"
610 " shadow: 0x%016llx\n",
611 __func__, __LINE__, ret, __read_pkey_reg(),
613 sys_pkey_free(rpkey);
614 dprintf1("%s()::%d, ret: %d pkey_reg: 0x%016llx"
615 " shadow: 0x%016llx\n",
616 __func__, __LINE__, ret, __read_pkey_reg(),
619 pkey_assert(pkey < NR_PKEYS);
621 ret = sys_mprotect_pkey(ptr, size, orig_prot, pkey);
622 dprintf1("mprotect_pkey(%p, %zx, prot=0x%lx, pkey=%ld) ret: %d\n",
623 ptr, size, orig_prot, pkey, ret);
625 dprintf1("%s()::%d, ret: %d pkey_reg: 0x%016llx"
626 " shadow: 0x%016llx\n", __func__,
627 __LINE__, ret, __read_pkey_reg(), shadow_pkey_reg);
631 struct pkey_malloc_record {
636 struct pkey_malloc_record *pkey_malloc_records;
637 struct pkey_malloc_record *pkey_last_malloc_record;
638 long nr_pkey_malloc_records;
639 void record_pkey_malloc(void *ptr, long size, int prot)
642 struct pkey_malloc_record *rec = NULL;
644 for (i = 0; i < nr_pkey_malloc_records; i++) {
645 rec = &pkey_malloc_records[i];
646 /* find a free record */
651 /* every record is full */
652 size_t old_nr_records = nr_pkey_malloc_records;
653 size_t new_nr_records = (nr_pkey_malloc_records * 2 + 1);
654 size_t new_size = new_nr_records * sizeof(struct pkey_malloc_record);
655 dprintf2("new_nr_records: %zd\n", new_nr_records);
656 dprintf2("new_size: %zd\n", new_size);
657 pkey_malloc_records = realloc(pkey_malloc_records, new_size);
658 pkey_assert(pkey_malloc_records != NULL);
659 rec = &pkey_malloc_records[nr_pkey_malloc_records];
661 * realloc() does not initialize memory, so zero it from
662 * the first new record all the way to the end.
664 for (i = 0; i < new_nr_records - old_nr_records; i++)
665 memset(rec + i, 0, sizeof(*rec));
667 dprintf3("filling malloc record[%d/%p]: {%p, %ld}\n",
668 (int)(rec - pkey_malloc_records), rec, ptr, size);
672 pkey_last_malloc_record = rec;
673 nr_pkey_malloc_records++;
676 void free_pkey_malloc(void *ptr)
680 dprintf3("%s(%p)\n", __func__, ptr);
681 for (i = 0; i < nr_pkey_malloc_records; i++) {
682 struct pkey_malloc_record *rec = &pkey_malloc_records[i];
683 dprintf4("looking for ptr %p at record[%ld/%p]: {%p, %ld}\n",
684 ptr, i, rec, rec->ptr, rec->size);
685 if ((ptr < rec->ptr) ||
686 (ptr >= rec->ptr + rec->size))
689 dprintf3("found ptr %p at record[%ld/%p]: {%p, %ld}\n",
690 ptr, i, rec, rec->ptr, rec->size);
691 nr_pkey_malloc_records--;
692 ret = munmap(rec->ptr, rec->size);
693 dprintf3("munmap ret: %d\n", ret);
695 dprintf3("clearing rec->ptr, rec: %p\n", rec);
697 dprintf3("done clearing rec->ptr, rec: %p\n", rec);
704 void *malloc_pkey_with_mprotect(long size, int prot, u16 pkey)
710 dprintf1("doing %s(size=%ld, prot=0x%x, pkey=%d)\n", __func__,
712 pkey_assert(pkey < NR_PKEYS);
713 ptr = mmap(NULL, size, prot, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
714 pkey_assert(ptr != (void *)-1);
715 ret = mprotect_pkey((void *)ptr, PAGE_SIZE, prot, pkey);
717 record_pkey_malloc(ptr, size, prot);
720 dprintf1("%s() for pkey %d @ %p\n", __func__, pkey, ptr);
724 void *malloc_pkey_anon_huge(long size, int prot, u16 pkey)
729 dprintf1("doing %s(size=%ld, prot=0x%x, pkey=%d)\n", __func__,
732 * Guarantee we can fit at least one huge page in the resulting
733 * allocation by allocating space for 2:
735 size = ALIGN_UP(size, HPAGE_SIZE * 2);
736 ptr = mmap(NULL, size, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
737 pkey_assert(ptr != (void *)-1);
738 record_pkey_malloc(ptr, size, prot);
739 mprotect_pkey(ptr, size, prot, pkey);
741 dprintf1("unaligned ptr: %p\n", ptr);
742 ptr = ALIGN_PTR_UP(ptr, HPAGE_SIZE);
743 dprintf1(" aligned ptr: %p\n", ptr);
744 ret = madvise(ptr, HPAGE_SIZE, MADV_HUGEPAGE);
745 dprintf1("MADV_HUGEPAGE ret: %d\n", ret);
746 ret = madvise(ptr, HPAGE_SIZE, MADV_WILLNEED);
747 dprintf1("MADV_WILLNEED ret: %d\n", ret);
748 memset(ptr, 0, HPAGE_SIZE);
750 dprintf1("mmap()'d thp for pkey %d @ %p\n", pkey, ptr);
754 int hugetlb_setup_ok;
755 #define SYSFS_FMT_NR_HUGE_PAGES "/sys/kernel/mm/hugepages/hugepages-%ldkB/nr_hugepages"
756 #define GET_NR_HUGE_PAGES 10
757 void setup_hugetlbfs(void)
765 if (geteuid() != 0) {
766 fprintf(stderr, "WARNING: not run as root, can not do hugetlb test\n");
770 cat_into_file(__stringify(GET_NR_HUGE_PAGES), "/proc/sys/vm/nr_hugepages");
773 * Now go make sure that we got the pages and that they
774 * are PMD-level pages. Someone might have made PUD-level
777 hpagesz_kb = HPAGE_SIZE / 1024;
778 hpagesz_mb = hpagesz_kb / 1024;
779 sprintf(buf, SYSFS_FMT_NR_HUGE_PAGES, hpagesz_kb);
780 fd = open(buf, O_RDONLY);
782 fprintf(stderr, "opening sysfs %ldM hugetlb config: %s\n",
783 hpagesz_mb, strerror(errno));
787 /* -1 to guarantee leaving the trailing \0 */
788 err = read(fd, buf, sizeof(buf)-1);
791 fprintf(stderr, "reading sysfs %ldM hugetlb config: %s\n",
792 hpagesz_mb, strerror(errno));
796 if (atoi(buf) != GET_NR_HUGE_PAGES) {
797 fprintf(stderr, "could not confirm %ldM pages, got: '%s' expected %d\n",
798 hpagesz_mb, buf, GET_NR_HUGE_PAGES);
802 hugetlb_setup_ok = 1;
805 void *malloc_pkey_hugetlb(long size, int prot, u16 pkey)
808 int flags = MAP_ANONYMOUS|MAP_PRIVATE|MAP_HUGETLB;
810 if (!hugetlb_setup_ok)
811 return PTR_ERR_ENOTSUP;
813 dprintf1("doing %s(%ld, %x, %x)\n", __func__, size, prot, pkey);
814 size = ALIGN_UP(size, HPAGE_SIZE * 2);
815 pkey_assert(pkey < NR_PKEYS);
816 ptr = mmap(NULL, size, PROT_NONE, flags, -1, 0);
817 pkey_assert(ptr != (void *)-1);
818 mprotect_pkey(ptr, size, prot, pkey);
820 record_pkey_malloc(ptr, size, prot);
822 dprintf1("mmap()'d hugetlbfs for pkey %d @ %p\n", pkey, ptr);
826 void *malloc_pkey_mmap_dax(long size, int prot, u16 pkey)
831 dprintf1("doing %s(size=%ld, prot=0x%x, pkey=%d)\n", __func__,
833 pkey_assert(pkey < NR_PKEYS);
834 fd = open("/dax/foo", O_RDWR);
835 pkey_assert(fd >= 0);
837 ptr = mmap(0, size, prot, MAP_SHARED, fd, 0);
838 pkey_assert(ptr != (void *)-1);
840 mprotect_pkey(ptr, size, prot, pkey);
842 record_pkey_malloc(ptr, size, prot);
844 dprintf1("mmap()'d for pkey %d @ %p\n", pkey, ptr);
849 void *(*pkey_malloc[])(long size, int prot, u16 pkey) = {
851 malloc_pkey_with_mprotect,
852 malloc_pkey_with_mprotect_subpage,
853 malloc_pkey_anon_huge,
855 /* can not do direct with the pkey_mprotect() API:
856 malloc_pkey_mmap_direct,
857 malloc_pkey_mmap_dax,
861 void *malloc_pkey(long size, int prot, u16 pkey)
864 static int malloc_type;
865 int nr_malloc_types = ARRAY_SIZE(pkey_malloc);
867 pkey_assert(pkey < NR_PKEYS);
870 pkey_assert(malloc_type < nr_malloc_types);
872 ret = pkey_malloc[malloc_type](size, prot, pkey);
873 pkey_assert(ret != (void *)-1);
876 if (malloc_type >= nr_malloc_types)
877 malloc_type = (random()%nr_malloc_types);
879 /* try again if the malloc_type we tried is unsupported */
880 if (ret == PTR_ERR_ENOTSUP)
886 dprintf3("%s(%ld, prot=%x, pkey=%x) returning: %p\n", __func__,
887 size, prot, pkey, ret);
891 int last_pkey_faults;
892 #define UNKNOWN_PKEY -2
893 void expected_pkey_fault(int pkey)
895 dprintf2("%s(): last_pkey_faults: %d pkey_faults: %d\n",
896 __func__, last_pkey_faults, pkey_faults);
897 dprintf2("%s(%d): last_si_pkey: %d\n", __func__, pkey, last_si_pkey);
898 pkey_assert(last_pkey_faults + 1 == pkey_faults);
901 * For exec-only memory, we do not know the pkey in
902 * advance, so skip this check.
904 if (pkey != UNKNOWN_PKEY)
905 pkey_assert(last_si_pkey == pkey);
907 #if defined(__i386__) || defined(__x86_64__) /* arch */
909 * The signal handler shold have cleared out PKEY register to let the
910 * test program continue. We now have to restore it.
912 if (__read_pkey_reg() != 0)
914 if (__read_pkey_reg() != shadow_pkey_reg)
918 __write_pkey_reg(shadow_pkey_reg);
919 dprintf1("%s() set pkey_reg=%016llx to restore state after signal "
920 "nuked it\n", __func__, shadow_pkey_reg);
921 last_pkey_faults = pkey_faults;
925 #define do_not_expect_pkey_fault(msg) do { \
926 if (last_pkey_faults != pkey_faults) \
927 dprintf0("unexpected PKey fault: %s\n", msg); \
928 pkey_assert(last_pkey_faults == pkey_faults); \
931 int test_fds[10] = { -1 };
933 void __save_test_fd(int fd)
935 pkey_assert(fd >= 0);
936 pkey_assert(nr_test_fds < ARRAY_SIZE(test_fds));
937 test_fds[nr_test_fds] = fd;
941 int get_test_read_fd(void)
943 int test_fd = open("/etc/passwd", O_RDONLY);
944 __save_test_fd(test_fd);
948 void close_test_fds(void)
952 for (i = 0; i < nr_test_fds; i++) {
961 #define barrier() __asm__ __volatile__("": : :"memory")
962 __attribute__((noinline)) int read_ptr(int *ptr)
965 * Keep GCC from optimizing this away somehow
971 void test_pkey_alloc_free_attach_pkey0(int *ptr, u16 pkey)
974 int max_nr_pkey_allocs;
975 int alloced_pkeys[NR_PKEYS];
979 pkey_assert(pkey_last_malloc_record);
980 size = pkey_last_malloc_record->size;
982 * This is a bit of a hack. But mprotect() requires
983 * huge-page-aligned sizes when operating on hugetlbfs.
984 * So, make sure that we use something that's a multiple
985 * of a huge page when we can.
987 if (size >= HPAGE_SIZE)
990 /* allocate every possible key and make sure key-0 never got allocated */
991 max_nr_pkey_allocs = NR_PKEYS;
992 for (i = 0; i < max_nr_pkey_allocs; i++) {
993 int new_pkey = alloc_pkey();
994 pkey_assert(new_pkey != 0);
998 alloced_pkeys[nr_alloced++] = new_pkey;
1000 /* free all the allocated keys */
1001 for (i = 0; i < nr_alloced; i++) {
1004 if (!alloced_pkeys[i])
1006 free_ret = sys_pkey_free(alloced_pkeys[i]);
1007 pkey_assert(!free_ret);
1010 /* attach key-0 in various modes */
1011 err = sys_mprotect_pkey(ptr, size, PROT_READ, 0);
1013 err = sys_mprotect_pkey(ptr, size, PROT_WRITE, 0);
1015 err = sys_mprotect_pkey(ptr, size, PROT_EXEC, 0);
1017 err = sys_mprotect_pkey(ptr, size, PROT_READ|PROT_WRITE, 0);
1019 err = sys_mprotect_pkey(ptr, size, PROT_READ|PROT_WRITE|PROT_EXEC, 0);
1023 void test_read_of_write_disabled_region(int *ptr, u16 pkey)
1027 dprintf1("disabling write access to PKEY[1], doing read\n");
1028 pkey_write_deny(pkey);
1029 ptr_contents = read_ptr(ptr);
1030 dprintf1("*ptr: %d\n", ptr_contents);
1033 void test_read_of_access_disabled_region(int *ptr, u16 pkey)
1037 dprintf1("disabling access to PKEY[%02d], doing read @ %p\n", pkey, ptr);
1039 pkey_access_deny(pkey);
1040 ptr_contents = read_ptr(ptr);
1041 dprintf1("*ptr: %d\n", ptr_contents);
1042 expected_pkey_fault(pkey);
1045 void test_read_of_access_disabled_region_with_page_already_mapped(int *ptr,
1050 dprintf1("disabling access to PKEY[%02d], doing read @ %p\n",
1052 ptr_contents = read_ptr(ptr);
1053 dprintf1("reading ptr before disabling the read : %d\n",
1056 pkey_access_deny(pkey);
1057 ptr_contents = read_ptr(ptr);
1058 dprintf1("*ptr: %d\n", ptr_contents);
1059 expected_pkey_fault(pkey);
1062 void test_write_of_write_disabled_region_with_page_already_mapped(int *ptr,
1066 dprintf1("disabling write access; after accessing the page, "
1067 "to PKEY[%02d], doing write\n", pkey);
1068 pkey_write_deny(pkey);
1070 expected_pkey_fault(pkey);
1073 void test_write_of_write_disabled_region(int *ptr, u16 pkey)
1075 dprintf1("disabling write access to PKEY[%02d], doing write\n", pkey);
1076 pkey_write_deny(pkey);
1078 expected_pkey_fault(pkey);
1080 void test_write_of_access_disabled_region(int *ptr, u16 pkey)
1082 dprintf1("disabling access to PKEY[%02d], doing write\n", pkey);
1083 pkey_access_deny(pkey);
1085 expected_pkey_fault(pkey);
1088 void test_write_of_access_disabled_region_with_page_already_mapped(int *ptr,
1092 dprintf1("disabling access; after accessing the page, "
1093 " to PKEY[%02d], doing write\n", pkey);
1094 pkey_access_deny(pkey);
1096 expected_pkey_fault(pkey);
1099 void test_kernel_write_of_access_disabled_region(int *ptr, u16 pkey)
1102 int test_fd = get_test_read_fd();
1104 dprintf1("disabling access to PKEY[%02d], "
1105 "having kernel read() to buffer\n", pkey);
1106 pkey_access_deny(pkey);
1107 ret = read(test_fd, ptr, 1);
1108 dprintf1("read ret: %d\n", ret);
1111 void test_kernel_write_of_write_disabled_region(int *ptr, u16 pkey)
1114 int test_fd = get_test_read_fd();
1116 pkey_write_deny(pkey);
1117 ret = read(test_fd, ptr, 100);
1118 dprintf1("read ret: %d\n", ret);
1119 if (ret < 0 && (DEBUG_LEVEL > 0))
1120 perror("verbose read result (OK for this to be bad)");
1124 void test_kernel_gup_of_access_disabled_region(int *ptr, u16 pkey)
1126 int pipe_ret, vmsplice_ret;
1130 pipe_ret = pipe(pipe_fds);
1132 pkey_assert(pipe_ret == 0);
1133 dprintf1("disabling access to PKEY[%02d], "
1134 "having kernel vmsplice from buffer\n", pkey);
1135 pkey_access_deny(pkey);
1137 iov.iov_len = PAGE_SIZE;
1138 vmsplice_ret = vmsplice(pipe_fds[1], &iov, 1, SPLICE_F_GIFT);
1139 dprintf1("vmsplice() ret: %d\n", vmsplice_ret);
1140 pkey_assert(vmsplice_ret == -1);
1146 void test_kernel_gup_write_to_write_disabled_region(int *ptr, u16 pkey)
1148 int ignored = 0xdada;
1150 int some_int = __LINE__;
1152 dprintf1("disabling write to PKEY[%02d], "
1153 "doing futex gunk in buffer\n", pkey);
1155 pkey_write_deny(pkey);
1156 futex_ret = syscall(SYS_futex, ptr, FUTEX_WAIT, some_int-1, NULL,
1158 if (DEBUG_LEVEL > 0)
1160 dprintf1("futex() ret: %d\n", futex_ret);
1163 /* Assumes that all pkeys other than 'pkey' are unallocated */
1164 void test_pkey_syscalls_on_non_allocated_pkey(int *ptr, u16 pkey)
1169 /* Note: 0 is the default pkey, so don't mess with it */
1170 for (i = 1; i < NR_PKEYS; i++) {
1174 dprintf1("trying get/set/free to non-allocated pkey: %2d\n", i);
1175 err = sys_pkey_free(i);
1178 err = sys_pkey_free(i);
1181 err = sys_mprotect_pkey(ptr, PAGE_SIZE, PROT_READ, i);
1186 /* Assumes that all pkeys other than 'pkey' are unallocated */
1187 void test_pkey_syscalls_bad_args(int *ptr, u16 pkey)
1190 int bad_pkey = NR_PKEYS+99;
1192 /* pass a known-invalid pkey in: */
1193 err = sys_mprotect_pkey(ptr, PAGE_SIZE, PROT_READ, bad_pkey);
1197 void become_child(void)
1202 pkey_assert(forkret >= 0);
1203 dprintf3("[%d] fork() ret: %d\n", getpid(), forkret);
1212 /* Assumes that all pkeys other than 'pkey' are unallocated */
1213 void test_pkey_alloc_exhaust(int *ptr, u16 pkey)
1216 int allocated_pkeys[NR_PKEYS] = {0};
1217 int nr_allocated_pkeys = 0;
1220 for (i = 0; i < NR_PKEYS*3; i++) {
1222 dprintf1("%s() alloc loop: %d\n", __func__, i);
1223 new_pkey = alloc_pkey();
1224 dprintf4("%s()::%d, err: %d pkey_reg: 0x%016llx"
1225 " shadow: 0x%016llx\n",
1226 __func__, __LINE__, err, __read_pkey_reg(),
1228 read_pkey_reg(); /* for shadow checking */
1229 dprintf2("%s() errno: %d ENOSPC: %d\n", __func__, errno, ENOSPC);
1230 if ((new_pkey == -1) && (errno == ENOSPC)) {
1231 dprintf2("%s() failed to allocate pkey after %d tries\n",
1232 __func__, nr_allocated_pkeys);
1235 * Ensure the number of successes never
1236 * exceeds the number of keys supported
1239 pkey_assert(nr_allocated_pkeys < NR_PKEYS);
1240 allocated_pkeys[nr_allocated_pkeys++] = new_pkey;
1244 * Make sure that allocation state is properly
1245 * preserved across fork().
1247 if (i == NR_PKEYS*2)
1251 dprintf3("%s()::%d\n", __func__, __LINE__);
1255 * There are 16 pkeys supported in hardware. Three are
1256 * allocated by the time we get here:
1257 * 1. The default key (0)
1258 * 2. One possibly consumed by an execute-only mapping.
1259 * 3. One allocated by the test code and passed in via
1260 * 'pkey' to this function.
1261 * Ensure that we can allocate at least another 13 (16-3).
1264 * There are either 5, 28, 29 or 32 pkeys supported in
1265 * hardware depending on the page size (4K or 64K) and
1266 * platform (powernv or powervm). Four are allocated by
1267 * the time we get here. These include pkey-0, pkey-1,
1268 * exec-only pkey and the one allocated by the test code.
1269 * Ensure that we can allocate the remaining.
1271 pkey_assert(i >= (NR_PKEYS - get_arch_reserved_keys() - 1));
1273 for (i = 0; i < nr_allocated_pkeys; i++) {
1274 err = sys_pkey_free(allocated_pkeys[i]);
1276 read_pkey_reg(); /* for shadow checking */
1281 * pkey 0 is special. It is allocated by default, so you do not
1282 * have to call pkey_alloc() to use it first. Make sure that it
1285 void test_mprotect_with_pkey_0(int *ptr, u16 pkey)
1290 assert(pkey_last_malloc_record);
1291 size = pkey_last_malloc_record->size;
1293 * This is a bit of a hack. But mprotect() requires
1294 * huge-page-aligned sizes when operating on hugetlbfs.
1295 * So, make sure that we use something that's a multiple
1296 * of a huge page when we can.
1298 if (size >= HPAGE_SIZE)
1300 prot = pkey_last_malloc_record->prot;
1303 mprotect_pkey(ptr, size, prot, 0);
1305 /* Make sure that we can set it back to the original pkey. */
1306 mprotect_pkey(ptr, size, prot, pkey);
1309 void test_ptrace_of_child(int *ptr, u16 pkey)
1311 __attribute__((__unused__)) int peek_result;
1317 * This is the "control" for our little expermient. Make sure
1318 * we can always access it when ptracing.
1320 int *plain_ptr_unaligned = malloc(HPAGE_SIZE);
1321 int *plain_ptr = ALIGN_PTR_UP(plain_ptr_unaligned, PAGE_SIZE);
1324 * Fork a child which is an exact copy of this process, of course.
1325 * That means we can do all of our tests via ptrace() and then plain
1326 * memory access and ensure they work differently.
1328 child_pid = fork_lazy_child();
1329 dprintf1("[%d] child pid: %d\n", getpid(), child_pid);
1331 ret = ptrace(PTRACE_ATTACH, child_pid, ignored, ignored);
1334 dprintf1("[%d] attach ret: %ld %d\n", getpid(), ret, __LINE__);
1335 pkey_assert(ret != -1);
1336 ret = waitpid(child_pid, &status, WUNTRACED);
1337 if ((ret != child_pid) || !(WIFSTOPPED(status))) {
1338 fprintf(stderr, "weird waitpid result %ld stat %x\n",
1342 dprintf2("waitpid ret: %ld\n", ret);
1343 dprintf2("waitpid status: %d\n", status);
1345 pkey_access_deny(pkey);
1346 pkey_write_deny(pkey);
1348 /* Write access, untested for now:
1349 ret = ptrace(PTRACE_POKEDATA, child_pid, peek_at, data);
1350 pkey_assert(ret != -1);
1351 dprintf1("poke at %p: %ld\n", peek_at, ret);
1355 * Try to access the pkey-protected "ptr" via ptrace:
1357 ret = ptrace(PTRACE_PEEKDATA, child_pid, ptr, ignored);
1358 /* expect it to work, without an error: */
1359 pkey_assert(ret != -1);
1360 /* Now access from the current task, and expect an exception: */
1361 peek_result = read_ptr(ptr);
1362 expected_pkey_fault(pkey);
1365 * Try to access the NON-pkey-protected "plain_ptr" via ptrace:
1367 ret = ptrace(PTRACE_PEEKDATA, child_pid, plain_ptr, ignored);
1368 /* expect it to work, without an error: */
1369 pkey_assert(ret != -1);
1370 /* Now access from the current task, and expect NO exception: */
1371 peek_result = read_ptr(plain_ptr);
1372 do_not_expect_pkey_fault("read plain pointer after ptrace");
1374 ret = ptrace(PTRACE_DETACH, child_pid, ignored, 0);
1375 pkey_assert(ret != -1);
1377 ret = kill(child_pid, SIGKILL);
1378 pkey_assert(ret != -1);
1382 free(plain_ptr_unaligned);
1385 void *get_pointer_to_instructions(void)
1389 p1 = ALIGN_PTR_UP(&lots_o_noops_around_write, PAGE_SIZE);
1390 dprintf3("&lots_o_noops: %p\n", &lots_o_noops_around_write);
1391 /* lots_o_noops_around_write should be page-aligned already */
1392 assert(p1 == &lots_o_noops_around_write);
1394 /* Point 'p1' at the *second* page of the function: */
1398 * Try to ensure we fault this in on next touch to ensure
1399 * we get an instruction fault as opposed to a data one
1401 madvise(p1, PAGE_SIZE, MADV_DONTNEED);
1406 void test_executing_on_unreadable_memory(int *ptr, u16 pkey)
1413 p1 = get_pointer_to_instructions();
1414 lots_o_noops_around_write(&scratch);
1415 ptr_contents = read_ptr(p1);
1416 dprintf2("ptr (%p) contents@%d: %x\n", p1, __LINE__, ptr_contents);
1418 ret = mprotect_pkey(p1, PAGE_SIZE, PROT_EXEC, (u64)pkey);
1420 pkey_access_deny(pkey);
1422 dprintf2("pkey_reg: %016llx\n", read_pkey_reg());
1425 * Make sure this is an *instruction* fault
1427 madvise(p1, PAGE_SIZE, MADV_DONTNEED);
1428 lots_o_noops_around_write(&scratch);
1429 do_not_expect_pkey_fault("executing on PROT_EXEC memory");
1430 expect_fault_on_read_execonly_key(p1, pkey);
1433 void test_implicit_mprotect_exec_only_memory(int *ptr, u16 pkey)
1440 dprintf1("%s() start\n", __func__);
1442 p1 = get_pointer_to_instructions();
1443 lots_o_noops_around_write(&scratch);
1444 ptr_contents = read_ptr(p1);
1445 dprintf2("ptr (%p) contents@%d: %x\n", p1, __LINE__, ptr_contents);
1447 /* Use a *normal* mprotect(), not mprotect_pkey(): */
1448 ret = mprotect(p1, PAGE_SIZE, PROT_EXEC);
1452 * Reset the shadow, assuming that the above mprotect()
1453 * correctly changed PKRU, but to an unknown value since
1454 * the actual alllocated pkey is unknown.
1456 shadow_pkey_reg = __read_pkey_reg();
1458 dprintf2("pkey_reg: %016llx\n", read_pkey_reg());
1460 /* Make sure this is an *instruction* fault */
1461 madvise(p1, PAGE_SIZE, MADV_DONTNEED);
1462 lots_o_noops_around_write(&scratch);
1463 do_not_expect_pkey_fault("executing on PROT_EXEC memory");
1464 expect_fault_on_read_execonly_key(p1, UNKNOWN_PKEY);
1467 * Put the memory back to non-PROT_EXEC. Should clear the
1468 * exec-only pkey off the VMA and allow it to be readable
1469 * again. Go to PROT_NONE first to check for a kernel bug
1470 * that did not clear the pkey when doing PROT_NONE.
1472 ret = mprotect(p1, PAGE_SIZE, PROT_NONE);
1475 ret = mprotect(p1, PAGE_SIZE, PROT_READ|PROT_EXEC);
1477 ptr_contents = read_ptr(p1);
1478 do_not_expect_pkey_fault("plain read on recently PROT_EXEC area");
1481 void test_mprotect_pkey_on_unsupported_cpu(int *ptr, u16 pkey)
1483 int size = PAGE_SIZE;
1486 if (cpu_has_pkeys()) {
1487 dprintf1("SKIP: %s: no CPU support\n", __func__);
1491 sret = syscall(SYS_mprotect_key, ptr, size, PROT_READ, pkey);
1492 pkey_assert(sret < 0);
1495 void (*pkey_tests[])(int *ptr, u16 pkey) = {
1496 test_read_of_write_disabled_region,
1497 test_read_of_access_disabled_region,
1498 test_read_of_access_disabled_region_with_page_already_mapped,
1499 test_write_of_write_disabled_region,
1500 test_write_of_write_disabled_region_with_page_already_mapped,
1501 test_write_of_access_disabled_region,
1502 test_write_of_access_disabled_region_with_page_already_mapped,
1503 test_kernel_write_of_access_disabled_region,
1504 test_kernel_write_of_write_disabled_region,
1505 test_kernel_gup_of_access_disabled_region,
1506 test_kernel_gup_write_to_write_disabled_region,
1507 test_executing_on_unreadable_memory,
1508 test_implicit_mprotect_exec_only_memory,
1509 test_mprotect_with_pkey_0,
1510 test_ptrace_of_child,
1511 test_pkey_syscalls_on_non_allocated_pkey,
1512 test_pkey_syscalls_bad_args,
1513 test_pkey_alloc_exhaust,
1514 test_pkey_alloc_free_attach_pkey0,
1517 void run_tests_once(void)
1520 int prot = PROT_READ|PROT_WRITE;
1522 for (test_nr = 0; test_nr < ARRAY_SIZE(pkey_tests); test_nr++) {
1524 int orig_pkey_faults = pkey_faults;
1526 dprintf1("======================\n");
1527 dprintf1("test %d preparing...\n", test_nr);
1530 pkey = alloc_random_pkey();
1531 dprintf1("test %d starting with pkey: %d\n", test_nr, pkey);
1532 ptr = malloc_pkey(PAGE_SIZE, prot, pkey);
1533 dprintf1("test %d starting...\n", test_nr);
1534 pkey_tests[test_nr](ptr, pkey);
1535 dprintf1("freeing test memory: %p\n", ptr);
1536 free_pkey_malloc(ptr);
1537 sys_pkey_free(pkey);
1539 dprintf1("pkey_faults: %d\n", pkey_faults);
1540 dprintf1("orig_pkey_faults: %d\n", orig_pkey_faults);
1545 printf("test %2d PASSED (iteration %d)\n", test_nr, iteration_nr);
1546 dprintf1("======================\n\n");
1551 void pkey_setup_shadow(void)
1553 shadow_pkey_reg = __read_pkey_reg();
1558 int nr_iterations = 22;
1559 int pkeys_supported = is_pkeys_supported();
1561 srand((unsigned int)time(NULL));
1565 printf("has pkeys: %d\n", pkeys_supported);
1567 if (!pkeys_supported) {
1568 int size = PAGE_SIZE;
1571 printf("running PKEY tests for unsupported CPU/OS\n");
1573 ptr = mmap(NULL, size, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
1574 assert(ptr != (void *)-1);
1575 test_mprotect_pkey_on_unsupported_cpu(ptr, 1);
1579 pkey_setup_shadow();
1580 printf("startup pkey_reg: %016llx\n", read_pkey_reg());
1583 while (nr_iterations-- > 0)
1586 printf("done (all tests OK)\n");