[LTP] [PATCH v3 0/2] Add mseal() testing suite

[LTP] [PATCH v3 0/2] Add mseal() testing suite

[Andrea Cervesato]

Smoke test for mseal() syscall added in the kernel 6.10. All information
can be found at the following link:

https://docs.kernel.org/userspace-api/mseal.html

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
Changes in v3:
- move memory allocation inside the child
- Link to v2: https://lore.kernel.org/r/20240723-mseal-v2-0-5aa872d611bc@suse.com

Changes in v2:
- don't use TST_ABI32 var anymore, but let tst_syscall handling ENOSYS 
- call protection key syscalls via tst_syscall
- Link to v1: https://lore.kernel.org/r/20240610-mseal-v1-0-f659b9e97efa@suse.com

---
Andrea Cervesato (2):
      Add mseal() syscall declaration
      Add mseal01 test

 include/lapi/syscalls/aarch64.in           |   1 +
 include/lapi/syscalls/arc.in               |   1 +
 include/lapi/syscalls/arm.in               |   1 +
 include/lapi/syscalls/hppa.in              |   1 +
 include/lapi/syscalls/i386.in              |   1 +
 include/lapi/syscalls/ia64.in              |   1 +
 include/lapi/syscalls/loongarch.in         |   1 +
 include/lapi/syscalls/mips_n32.in          |   1 +
 include/lapi/syscalls/mips_n64.in          |   1 +
 include/lapi/syscalls/mips_o32.in          |   1 +
 include/lapi/syscalls/powerpc.in           |   1 +
 include/lapi/syscalls/powerpc64.in         |   1 +
 include/lapi/syscalls/s390.in              |   1 +
 include/lapi/syscalls/s390x.in             |   1 +
 include/lapi/syscalls/sh.in                |   1 +
 include/lapi/syscalls/sparc.in             |   1 +
 include/lapi/syscalls/sparc64.in           |   1 +
 include/lapi/syscalls/x86_64.in            |   1 +
 testcases/kernel/syscalls/mseal/.gitignore |   1 +
 testcases/kernel/syscalls/mseal/Makefile   |   7 ++
 testcases/kernel/syscalls/mseal/mseal01.c  | 156 +++++++++++++++++++++++++++++
 21 files changed, 182 insertions(+)
---
base-commit: 8422d4680b21e6576da63c677b5d49f46b477df0
change-id: 20240607-mseal-dfac12675096

Best regards,
-- 
Andrea Cervesato <andrea.cervesato@suse.com>


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v3 1/2] Add mseal() syscall declaration

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

---
 include/lapi/syscalls/aarch64.in   | 1 +
 include/lapi/syscalls/arc.in       | 1 +
 include/lapi/syscalls/arm.in       | 1 +
 include/lapi/syscalls/hppa.in      | 1 +
 include/lapi/syscalls/i386.in      | 1 +
 include/lapi/syscalls/ia64.in      | 1 +
 include/lapi/syscalls/loongarch.in | 1 +
 include/lapi/syscalls/mips_n32.in  | 1 +
 include/lapi/syscalls/mips_n64.in  | 1 +
 include/lapi/syscalls/mips_o32.in  | 1 +
 include/lapi/syscalls/powerpc.in   | 1 +
 include/lapi/syscalls/powerpc64.in | 1 +
 include/lapi/syscalls/s390.in      | 1 +
 include/lapi/syscalls/s390x.in     | 1 +
 include/lapi/syscalls/sh.in        | 1 +
 include/lapi/syscalls/sparc.in     | 1 +
 include/lapi/syscalls/sparc64.in   | 1 +
 include/lapi/syscalls/x86_64.in    | 1 +
 18 files changed, 18 insertions(+)

diff --git a/include/lapi/syscalls/aarch64.in b/include/lapi/syscalls/aarch64.in
index ef0aa04a3..d1ff7c081 100644
--- a/include/lapi/syscalls/aarch64.in
+++ b/include/lapi/syscalls/aarch64.in
@@ -301,4 +301,5 @@ landlock_add_rule 445
 landlock_restrict_self 446
 futex_waitv 449
 cachestat 451
+mseal 462
 _sysctl 1078
diff --git a/include/lapi/syscalls/arc.in b/include/lapi/syscalls/arc.in
index 3eaa6a8f1..265329cbe 100644
--- a/include/lapi/syscalls/arc.in
+++ b/include/lapi/syscalls/arc.in
@@ -321,3 +321,4 @@ landlock_add_rule 445
 landlock_restrict_self 446
 futex_waitv 449
 cachestat 451
+mseal 462
diff --git a/include/lapi/syscalls/arm.in b/include/lapi/syscalls/arm.in
index b52a32b6b..b49590268 100644
--- a/include/lapi/syscalls/arm.in
+++ b/include/lapi/syscalls/arm.in
@@ -400,3 +400,4 @@ landlock_restrict_self (__NR_SYSCALL_BASE+446)
 memfd_secret (__NR_SYSCALL_BASE+447)
 futex_waitv (__NR_SYSCALL_BASE+449)
 cachestat (__NR_SYSCALL_BASE+451)
+mseal (__NR_SYSCALL_BASE+462)
diff --git a/include/lapi/syscalls/hppa.in b/include/lapi/syscalls/hppa.in
index 4919ee65d..9a8832248 100644
--- a/include/lapi/syscalls/hppa.in
+++ b/include/lapi/syscalls/hppa.in
@@ -48,3 +48,4 @@ landlock_add_rule 445
 landlock_restrict_self 446
 futex_waitv 449
 cachestat 451
+mseal 462
diff --git a/include/lapi/syscalls/i386.in b/include/lapi/syscalls/i386.in
index cff40957a..59c97b9b8 100644
--- a/include/lapi/syscalls/i386.in
+++ b/include/lapi/syscalls/i386.in
@@ -435,3 +435,4 @@ landlock_add_rule 445
 landlock_restrict_self 446
 futex_waitv 449
 cachestat 451
+mseal 462
diff --git a/include/lapi/syscalls/ia64.in b/include/lapi/syscalls/ia64.in
index 11d4b46f4..f08a268e8 100644
--- a/include/lapi/syscalls/ia64.in
+++ b/include/lapi/syscalls/ia64.in
@@ -348,3 +348,4 @@ landlock_add_rule 1469
 landlock_restrict_self 1470
 futex_waitv 1473
 cachestat 1475
+mseal 1486
diff --git a/include/lapi/syscalls/loongarch.in b/include/lapi/syscalls/loongarch.in
index 9bf6a7deb..29acad012 100644
--- a/include/lapi/syscalls/loongarch.in
+++ b/include/lapi/syscalls/loongarch.in
@@ -306,3 +306,4 @@ process_mrelease 448
 futex_waitv 449
 set_mempolicy_home_node 450
 cachestat 451
+mseal 462
diff --git a/include/lapi/syscalls/mips_n32.in b/include/lapi/syscalls/mips_n32.in
index a76c82593..260e01518 100644
--- a/include/lapi/syscalls/mips_n32.in
+++ b/include/lapi/syscalls/mips_n32.in
@@ -375,3 +375,4 @@ landlock_add_rule 6445
 landlock_restrict_self 6446
 futex_waitv 6449
 cachestat 6451
+mseal 6462
diff --git a/include/lapi/syscalls/mips_n64.in b/include/lapi/syscalls/mips_n64.in
index df991efd5..83da993ad 100644
--- a/include/lapi/syscalls/mips_n64.in
+++ b/include/lapi/syscalls/mips_n64.in
@@ -351,3 +351,4 @@ landlock_add_rule 5445
 landlock_restrict_self 5446
 futex_waitv 5449
 cachestat 5451
+mseal 5462
diff --git a/include/lapi/syscalls/mips_o32.in b/include/lapi/syscalls/mips_o32.in
index 826b7d66e..3589e0337 100644
--- a/include/lapi/syscalls/mips_o32.in
+++ b/include/lapi/syscalls/mips_o32.in
@@ -421,3 +421,4 @@ landlock_add_rule 4445
 landlock_restrict_self 4446
 futex_waitv 4449
 cachestat 4451
+mseal 4462
diff --git a/include/lapi/syscalls/powerpc.in b/include/lapi/syscalls/powerpc.in
index 798ed9050..e39e6b69c 100644
--- a/include/lapi/syscalls/powerpc.in
+++ b/include/lapi/syscalls/powerpc.in
@@ -428,3 +428,4 @@ landlock_add_rule 445
 landlock_restrict_self 446
 futex_waitv 449
 cachestat 451
+mseal 462
diff --git a/include/lapi/syscalls/powerpc64.in b/include/lapi/syscalls/powerpc64.in
index 798ed9050..e39e6b69c 100644
--- a/include/lapi/syscalls/powerpc64.in
+++ b/include/lapi/syscalls/powerpc64.in
@@ -428,3 +428,4 @@ landlock_add_rule 445
 landlock_restrict_self 446
 futex_waitv 449
 cachestat 451
+mseal 462
diff --git a/include/lapi/syscalls/s390.in b/include/lapi/syscalls/s390.in
index 126938095..d3426c88f 100644
--- a/include/lapi/syscalls/s390.in
+++ b/include/lapi/syscalls/s390.in
@@ -415,3 +415,4 @@ landlock_add_rule 445
 landlock_restrict_self 446
 futex_waitv 449
 cachestat 451
+mseal 462
diff --git a/include/lapi/syscalls/s390x.in b/include/lapi/syscalls/s390x.in
index 18f2496a0..02df53322 100644
--- a/include/lapi/syscalls/s390x.in
+++ b/include/lapi/syscalls/s390x.in
@@ -363,3 +363,4 @@ landlock_add_rule 445
 landlock_restrict_self 446
 futex_waitv 449
 cachestat 451
+mseal 462
diff --git a/include/lapi/syscalls/sh.in b/include/lapi/syscalls/sh.in
index ae6f26050..c93271d1b 100644
--- a/include/lapi/syscalls/sh.in
+++ b/include/lapi/syscalls/sh.in
@@ -409,3 +409,4 @@ landlock_add_rule 445
 landlock_restrict_self 446
 futex_waitv 449
 cachestat 451
+mseal 462
diff --git a/include/lapi/syscalls/sparc.in b/include/lapi/syscalls/sparc.in
index 409fa2729..9be7d2e96 100644
--- a/include/lapi/syscalls/sparc.in
+++ b/include/lapi/syscalls/sparc.in
@@ -414,3 +414,4 @@ landlock_add_rule 445
 landlock_restrict_self 446
 futex_waitv 449
 cachestat 451
+mseal 462
diff --git a/include/lapi/syscalls/sparc64.in b/include/lapi/syscalls/sparc64.in
index e13cf163e..9c80a328f 100644
--- a/include/lapi/syscalls/sparc64.in
+++ b/include/lapi/syscalls/sparc64.in
@@ -379,3 +379,4 @@ landlock_add_rule 445
 landlock_restrict_self 446
 futex_waitv 449
 cachestat 451
+mseal 462
diff --git a/include/lapi/syscalls/x86_64.in b/include/lapi/syscalls/x86_64.in
index 05b1bee55..49cb1ab94 100644
--- a/include/lapi/syscalls/x86_64.in
+++ b/include/lapi/syscalls/x86_64.in
@@ -356,6 +356,7 @@ landlock_add_rule 445
 landlock_restrict_self 446
 futex_waitv 449
 cachestat 451
+mseal 462
 rt_sigaction 512
 rt_sigreturn 513
 ioctl 514

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v3 2/2] Add mseal01 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

This is a smoke test that verifies if mseal() protects specific VMA
portions of a process. According to documentation, the syscall should
protect memory from the following actions:

- unmapping, moving to another location, and shrinking the size, via
  munmap() and mremap()
- moving or expanding a different VMA into the current location, via
  mremap()
- modifying a VMA via mmap(MAP_FIXED)
- mprotect() and pkey_mprotect()
- destructive madvice() behaviors (e.g. MADV_DONTNEED) for anonymous
  memory, when users don’t have write permission to the memory

Any of the described actions is recognized via EPERM errno.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 testcases/kernel/syscalls/mseal/.gitignore |   1 +
 testcases/kernel/syscalls/mseal/Makefile   |   7 ++
 testcases/kernel/syscalls/mseal/mseal01.c  | 156 +++++++++++++++++++++++++++++
 3 files changed, 164 insertions(+)

diff --git a/testcases/kernel/syscalls/mseal/.gitignore b/testcases/kernel/syscalls/mseal/.gitignore
new file mode 100644
index 000000000..e13090994
--- /dev/null
+++ b/testcases/kernel/syscalls/mseal/.gitignore
@@ -0,0 +1 @@
+mseal01
diff --git a/testcases/kernel/syscalls/mseal/Makefile b/testcases/kernel/syscalls/mseal/Makefile
new file mode 100644
index 000000000..35317f446
--- /dev/null
+++ b/testcases/kernel/syscalls/mseal/Makefile
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (C) 2023 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+
+top_srcdir		?= ../../../..
+
+include $(top_srcdir)/include/mk/testcases.mk
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/syscalls/mseal/mseal01.c b/testcases/kernel/syscalls/mseal/mseal01.c
new file mode 100644
index 000000000..eb2f4d588
--- /dev/null
+++ b/testcases/kernel/syscalls/mseal/mseal01.c
@@ -0,0 +1,156 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * This is a smoke test that verifies if mseal() protects specific VMA portions
+ * of a process. According to documentation, the syscall should protect memory
+ * from the following actions:
+ *
+ * - unmapping, moving to another location, and shrinking the size, via munmap()
+ *   and mremap()
+ * - moving or expanding a different VMA into the current location, via mremap()
+ * - modifying a VMA via mmap(MAP_FIXED)
+ * - mprotect() and pkey_mprotect()
+ * - destructive madvice() behaviors (e.g. MADV_DONTNEED) for anonymous memory,
+ *   when users don’t have write permission to the memory
+ *
+ * Any of the described actions is recognized via EPERM errno.
+ */
+
+#define _GNU_SOURCE
+
+#include "tst_test.h"
+#include "lapi/syscalls.h"
+
+#define MEMPAGES 8
+#define MEMSEAL 2
+
+static void *mem_addr;
+static int mem_size;
+static int mem_offset;
+static int mem_alignment;
+
+static inline int sys_mseal(void *start, size_t len)
+{
+	return tst_syscall(__NR_mseal, start, len, 0);
+}
+
+static void test_mprotect(void)
+{
+	TST_EXP_FAIL(mprotect(mem_addr, mem_size, PROT_NONE), EPERM);
+}
+
+static void test_pkey_mprotect(void)
+{
+	int ret;
+	int pkey;
+
+	pkey = tst_syscall(__NR_pkey_alloc, 0, 0);
+	if (pkey == -1) {
+		if (errno == EINVAL)
+			tst_brk(TCONF, "pku is not supported on this CPU");
+
+		tst_brk(TBROK | TERRNO, "pkey_alloc() error");
+	}
+
+	TST_EXP_FAIL(tst_syscall(__NR_pkey_mprotect,
+		mem_addr, mem_size,
+		PROT_NONE,
+		pkey),
+		EPERM);
+
+	ret = tst_syscall(__NR_pkey_free, pkey);
+	if (ret == -1)
+		tst_brk(TBROK | TERRNO, "pkey_free() error");
+}
+
+static void test_madvise(void)
+{
+	TST_EXP_FAIL(madvise(mem_addr, mem_size, MADV_DONTNEED), EPERM);
+}
+
+static void test_munmap(void)
+{
+	TST_EXP_FAIL(munmap(mem_addr, mem_size), EPERM);
+}
+
+static void test_mremap_resize(void)
+{
+	void *new_addr;
+	size_t new_size = 2 * mem_alignment;
+
+	new_addr = SAFE_MMAP(NULL, mem_size,
+		PROT_READ,
+		MAP_ANONYMOUS | MAP_PRIVATE,
+		-1, 0);
+
+	TST_EXP_FAIL_PTR_VOID(mremap(mem_addr, mem_size, new_size,
+		MREMAP_MAYMOVE | MREMAP_FIXED,
+		new_addr),
+		EPERM);
+
+	SAFE_MUNMAP(new_addr, new_size);
+}
+
+static void test_mmap_change_prot(void)
+{
+	TST_EXP_FAIL_PTR_VOID(mmap(mem_addr, mem_size,
+		PROT_READ,
+		MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED,
+		-1, 0), EPERM);
+}
+
+static struct tcase {
+	void (*func_test)(void);
+	int prot;
+	char *message;
+} tcases[] = {
+	{test_mprotect, PROT_READ | PROT_WRITE, "mprotect() availability"},
+	{test_pkey_mprotect, PROT_READ | PROT_WRITE, "pkey_mprotect() availability"},
+	{test_madvise, PROT_READ, "madvise() availability"},
+	{test_munmap, PROT_READ | PROT_WRITE, "munmap() availability from child"},
+	{test_mremap_resize, PROT_READ | PROT_WRITE, "mremap() address move/resize"},
+	{test_mmap_change_prot, PROT_READ | PROT_WRITE, "mmap() protection change"},
+};
+
+static void run(unsigned int n)
+{
+	/* the reason why we spawn a child is that mseal() will
+	 * protect VMA until process will call _exit()
+	 */
+	if (!SAFE_FORK()) {
+		struct tcase *tc = &tcases[n];
+
+		mem_addr = SAFE_MMAP(NULL, mem_size,
+			tc->prot,
+			MAP_ANONYMOUS | MAP_PRIVATE,
+			-1, 0);
+
+		tst_res(TINFO, "Testing %s", tc->message);
+
+		TST_EXP_PASS(sys_mseal(mem_addr + mem_offset, mem_alignment));
+
+		tc->func_test();
+		_exit(0);
+	}
+}
+
+static void setup(void)
+{
+	mem_alignment = getpagesize();
+	mem_size = mem_alignment * MEMPAGES;
+	mem_offset = mem_alignment * MEMSEAL;
+}
+
+static struct tst_test test = {
+	.test = run,
+	.tcnt = ARRAY_SIZE(tcases),
+	.setup = setup,
+	.min_kver = "6.10",
+	.forks_child = 1,
+};
+

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v3 2/2] Add mseal01 test

[Cyril Hrubis]

Hi!
This one looks good, but misses a runtest entry.

With runtest entry added (for the whole patchset):

Reviewed-by: Cyril Hrubis <chrubis@suse.cz>

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v3 2/2] Add mseal01 test

[Andrea Cervesato via ltp]

On 8/1/24 16:54, Cyril Hrubis wrote:
> Hi!
> This one looks good, but misses a runtest entry.
>
> With runtest entry added (for the whole patchset):
>
> Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
>
Pushed with runtest entry.

Thanks,
Andrea


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v3 2/2] Add mseal01 test

[Li Wang]

Hi Andrea,

On Thu, Aug 1, 2024 at 8:44 PM Andrea Cervesato <andrea.cervesato@suse.de>
wrote:

> From: Andrea Cervesato <andrea.cervesato@suse.com>
>
> This is a smoke test that verifies if mseal() protects specific VMA
> portions of a process. According to documentation, the syscall should
> protect memory from the following actions:
>
> - unmapping, moving to another location, and shrinking the size, via
>   munmap() and mremap()
> - moving or expanding a different VMA into the current location, via
>   mremap()
> - modifying a VMA via mmap(MAP_FIXED)
> - mprotect() and pkey_mprotect()
> - destructive madvice() behaviors (e.g. MADV_DONTNEED) for anonymous
>   memory, when users don’t have write permission to the memory
>
> Any of the described actions is recognized via EPERM errno.
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  testcases/kernel/syscalls/mseal/.gitignore |   1 +
>  testcases/kernel/syscalls/mseal/Makefile   |   7 ++
>  testcases/kernel/syscalls/mseal/mseal01.c  | 156
> +++++++++++++++++++++++++++++
>  3 files changed, 164 insertions(+)
>
> diff --git a/testcases/kernel/syscalls/mseal/.gitignore
> b/testcases/kernel/syscalls/mseal/.gitignore
> new file mode 100644
> index 000000000..e13090994
> --- /dev/null
> +++ b/testcases/kernel/syscalls/mseal/.gitignore
> @@ -0,0 +1 @@
> +mseal01
> diff --git a/testcases/kernel/syscalls/mseal/Makefile
> b/testcases/kernel/syscalls/mseal/Makefile
> new file mode 100644
> index 000000000..35317f446
> --- /dev/null
> +++ b/testcases/kernel/syscalls/mseal/Makefile
> @@ -0,0 +1,7 @@
> +# SPDX-License-Identifier: GPL-2.0-or-later
> +# Copyright (C) 2023 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com
> >
> +
> +top_srcdir             ?= ../../../..
> +
> +include $(top_srcdir)/include/mk/testcases.mk
> +include $(top_srcdir)/include/mk/generic_leaf_target.mk
> diff --git a/testcases/kernel/syscalls/mseal/mseal01.c
> b/testcases/kernel/syscalls/mseal/mseal01.c
> new file mode 100644
> index 000000000..eb2f4d588
> --- /dev/null
> +++ b/testcases/kernel/syscalls/mseal/mseal01.c
> @@ -0,0 +1,156 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <
> andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * This is a smoke test that verifies if mseal() protects specific VMA
> portions
> + * of a process. According to documentation, the syscall should protect
> memory
> + * from the following actions:
> + *
> + * - unmapping, moving to another location, and shrinking the size, via
> munmap()
> + *   and mremap()
> + * - moving or expanding a different VMA into the current location, via
> mremap()
> + * - modifying a VMA via mmap(MAP_FIXED)
> + * - mprotect() and pkey_mprotect()
> + * - destructive madvice() behaviors (e.g. MADV_DONTNEED) for anonymous
> memory,
> + *   when users don’t have write permission to the memory
> + *
> + * Any of the described actions is recognized via EPERM errno.
> + */
> +
> +#define _GNU_SOURCE
> +
> +#include "tst_test.h"
> +#include "lapi/syscalls.h"
> +
> +#define MEMPAGES 8
> +#define MEMSEAL 2
> +
> +static void *mem_addr;
> +static int mem_size;
> +static int mem_offset;
> +static int mem_alignment;
> +
> +static inline int sys_mseal(void *start, size_t len)
> +{
> +       return tst_syscall(__NR_mseal, start, len, 0);
> +}
> +
> +static void test_mprotect(void)
> +{
> +       TST_EXP_FAIL(mprotect(mem_addr, mem_size, PROT_NONE), EPERM);
> +}
> +
> +static void test_pkey_mprotect(void)
> +{
> +       int ret;
> +       int pkey;
> +
> +       pkey = tst_syscall(__NR_pkey_alloc, 0, 0);
> +       if (pkey == -1) {
> +               if (errno == EINVAL)
> +                       tst_brk(TCONF, "pku is not supported on this CPU");
>

Based on my limited knowledge of PKEY things, here might get three errnos:
ENOSYS, EINVAL and ENOSPC, so probably we can just do that by the exist
pkey support checker and uses the ltp_pkey_* series capsulated wrappers?

https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/pkeys/pkey.h



> +
> +               tst_brk(TBROK | TERRNO, "pkey_alloc() error");
> +       }
> +
> +       TST_EXP_FAIL(tst_syscall(__NR_pkey_mprotect,
> +               mem_addr, mem_size,
> +               PROT_NONE,
> +               pkey),
> +               EPERM);
> +
> +       ret = tst_syscall(__NR_pkey_free, pkey);
> +       if (ret == -1)
> +               tst_brk(TBROK | TERRNO, "pkey_free() error");
> +}
> +
> +static void test_madvise(void)
> +{
> +       TST_EXP_FAIL(madvise(mem_addr, mem_size, MADV_DONTNEED), EPERM);
> +}
> +
> +static void test_munmap(void)
> +{
> +       TST_EXP_FAIL(munmap(mem_addr, mem_size), EPERM);
> +}
> +
> +static void test_mremap_resize(void)
> +{
> +       void *new_addr;
> +       size_t new_size = 2 * mem_alignment;
> +
> +       new_addr = SAFE_MMAP(NULL, mem_size,
> +               PROT_READ,
> +               MAP_ANONYMOUS | MAP_PRIVATE,
> +               -1, 0);
> +
> +       TST_EXP_FAIL_PTR_VOID(mremap(mem_addr, mem_size, new_size,
> +               MREMAP_MAYMOVE | MREMAP_FIXED,
> +               new_addr),
> +               EPERM);
> +
> +       SAFE_MUNMAP(new_addr, new_size);
> +}
> +
> +static void test_mmap_change_prot(void)
> +{
> +       TST_EXP_FAIL_PTR_VOID(mmap(mem_addr, mem_size,
> +               PROT_READ,
> +               MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED,
> +               -1, 0), EPERM);
> +}
> +
> +static struct tcase {
> +       void (*func_test)(void);
> +       int prot;
> +       char *message;
> +} tcases[] = {
> +       {test_mprotect, PROT_READ | PROT_WRITE, "mprotect() availability"},
> +       {test_pkey_mprotect, PROT_READ | PROT_WRITE, "pkey_mprotect()
> availability"},
> +       {test_madvise, PROT_READ, "madvise() availability"},
> +       {test_munmap, PROT_READ | PROT_WRITE, "munmap() availability from
> child"},
> +       {test_mremap_resize, PROT_READ | PROT_WRITE, "mremap() address
> move/resize"},
> +       {test_mmap_change_prot, PROT_READ | PROT_WRITE, "mmap() protection
> change"},
> +};
> +
> +static void run(unsigned int n)
> +{
> +       /* the reason why we spawn a child is that mseal() will
> +        * protect VMA until process will call _exit()
> +        */
> +       if (!SAFE_FORK()) {
> +               struct tcase *tc = &tcases[n];
> +
> +               mem_addr = SAFE_MMAP(NULL, mem_size,
> +                       tc->prot,
> +                       MAP_ANONYMOUS | MAP_PRIVATE,
> +                       -1, 0);
> +
> +               tst_res(TINFO, "Testing %s", tc->message);
> +
> +               TST_EXP_PASS(sys_mseal(mem_addr + mem_offset,
> mem_alignment));
> +
> +               tc->func_test();
> +               _exit(0);
> +       }
> +}
> +
> +static void setup(void)
> +{
> +       mem_alignment = getpagesize();
> +       mem_size = mem_alignment * MEMPAGES;
> +       mem_offset = mem_alignment * MEMSEAL;
> +}
> +
> +static struct tst_test test = {
> +       .test = run,
> +       .tcnt = ARRAY_SIZE(tcases),
> +       .setup = setup,
>


> +       .min_kver = "6.10",
>

The minimal kernel version check is unnecessary.



> +       .forks_child = 1,
> +};
> +
>
> --
> 2.43.0
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
>


-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH] mseal01: handle more possible errnos when pkey_alloc gets fail

[Li Wang]

Signed-off-by: Li Wang <liwang@redhat.com>
---
 testcases/kernel/syscalls/mseal/mseal01.c | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/testcases/kernel/syscalls/mseal/mseal01.c b/testcases/kernel/syscalls/mseal/mseal01.c
index eb2f4d588..2ff6ed119 100644
--- a/testcases/kernel/syscalls/mseal/mseal01.c
+++ b/testcases/kernel/syscalls/mseal/mseal01.c
@@ -25,6 +25,7 @@
 
 #include "tst_test.h"
 #include "lapi/syscalls.h"
+#include "../pkeys/pkey.h"
 
 #define MEMPAGES 8
 #define MEMSEAL 2
@@ -46,25 +47,19 @@ static void test_mprotect(void)
 
 static void test_pkey_mprotect(void)
 {
-	int ret;
 	int pkey;
 
-	pkey = tst_syscall(__NR_pkey_alloc, 0, 0);
-	if (pkey == -1) {
-		if (errno == EINVAL)
-			tst_brk(TCONF, "pku is not supported on this CPU");
+	check_pkey_support();
 
-		tst_brk(TBROK | TERRNO, "pkey_alloc() error");
-	}
+	pkey = ltp_pkey_alloc( 0, 0);
 
-	TST_EXP_FAIL(tst_syscall(__NR_pkey_mprotect,
+	TST_EXP_FAIL(ltp_pkey_mprotect(
 		mem_addr, mem_size,
 		PROT_NONE,
 		pkey),
 		EPERM);
 
-	ret = tst_syscall(__NR_pkey_free, pkey);
-	if (ret == -1)
+	if (ltp_pkey_free(pkey) == -1)
 		tst_brk(TBROK | TERRNO, "pkey_free() error");
 }
 
@@ -150,7 +145,6 @@ static struct tst_test test = {
 	.test = run,
 	.tcnt = ARRAY_SIZE(tcases),
 	.setup = setup,
-	.min_kver = "6.10",
 	.forks_child = 1,
 };
 
-- 
2.45.2


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH] mseal01: handle more possible errnos when pkey_alloc gets fail

[Andrea Cervesato via ltp]

Hi!

Thanks for helping on mseal01. I already submitted the patch, but we can 
apply a new patch on top of it without problems.
Review below

On 8/3/24 14:22, Li Wang wrote:
> Signed-off-by: Li Wang <liwang@redhat.com>
> ---
>   testcases/kernel/syscalls/mseal/mseal01.c | 16 +++++-----------
>   1 file changed, 5 insertions(+), 11 deletions(-)
>
> diff --git a/testcases/kernel/syscalls/mseal/mseal01.c b/testcases/kernel/syscalls/mseal/mseal01.c
> index eb2f4d588..2ff6ed119 100644
> --- a/testcases/kernel/syscalls/mseal/mseal01.c
> +++ b/testcases/kernel/syscalls/mseal/mseal01.c
> @@ -25,6 +25,7 @@
>   
>   #include "tst_test.h"
>   #include "lapi/syscalls.h"
> +#include "../pkeys/pkey.h"
The problem with this approach is that testing suites won't be 
independent anymore.
We need to move all pkeys/pkey.h declarations inside the lapi/ folder, 
in order to use pkey syscalls from any testing suite.
>   
>   #define MEMPAGES 8
>   #define MEMSEAL 2
> @@ -46,25 +47,19 @@ static void test_mprotect(void)
>   
>   static void test_pkey_mprotect(void)
>   {
> -	int ret;
>   	int pkey;
>   
> -	pkey = tst_syscall(__NR_pkey_alloc, 0, 0);
> -	if (pkey == -1) {
> -		if (errno == EINVAL)
> -			tst_brk(TCONF, "pku is not supported on this CPU");
> +	check_pkey_support();
>   
> -		tst_brk(TBROK | TERRNO, "pkey_alloc() error");
> -	}
> +	pkey = ltp_pkey_alloc( 0, 0);
>   
> -	TST_EXP_FAIL(tst_syscall(__NR_pkey_mprotect,
> +	TST_EXP_FAIL(ltp_pkey_mprotect(
>   		mem_addr, mem_size,
>   		PROT_NONE,
>   		pkey),
>   		EPERM);
>   
> -	ret = tst_syscall(__NR_pkey_free, pkey);
> -	if (ret == -1)
> +	if (ltp_pkey_free(pkey) == -1)
>   		tst_brk(TBROK | TERRNO, "pkey_free() error");
>   }
>   
> @@ -150,7 +145,6 @@ static struct tst_test test = {
>   	.test = run,
>   	.tcnt = ARRAY_SIZE(tcases),
>   	.setup = setup,
> -	.min_kver = "6.10",
>   	.forks_child = 1,
>   };
>   

Andrea


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH] mseal01: handle more possible errnos when pkey_alloc gets fail

[Li Wang]

On Mon, Aug 5, 2024 at 2:38 PM Andrea Cervesato via ltp <ltp@lists.linux.it>
wrote:

> Hi!
>
> Thanks for helping on mseal01. I already submitted the patch, but we can
> apply a new patch on top of it without problems.
> Review below
>
> On 8/3/24 14:22, Li Wang wrote:
> > Signed-off-by: Li Wang <liwang@redhat.com>
> > ---
> >   testcases/kernel/syscalls/mseal/mseal01.c | 16 +++++-----------
> >   1 file changed, 5 insertions(+), 11 deletions(-)
> >
> > diff --git a/testcases/kernel/syscalls/mseal/mseal01.c
> b/testcases/kernel/syscalls/mseal/mseal01.c
> > index eb2f4d588..2ff6ed119 100644
> > --- a/testcases/kernel/syscalls/mseal/mseal01.c
> > +++ b/testcases/kernel/syscalls/mseal/mseal01.c
> > @@ -25,6 +25,7 @@
> >
> >   #include "tst_test.h"
> >   #include "lapi/syscalls.h"
> > +#include "../pkeys/pkey.h"
> The problem with this approach is that testing suites won't be
> independent anymore.
> We need to move all pkeys/pkey.h declarations inside the lapi/ folder,
> in order to use pkey syscalls from any testing suite.
>

Sure, I will update my patch to include that. Thanks!


-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp