* [LTP] [PATCH v3 0/2] Add mseal() testing suite
@ 2024-08-01 12:43 Andrea Cervesato
2024-08-01 12:43 ` [LTP] [PATCH v3 1/2] Add mseal() syscall declaration Andrea Cervesato
2024-08-01 12:43 ` [LTP] [PATCH v3 2/2] Add mseal01 test Andrea Cervesato
0 siblings, 2 replies; 9+ messages in thread
From: Andrea Cervesato @ 2024-08-01 12:43 UTC (permalink / raw)
To: ltp
Smoke test for mseal() syscall added in the kernel 6.10. All information
can be found at the following link:
https://docs.kernel.org/userspace-api/mseal.html
Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
Changes in v3:
- move memory allocation inside the child
- Link to v2: https://lore.kernel.org/r/20240723-mseal-v2-0-5aa872d611bc@suse.com
Changes in v2:
- don't use TST_ABI32 var anymore, but let tst_syscall handling ENOSYS
- call protection key syscalls via tst_syscall
- Link to v1: https://lore.kernel.org/r/20240610-mseal-v1-0-f659b9e97efa@suse.com
---
Andrea Cervesato (2):
Add mseal() syscall declaration
Add mseal01 test
include/lapi/syscalls/aarch64.in | 1 +
include/lapi/syscalls/arc.in | 1 +
include/lapi/syscalls/arm.in | 1 +
include/lapi/syscalls/hppa.in | 1 +
include/lapi/syscalls/i386.in | 1 +
include/lapi/syscalls/ia64.in | 1 +
include/lapi/syscalls/loongarch.in | 1 +
include/lapi/syscalls/mips_n32.in | 1 +
include/lapi/syscalls/mips_n64.in | 1 +
include/lapi/syscalls/mips_o32.in | 1 +
include/lapi/syscalls/powerpc.in | 1 +
include/lapi/syscalls/powerpc64.in | 1 +
include/lapi/syscalls/s390.in | 1 +
include/lapi/syscalls/s390x.in | 1 +
include/lapi/syscalls/sh.in | 1 +
include/lapi/syscalls/sparc.in | 1 +
include/lapi/syscalls/sparc64.in | 1 +
include/lapi/syscalls/x86_64.in | 1 +
testcases/kernel/syscalls/mseal/.gitignore | 1 +
testcases/kernel/syscalls/mseal/Makefile | 7 ++
testcases/kernel/syscalls/mseal/mseal01.c | 156 +++++++++++++++++++++++++++++
21 files changed, 182 insertions(+)
---
base-commit: 8422d4680b21e6576da63c677b5d49f46b477df0
change-id: 20240607-mseal-dfac12675096
Best regards,
--
Andrea Cervesato <andrea.cervesato@suse.com>
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 9+ messages in thread* [LTP] [PATCH v3 1/2] Add mseal() syscall declaration 2024-08-01 12:43 [LTP] [PATCH v3 0/2] Add mseal() testing suite Andrea Cervesato @ 2024-08-01 12:43 ` Andrea Cervesato 2024-08-01 12:43 ` [LTP] [PATCH v3 2/2] Add mseal01 test Andrea Cervesato 1 sibling, 0 replies; 9+ messages in thread From: Andrea Cervesato @ 2024-08-01 12:43 UTC (permalink / raw) To: ltp From: Andrea Cervesato <andrea.cervesato@suse.com> --- include/lapi/syscalls/aarch64.in | 1 + include/lapi/syscalls/arc.in | 1 + include/lapi/syscalls/arm.in | 1 + include/lapi/syscalls/hppa.in | 1 + include/lapi/syscalls/i386.in | 1 + include/lapi/syscalls/ia64.in | 1 + include/lapi/syscalls/loongarch.in | 1 + include/lapi/syscalls/mips_n32.in | 1 + include/lapi/syscalls/mips_n64.in | 1 + include/lapi/syscalls/mips_o32.in | 1 + include/lapi/syscalls/powerpc.in | 1 + include/lapi/syscalls/powerpc64.in | 1 + include/lapi/syscalls/s390.in | 1 + include/lapi/syscalls/s390x.in | 1 + include/lapi/syscalls/sh.in | 1 + include/lapi/syscalls/sparc.in | 1 + include/lapi/syscalls/sparc64.in | 1 + include/lapi/syscalls/x86_64.in | 1 + 18 files changed, 18 insertions(+) diff --git a/include/lapi/syscalls/aarch64.in b/include/lapi/syscalls/aarch64.in index ef0aa04a3..d1ff7c081 100644 --- a/include/lapi/syscalls/aarch64.in +++ b/include/lapi/syscalls/aarch64.in @@ -301,4 +301,5 @@ landlock_add_rule 445 landlock_restrict_self 446 futex_waitv 449 cachestat 451 +mseal 462 _sysctl 1078 diff --git a/include/lapi/syscalls/arc.in b/include/lapi/syscalls/arc.in index 3eaa6a8f1..265329cbe 100644 --- a/include/lapi/syscalls/arc.in +++ b/include/lapi/syscalls/arc.in @@ -321,3 +321,4 @@ landlock_add_rule 445 landlock_restrict_self 446 futex_waitv 449 cachestat 451 +mseal 462 diff --git a/include/lapi/syscalls/arm.in b/include/lapi/syscalls/arm.in index b52a32b6b..b49590268 100644 --- a/include/lapi/syscalls/arm.in +++ b/include/lapi/syscalls/arm.in @@ -400,3 +400,4 @@ landlock_restrict_self (__NR_SYSCALL_BASE+446) memfd_secret (__NR_SYSCALL_BASE+447) futex_waitv (__NR_SYSCALL_BASE+449) cachestat (__NR_SYSCALL_BASE+451) +mseal (__NR_SYSCALL_BASE+462) diff --git a/include/lapi/syscalls/hppa.in b/include/lapi/syscalls/hppa.in index 4919ee65d..9a8832248 100644 --- a/include/lapi/syscalls/hppa.in +++ b/include/lapi/syscalls/hppa.in @@ -48,3 +48,4 @@ landlock_add_rule 445 landlock_restrict_self 446 futex_waitv 449 cachestat 451 +mseal 462 diff --git a/include/lapi/syscalls/i386.in b/include/lapi/syscalls/i386.in index cff40957a..59c97b9b8 100644 --- a/include/lapi/syscalls/i386.in +++ b/include/lapi/syscalls/i386.in @@ -435,3 +435,4 @@ landlock_add_rule 445 landlock_restrict_self 446 futex_waitv 449 cachestat 451 +mseal 462 diff --git a/include/lapi/syscalls/ia64.in b/include/lapi/syscalls/ia64.in index 11d4b46f4..f08a268e8 100644 --- a/include/lapi/syscalls/ia64.in +++ b/include/lapi/syscalls/ia64.in @@ -348,3 +348,4 @@ landlock_add_rule 1469 landlock_restrict_self 1470 futex_waitv 1473 cachestat 1475 +mseal 1486 diff --git a/include/lapi/syscalls/loongarch.in b/include/lapi/syscalls/loongarch.in index 9bf6a7deb..29acad012 100644 --- a/include/lapi/syscalls/loongarch.in +++ b/include/lapi/syscalls/loongarch.in @@ -306,3 +306,4 @@ process_mrelease 448 futex_waitv 449 set_mempolicy_home_node 450 cachestat 451 +mseal 462 diff --git a/include/lapi/syscalls/mips_n32.in b/include/lapi/syscalls/mips_n32.in index a76c82593..260e01518 100644 --- a/include/lapi/syscalls/mips_n32.in +++ b/include/lapi/syscalls/mips_n32.in @@ -375,3 +375,4 @@ landlock_add_rule 6445 landlock_restrict_self 6446 futex_waitv 6449 cachestat 6451 +mseal 6462 diff --git a/include/lapi/syscalls/mips_n64.in b/include/lapi/syscalls/mips_n64.in index df991efd5..83da993ad 100644 --- a/include/lapi/syscalls/mips_n64.in +++ b/include/lapi/syscalls/mips_n64.in @@ -351,3 +351,4 @@ landlock_add_rule 5445 landlock_restrict_self 5446 futex_waitv 5449 cachestat 5451 +mseal 5462 diff --git a/include/lapi/syscalls/mips_o32.in b/include/lapi/syscalls/mips_o32.in index 826b7d66e..3589e0337 100644 --- a/include/lapi/syscalls/mips_o32.in +++ b/include/lapi/syscalls/mips_o32.in @@ -421,3 +421,4 @@ landlock_add_rule 4445 landlock_restrict_self 4446 futex_waitv 4449 cachestat 4451 +mseal 4462 diff --git a/include/lapi/syscalls/powerpc.in b/include/lapi/syscalls/powerpc.in index 798ed9050..e39e6b69c 100644 --- a/include/lapi/syscalls/powerpc.in +++ b/include/lapi/syscalls/powerpc.in @@ -428,3 +428,4 @@ landlock_add_rule 445 landlock_restrict_self 446 futex_waitv 449 cachestat 451 +mseal 462 diff --git a/include/lapi/syscalls/powerpc64.in b/include/lapi/syscalls/powerpc64.in index 798ed9050..e39e6b69c 100644 --- a/include/lapi/syscalls/powerpc64.in +++ b/include/lapi/syscalls/powerpc64.in @@ -428,3 +428,4 @@ landlock_add_rule 445 landlock_restrict_self 446 futex_waitv 449 cachestat 451 +mseal 462 diff --git a/include/lapi/syscalls/s390.in b/include/lapi/syscalls/s390.in index 126938095..d3426c88f 100644 --- a/include/lapi/syscalls/s390.in +++ b/include/lapi/syscalls/s390.in @@ -415,3 +415,4 @@ landlock_add_rule 445 landlock_restrict_self 446 futex_waitv 449 cachestat 451 +mseal 462 diff --git a/include/lapi/syscalls/s390x.in b/include/lapi/syscalls/s390x.in index 18f2496a0..02df53322 100644 --- a/include/lapi/syscalls/s390x.in +++ b/include/lapi/syscalls/s390x.in @@ -363,3 +363,4 @@ landlock_add_rule 445 landlock_restrict_self 446 futex_waitv 449 cachestat 451 +mseal 462 diff --git a/include/lapi/syscalls/sh.in b/include/lapi/syscalls/sh.in index ae6f26050..c93271d1b 100644 --- a/include/lapi/syscalls/sh.in +++ b/include/lapi/syscalls/sh.in @@ -409,3 +409,4 @@ landlock_add_rule 445 landlock_restrict_self 446 futex_waitv 449 cachestat 451 +mseal 462 diff --git a/include/lapi/syscalls/sparc.in b/include/lapi/syscalls/sparc.in index 409fa2729..9be7d2e96 100644 --- a/include/lapi/syscalls/sparc.in +++ b/include/lapi/syscalls/sparc.in @@ -414,3 +414,4 @@ landlock_add_rule 445 landlock_restrict_self 446 futex_waitv 449 cachestat 451 +mseal 462 diff --git a/include/lapi/syscalls/sparc64.in b/include/lapi/syscalls/sparc64.in index e13cf163e..9c80a328f 100644 --- a/include/lapi/syscalls/sparc64.in +++ b/include/lapi/syscalls/sparc64.in @@ -379,3 +379,4 @@ landlock_add_rule 445 landlock_restrict_self 446 futex_waitv 449 cachestat 451 +mseal 462 diff --git a/include/lapi/syscalls/x86_64.in b/include/lapi/syscalls/x86_64.in index 05b1bee55..49cb1ab94 100644 --- a/include/lapi/syscalls/x86_64.in +++ b/include/lapi/syscalls/x86_64.in @@ -356,6 +356,7 @@ landlock_add_rule 445 landlock_restrict_self 446 futex_waitv 449 cachestat 451 +mseal 462 rt_sigaction 512 rt_sigreturn 513 ioctl 514 -- 2.43.0 -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [LTP] [PATCH v3 2/2] Add mseal01 test 2024-08-01 12:43 [LTP] [PATCH v3 0/2] Add mseal() testing suite Andrea Cervesato 2024-08-01 12:43 ` [LTP] [PATCH v3 1/2] Add mseal() syscall declaration Andrea Cervesato @ 2024-08-01 12:43 ` Andrea Cervesato 2024-08-01 14:54 ` Cyril Hrubis 2024-08-03 3:27 ` Li Wang 1 sibling, 2 replies; 9+ messages in thread From: Andrea Cervesato @ 2024-08-01 12:43 UTC (permalink / raw) To: ltp From: Andrea Cervesato <andrea.cervesato@suse.com> This is a smoke test that verifies if mseal() protects specific VMA portions of a process. According to documentation, the syscall should protect memory from the following actions: - unmapping, moving to another location, and shrinking the size, via munmap() and mremap() - moving or expanding a different VMA into the current location, via mremap() - modifying a VMA via mmap(MAP_FIXED) - mprotect() and pkey_mprotect() - destructive madvice() behaviors (e.g. MADV_DONTNEED) for anonymous memory, when users don’t have write permission to the memory Any of the described actions is recognized via EPERM errno. Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com> --- testcases/kernel/syscalls/mseal/.gitignore | 1 + testcases/kernel/syscalls/mseal/Makefile | 7 ++ testcases/kernel/syscalls/mseal/mseal01.c | 156 +++++++++++++++++++++++++++++ 3 files changed, 164 insertions(+) diff --git a/testcases/kernel/syscalls/mseal/.gitignore b/testcases/kernel/syscalls/mseal/.gitignore new file mode 100644 index 000000000..e13090994 --- /dev/null +++ b/testcases/kernel/syscalls/mseal/.gitignore @@ -0,0 +1 @@ +mseal01 diff --git a/testcases/kernel/syscalls/mseal/Makefile b/testcases/kernel/syscalls/mseal/Makefile new file mode 100644 index 000000000..35317f446 --- /dev/null +++ b/testcases/kernel/syscalls/mseal/Makefile @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (C) 2023 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com> + +top_srcdir ?= ../../../.. + +include $(top_srcdir)/include/mk/testcases.mk +include $(top_srcdir)/include/mk/generic_leaf_target.mk diff --git a/testcases/kernel/syscalls/mseal/mseal01.c b/testcases/kernel/syscalls/mseal/mseal01.c new file mode 100644 index 000000000..eb2f4d588 --- /dev/null +++ b/testcases/kernel/syscalls/mseal/mseal01.c @@ -0,0 +1,156 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com> + */ + +/*\ + * [Description] + * + * This is a smoke test that verifies if mseal() protects specific VMA portions + * of a process. According to documentation, the syscall should protect memory + * from the following actions: + * + * - unmapping, moving to another location, and shrinking the size, via munmap() + * and mremap() + * - moving or expanding a different VMA into the current location, via mremap() + * - modifying a VMA via mmap(MAP_FIXED) + * - mprotect() and pkey_mprotect() + * - destructive madvice() behaviors (e.g. MADV_DONTNEED) for anonymous memory, + * when users don’t have write permission to the memory + * + * Any of the described actions is recognized via EPERM errno. + */ + +#define _GNU_SOURCE + +#include "tst_test.h" +#include "lapi/syscalls.h" + +#define MEMPAGES 8 +#define MEMSEAL 2 + +static void *mem_addr; +static int mem_size; +static int mem_offset; +static int mem_alignment; + +static inline int sys_mseal(void *start, size_t len) +{ + return tst_syscall(__NR_mseal, start, len, 0); +} + +static void test_mprotect(void) +{ + TST_EXP_FAIL(mprotect(mem_addr, mem_size, PROT_NONE), EPERM); +} + +static void test_pkey_mprotect(void) +{ + int ret; + int pkey; + + pkey = tst_syscall(__NR_pkey_alloc, 0, 0); + if (pkey == -1) { + if (errno == EINVAL) + tst_brk(TCONF, "pku is not supported on this CPU"); + + tst_brk(TBROK | TERRNO, "pkey_alloc() error"); + } + + TST_EXP_FAIL(tst_syscall(__NR_pkey_mprotect, + mem_addr, mem_size, + PROT_NONE, + pkey), + EPERM); + + ret = tst_syscall(__NR_pkey_free, pkey); + if (ret == -1) + tst_brk(TBROK | TERRNO, "pkey_free() error"); +} + +static void test_madvise(void) +{ + TST_EXP_FAIL(madvise(mem_addr, mem_size, MADV_DONTNEED), EPERM); +} + +static void test_munmap(void) +{ + TST_EXP_FAIL(munmap(mem_addr, mem_size), EPERM); +} + +static void test_mremap_resize(void) +{ + void *new_addr; + size_t new_size = 2 * mem_alignment; + + new_addr = SAFE_MMAP(NULL, mem_size, + PROT_READ, + MAP_ANONYMOUS | MAP_PRIVATE, + -1, 0); + + TST_EXP_FAIL_PTR_VOID(mremap(mem_addr, mem_size, new_size, + MREMAP_MAYMOVE | MREMAP_FIXED, + new_addr), + EPERM); + + SAFE_MUNMAP(new_addr, new_size); +} + +static void test_mmap_change_prot(void) +{ + TST_EXP_FAIL_PTR_VOID(mmap(mem_addr, mem_size, + PROT_READ, + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, + -1, 0), EPERM); +} + +static struct tcase { + void (*func_test)(void); + int prot; + char *message; +} tcases[] = { + {test_mprotect, PROT_READ | PROT_WRITE, "mprotect() availability"}, + {test_pkey_mprotect, PROT_READ | PROT_WRITE, "pkey_mprotect() availability"}, + {test_madvise, PROT_READ, "madvise() availability"}, + {test_munmap, PROT_READ | PROT_WRITE, "munmap() availability from child"}, + {test_mremap_resize, PROT_READ | PROT_WRITE, "mremap() address move/resize"}, + {test_mmap_change_prot, PROT_READ | PROT_WRITE, "mmap() protection change"}, +}; + +static void run(unsigned int n) +{ + /* the reason why we spawn a child is that mseal() will + * protect VMA until process will call _exit() + */ + if (!SAFE_FORK()) { + struct tcase *tc = &tcases[n]; + + mem_addr = SAFE_MMAP(NULL, mem_size, + tc->prot, + MAP_ANONYMOUS | MAP_PRIVATE, + -1, 0); + + tst_res(TINFO, "Testing %s", tc->message); + + TST_EXP_PASS(sys_mseal(mem_addr + mem_offset, mem_alignment)); + + tc->func_test(); + _exit(0); + } +} + +static void setup(void) +{ + mem_alignment = getpagesize(); + mem_size = mem_alignment * MEMPAGES; + mem_offset = mem_alignment * MEMSEAL; +} + +static struct tst_test test = { + .test = run, + .tcnt = ARRAY_SIZE(tcases), + .setup = setup, + .min_kver = "6.10", + .forks_child = 1, +}; + -- 2.43.0 -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [LTP] [PATCH v3 2/2] Add mseal01 test 2024-08-01 12:43 ` [LTP] [PATCH v3 2/2] Add mseal01 test Andrea Cervesato @ 2024-08-01 14:54 ` Cyril Hrubis 2024-08-02 12:39 ` Andrea Cervesato via ltp 2024-08-03 3:27 ` Li Wang 1 sibling, 1 reply; 9+ messages in thread From: Cyril Hrubis @ 2024-08-01 14:54 UTC (permalink / raw) To: Andrea Cervesato; +Cc: ltp Hi! This one looks good, but misses a runtest entry. With runtest entry added (for the whole patchset): Reviewed-by: Cyril Hrubis <chrubis@suse.cz> -- Cyril Hrubis chrubis@suse.cz -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [LTP] [PATCH v3 2/2] Add mseal01 test 2024-08-01 14:54 ` Cyril Hrubis @ 2024-08-02 12:39 ` Andrea Cervesato via ltp 0 siblings, 0 replies; 9+ messages in thread From: Andrea Cervesato via ltp @ 2024-08-02 12:39 UTC (permalink / raw) To: Cyril Hrubis, Andrea Cervesato; +Cc: ltp On 8/1/24 16:54, Cyril Hrubis wrote: > Hi! > This one looks good, but misses a runtest entry. > > With runtest entry added (for the whole patchset): > > Reviewed-by: Cyril Hrubis <chrubis@suse.cz> > Pushed with runtest entry. Thanks, Andrea -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [LTP] [PATCH v3 2/2] Add mseal01 test 2024-08-01 12:43 ` [LTP] [PATCH v3 2/2] Add mseal01 test Andrea Cervesato 2024-08-01 14:54 ` Cyril Hrubis @ 2024-08-03 3:27 ` Li Wang 2024-08-03 12:22 ` [LTP] [PATCH] mseal01: handle more possible errnos when pkey_alloc gets fail Li Wang 1 sibling, 1 reply; 9+ messages in thread From: Li Wang @ 2024-08-03 3:27 UTC (permalink / raw) To: Andrea Cervesato; +Cc: ltp Hi Andrea, On Thu, Aug 1, 2024 at 8:44 PM Andrea Cervesato <andrea.cervesato@suse.de> wrote: > From: Andrea Cervesato <andrea.cervesato@suse.com> > > This is a smoke test that verifies if mseal() protects specific VMA > portions of a process. According to documentation, the syscall should > protect memory from the following actions: > > - unmapping, moving to another location, and shrinking the size, via > munmap() and mremap() > - moving or expanding a different VMA into the current location, via > mremap() > - modifying a VMA via mmap(MAP_FIXED) > - mprotect() and pkey_mprotect() > - destructive madvice() behaviors (e.g. MADV_DONTNEED) for anonymous > memory, when users don’t have write permission to the memory > > Any of the described actions is recognized via EPERM errno. > > Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com> > --- > testcases/kernel/syscalls/mseal/.gitignore | 1 + > testcases/kernel/syscalls/mseal/Makefile | 7 ++ > testcases/kernel/syscalls/mseal/mseal01.c | 156 > +++++++++++++++++++++++++++++ > 3 files changed, 164 insertions(+) > > diff --git a/testcases/kernel/syscalls/mseal/.gitignore > b/testcases/kernel/syscalls/mseal/.gitignore > new file mode 100644 > index 000000000..e13090994 > --- /dev/null > +++ b/testcases/kernel/syscalls/mseal/.gitignore > @@ -0,0 +1 @@ > +mseal01 > diff --git a/testcases/kernel/syscalls/mseal/Makefile > b/testcases/kernel/syscalls/mseal/Makefile > new file mode 100644 > index 000000000..35317f446 > --- /dev/null > +++ b/testcases/kernel/syscalls/mseal/Makefile > @@ -0,0 +1,7 @@ > +# SPDX-License-Identifier: GPL-2.0-or-later > +# Copyright (C) 2023 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com > > > + > +top_srcdir ?= ../../../.. > + > +include $(top_srcdir)/include/mk/testcases.mk > +include $(top_srcdir)/include/mk/generic_leaf_target.mk > diff --git a/testcases/kernel/syscalls/mseal/mseal01.c > b/testcases/kernel/syscalls/mseal/mseal01.c > new file mode 100644 > index 000000000..eb2f4d588 > --- /dev/null > +++ b/testcases/kernel/syscalls/mseal/mseal01.c > @@ -0,0 +1,156 @@ > +// SPDX-License-Identifier: GPL-2.0-only > +/* > + * Copyright (C) 2024 SUSE LLC Andrea Cervesato < > andrea.cervesato@suse.com> > + */ > + > +/*\ > + * [Description] > + * > + * This is a smoke test that verifies if mseal() protects specific VMA > portions > + * of a process. According to documentation, the syscall should protect > memory > + * from the following actions: > + * > + * - unmapping, moving to another location, and shrinking the size, via > munmap() > + * and mremap() > + * - moving or expanding a different VMA into the current location, via > mremap() > + * - modifying a VMA via mmap(MAP_FIXED) > + * - mprotect() and pkey_mprotect() > + * - destructive madvice() behaviors (e.g. MADV_DONTNEED) for anonymous > memory, > + * when users don’t have write permission to the memory > + * > + * Any of the described actions is recognized via EPERM errno. > + */ > + > +#define _GNU_SOURCE > + > +#include "tst_test.h" > +#include "lapi/syscalls.h" > + > +#define MEMPAGES 8 > +#define MEMSEAL 2 > + > +static void *mem_addr; > +static int mem_size; > +static int mem_offset; > +static int mem_alignment; > + > +static inline int sys_mseal(void *start, size_t len) > +{ > + return tst_syscall(__NR_mseal, start, len, 0); > +} > + > +static void test_mprotect(void) > +{ > + TST_EXP_FAIL(mprotect(mem_addr, mem_size, PROT_NONE), EPERM); > +} > + > +static void test_pkey_mprotect(void) > +{ > + int ret; > + int pkey; > + > + pkey = tst_syscall(__NR_pkey_alloc, 0, 0); > + if (pkey == -1) { > + if (errno == EINVAL) > + tst_brk(TCONF, "pku is not supported on this CPU"); > Based on my limited knowledge of PKEY things, here might get three errnos: ENOSYS, EINVAL and ENOSPC, so probably we can just do that by the exist pkey support checker and uses the ltp_pkey_* series capsulated wrappers? https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/pkeys/pkey.h > + > + tst_brk(TBROK | TERRNO, "pkey_alloc() error"); > + } > + > + TST_EXP_FAIL(tst_syscall(__NR_pkey_mprotect, > + mem_addr, mem_size, > + PROT_NONE, > + pkey), > + EPERM); > + > + ret = tst_syscall(__NR_pkey_free, pkey); > + if (ret == -1) > + tst_brk(TBROK | TERRNO, "pkey_free() error"); > +} > + > +static void test_madvise(void) > +{ > + TST_EXP_FAIL(madvise(mem_addr, mem_size, MADV_DONTNEED), EPERM); > +} > + > +static void test_munmap(void) > +{ > + TST_EXP_FAIL(munmap(mem_addr, mem_size), EPERM); > +} > + > +static void test_mremap_resize(void) > +{ > + void *new_addr; > + size_t new_size = 2 * mem_alignment; > + > + new_addr = SAFE_MMAP(NULL, mem_size, > + PROT_READ, > + MAP_ANONYMOUS | MAP_PRIVATE, > + -1, 0); > + > + TST_EXP_FAIL_PTR_VOID(mremap(mem_addr, mem_size, new_size, > + MREMAP_MAYMOVE | MREMAP_FIXED, > + new_addr), > + EPERM); > + > + SAFE_MUNMAP(new_addr, new_size); > +} > + > +static void test_mmap_change_prot(void) > +{ > + TST_EXP_FAIL_PTR_VOID(mmap(mem_addr, mem_size, > + PROT_READ, > + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, > + -1, 0), EPERM); > +} > + > +static struct tcase { > + void (*func_test)(void); > + int prot; > + char *message; > +} tcases[] = { > + {test_mprotect, PROT_READ | PROT_WRITE, "mprotect() availability"}, > + {test_pkey_mprotect, PROT_READ | PROT_WRITE, "pkey_mprotect() > availability"}, > + {test_madvise, PROT_READ, "madvise() availability"}, > + {test_munmap, PROT_READ | PROT_WRITE, "munmap() availability from > child"}, > + {test_mremap_resize, PROT_READ | PROT_WRITE, "mremap() address > move/resize"}, > + {test_mmap_change_prot, PROT_READ | PROT_WRITE, "mmap() protection > change"}, > +}; > + > +static void run(unsigned int n) > +{ > + /* the reason why we spawn a child is that mseal() will > + * protect VMA until process will call _exit() > + */ > + if (!SAFE_FORK()) { > + struct tcase *tc = &tcases[n]; > + > + mem_addr = SAFE_MMAP(NULL, mem_size, > + tc->prot, > + MAP_ANONYMOUS | MAP_PRIVATE, > + -1, 0); > + > + tst_res(TINFO, "Testing %s", tc->message); > + > + TST_EXP_PASS(sys_mseal(mem_addr + mem_offset, > mem_alignment)); > + > + tc->func_test(); > + _exit(0); > + } > +} > + > +static void setup(void) > +{ > + mem_alignment = getpagesize(); > + mem_size = mem_alignment * MEMPAGES; > + mem_offset = mem_alignment * MEMSEAL; > +} > + > +static struct tst_test test = { > + .test = run, > + .tcnt = ARRAY_SIZE(tcases), > + .setup = setup, > > + .min_kver = "6.10", > The minimal kernel version check is unnecessary. > + .forks_child = 1, > +}; > + > > -- > 2.43.0 > > > -- > Mailing list info: https://lists.linux.it/listinfo/ltp > -- Regards, Li Wang -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH] mseal01: handle more possible errnos when pkey_alloc gets fail 2024-08-03 3:27 ` Li Wang @ 2024-08-03 12:22 ` Li Wang 2024-08-05 6:38 ` Andrea Cervesato via ltp 0 siblings, 1 reply; 9+ messages in thread From: Li Wang @ 2024-08-03 12:22 UTC (permalink / raw) To: ltp Signed-off-by: Li Wang <liwang@redhat.com> --- testcases/kernel/syscalls/mseal/mseal01.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/testcases/kernel/syscalls/mseal/mseal01.c b/testcases/kernel/syscalls/mseal/mseal01.c index eb2f4d588..2ff6ed119 100644 --- a/testcases/kernel/syscalls/mseal/mseal01.c +++ b/testcases/kernel/syscalls/mseal/mseal01.c @@ -25,6 +25,7 @@ #include "tst_test.h" #include "lapi/syscalls.h" +#include "../pkeys/pkey.h" #define MEMPAGES 8 #define MEMSEAL 2 @@ -46,25 +47,19 @@ static void test_mprotect(void) static void test_pkey_mprotect(void) { - int ret; int pkey; - pkey = tst_syscall(__NR_pkey_alloc, 0, 0); - if (pkey == -1) { - if (errno == EINVAL) - tst_brk(TCONF, "pku is not supported on this CPU"); + check_pkey_support(); - tst_brk(TBROK | TERRNO, "pkey_alloc() error"); - } + pkey = ltp_pkey_alloc( 0, 0); - TST_EXP_FAIL(tst_syscall(__NR_pkey_mprotect, + TST_EXP_FAIL(ltp_pkey_mprotect( mem_addr, mem_size, PROT_NONE, pkey), EPERM); - ret = tst_syscall(__NR_pkey_free, pkey); - if (ret == -1) + if (ltp_pkey_free(pkey) == -1) tst_brk(TBROK | TERRNO, "pkey_free() error"); } @@ -150,7 +145,6 @@ static struct tst_test test = { .test = run, .tcnt = ARRAY_SIZE(tcases), .setup = setup, - .min_kver = "6.10", .forks_child = 1, }; -- 2.45.2 -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [LTP] [PATCH] mseal01: handle more possible errnos when pkey_alloc gets fail 2024-08-03 12:22 ` [LTP] [PATCH] mseal01: handle more possible errnos when pkey_alloc gets fail Li Wang @ 2024-08-05 6:38 ` Andrea Cervesato via ltp 2024-08-05 6:40 ` Li Wang 0 siblings, 1 reply; 9+ messages in thread From: Andrea Cervesato via ltp @ 2024-08-05 6:38 UTC (permalink / raw) To: ltp Hi! Thanks for helping on mseal01. I already submitted the patch, but we can apply a new patch on top of it without problems. Review below On 8/3/24 14:22, Li Wang wrote: > Signed-off-by: Li Wang <liwang@redhat.com> > --- > testcases/kernel/syscalls/mseal/mseal01.c | 16 +++++----------- > 1 file changed, 5 insertions(+), 11 deletions(-) > > diff --git a/testcases/kernel/syscalls/mseal/mseal01.c b/testcases/kernel/syscalls/mseal/mseal01.c > index eb2f4d588..2ff6ed119 100644 > --- a/testcases/kernel/syscalls/mseal/mseal01.c > +++ b/testcases/kernel/syscalls/mseal/mseal01.c > @@ -25,6 +25,7 @@ > > #include "tst_test.h" > #include "lapi/syscalls.h" > +#include "../pkeys/pkey.h" The problem with this approach is that testing suites won't be independent anymore. We need to move all pkeys/pkey.h declarations inside the lapi/ folder, in order to use pkey syscalls from any testing suite. > > #define MEMPAGES 8 > #define MEMSEAL 2 > @@ -46,25 +47,19 @@ static void test_mprotect(void) > > static void test_pkey_mprotect(void) > { > - int ret; > int pkey; > > - pkey = tst_syscall(__NR_pkey_alloc, 0, 0); > - if (pkey == -1) { > - if (errno == EINVAL) > - tst_brk(TCONF, "pku is not supported on this CPU"); > + check_pkey_support(); > > - tst_brk(TBROK | TERRNO, "pkey_alloc() error"); > - } > + pkey = ltp_pkey_alloc( 0, 0); > > - TST_EXP_FAIL(tst_syscall(__NR_pkey_mprotect, > + TST_EXP_FAIL(ltp_pkey_mprotect( > mem_addr, mem_size, > PROT_NONE, > pkey), > EPERM); > > - ret = tst_syscall(__NR_pkey_free, pkey); > - if (ret == -1) > + if (ltp_pkey_free(pkey) == -1) > tst_brk(TBROK | TERRNO, "pkey_free() error"); > } > > @@ -150,7 +145,6 @@ static struct tst_test test = { > .test = run, > .tcnt = ARRAY_SIZE(tcases), > .setup = setup, > - .min_kver = "6.10", > .forks_child = 1, > }; > Andrea -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [LTP] [PATCH] mseal01: handle more possible errnos when pkey_alloc gets fail 2024-08-05 6:38 ` Andrea Cervesato via ltp @ 2024-08-05 6:40 ` Li Wang 0 siblings, 0 replies; 9+ messages in thread From: Li Wang @ 2024-08-05 6:40 UTC (permalink / raw) To: Andrea Cervesato; +Cc: ltp On Mon, Aug 5, 2024 at 2:38 PM Andrea Cervesato via ltp <ltp@lists.linux.it> wrote: > Hi! > > Thanks for helping on mseal01. I already submitted the patch, but we can > apply a new patch on top of it without problems. > Review below > > On 8/3/24 14:22, Li Wang wrote: > > Signed-off-by: Li Wang <liwang@redhat.com> > > --- > > testcases/kernel/syscalls/mseal/mseal01.c | 16 +++++----------- > > 1 file changed, 5 insertions(+), 11 deletions(-) > > > > diff --git a/testcases/kernel/syscalls/mseal/mseal01.c > b/testcases/kernel/syscalls/mseal/mseal01.c > > index eb2f4d588..2ff6ed119 100644 > > --- a/testcases/kernel/syscalls/mseal/mseal01.c > > +++ b/testcases/kernel/syscalls/mseal/mseal01.c > > @@ -25,6 +25,7 @@ > > > > #include "tst_test.h" > > #include "lapi/syscalls.h" > > +#include "../pkeys/pkey.h" > The problem with this approach is that testing suites won't be > independent anymore. > We need to move all pkeys/pkey.h declarations inside the lapi/ folder, > in order to use pkey syscalls from any testing suite. > Sure, I will update my patch to include that. Thanks! -- Regards, Li Wang -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-08-05 6:41 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-08-01 12:43 [LTP] [PATCH v3 0/2] Add mseal() testing suite Andrea Cervesato 2024-08-01 12:43 ` [LTP] [PATCH v3 1/2] Add mseal() syscall declaration Andrea Cervesato 2024-08-01 12:43 ` [LTP] [PATCH v3 2/2] Add mseal01 test Andrea Cervesato 2024-08-01 14:54 ` Cyril Hrubis 2024-08-02 12:39 ` Andrea Cervesato via ltp 2024-08-03 3:27 ` Li Wang 2024-08-03 12:22 ` [LTP] [PATCH] mseal01: handle more possible errnos when pkey_alloc gets fail Li Wang 2024-08-05 6:38 ` Andrea Cervesato via ltp 2024-08-05 6:40 ` Li Wang
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox