From nobody Thu Dec 18 16:35:54 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2AEAC83F17 for ; Mon, 28 Aug 2023 15:10:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232314AbjH1PJh (ORCPT ); Mon, 28 Aug 2023 11:09:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232346AbjH1PJN (ORCPT ); Mon, 28 Aug 2023 11:09:13 -0400 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B1727E3 for ; Mon, 28 Aug 2023 08:09:08 -0700 (PDT) Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-401d2e11dacso222945e9.0 for ; Mon, 28 Aug 2023 08:09:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1693235346; x=1693840146; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=54UPPhNi0y2AdnbsRZs/CNcj4MVRDSwIBY8KLrESmWo=; b=LwMgQz/Pz1vI9C+GIi5muwLbzIkuznGpP9E03o8fY/OOVPIb6sBIjWAvlpDZJCYO3c dsDrAs07+54wwoOvW2N+ZRL7SQ5CIMhTMEDoBsYMYTBI3QM95BPxEPPK680uL3vkt8uo vaDJN0HfI+13p6NMtHDCzWAfIsfHMOO6Ww0uk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693235346; x=1693840146; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=54UPPhNi0y2AdnbsRZs/CNcj4MVRDSwIBY8KLrESmWo=; b=MKsZa/5JJh5q19ZvWsLZWVyPGwPG6q3Jz25VwZCut9avJ94qgF693cfO/CrNYk2EFI ZLhCmqWL/4gY9cBkgnJbU3hm5lso8CcyLtpFJVIOg/JhMeR61fEj4BzuYJ5jlJYIMh7W h6T6iaZ/x04LizVmYWmqZSzCGhZ+9UPnFh+A7q4FFyHGKHSTXhVxne+zTovs6uRJ36rQ c3mIK9J/Br1l/8IJ1IUxXXGdUFvvTsga2zA3ap7L9bYhpwo73XDRew85z3hXjNqrTUoU 9TNlQCiWHJiHuFyoHiqhMc1/GyXl/hEPy6RGb9z/vAK7QOMgEwAtA74xXGrex7EyQWhT yAsA== X-Gm-Message-State: AOJu0YyqKeJvK8GEk92tCrq8x+6RjRn4pqhNqwRSH1/csvmap21FbLDF mOsuSk+gIYGe4+/zlcLL5lNj8Py7yDPQVUvy4Y8= X-Google-Smtp-Source: AGHT+IEsED+uVDf3QF+1TMYiMI9fwCvF0Riiqa1w3RmNOSnx23YM4S/JlhQ+bju/J7g38NJUjnBylw== X-Received: by 2002:a5d:4561:0:b0:313:f75b:c552 with SMTP id a1-20020a5d4561000000b00313f75bc552mr21799616wrc.15.1693235346658; Mon, 28 Aug 2023 08:09:06 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:40c6:6cff:63b:c70a]) by smtp.gmail.com with ESMTPSA id v3-20020a5d43c3000000b003140fff4f75sm10730522wrr.17.2023.08.28.08.09.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Aug 2023 08:09:06 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com, ayush.jain3@amd.com, Florent Revest Subject: [PATCH v4 1/6] kselftest: vm: Fix tabs/spaces inconsistency in the mdwe test Date: Mon, 28 Aug 2023 17:08:53 +0200 Message-ID: <20230828150858.393570-2-revest@chromium.org> X-Mailer: git-send-email 2.42.0.rc2.253.gd59a3bf2b4-goog In-Reply-To: <20230828150858.393570-1-revest@chromium.org> References: <20230828150858.393570-1-revest@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Reviewed-by: David Hildenbrand Reviewed-by: Kees Cook Acked-by: Catalin Marinas Signed-off-by: Florent Revest --- tools/testing/selftests/mm/mdwe_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftes= ts/mm/mdwe_test.c index bc91bef5d254..d0954c657feb 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -49,19 +49,19 @@ FIXTURE_VARIANT(mdwe) =20 FIXTURE_VARIANT_ADD(mdwe, stock) { - .enabled =3D false, + .enabled =3D false, .forked =3D false, }; =20 FIXTURE_VARIANT_ADD(mdwe, enabled) { - .enabled =3D true, + .enabled =3D true, .forked =3D false, }; =20 FIXTURE_VARIANT_ADD(mdwe, forked) { - .enabled =3D true, + .enabled =3D true, .forked =3D true, }; =20 --=20 2.42.0.rc2.253.gd59a3bf2b4-goog From nobody Thu Dec 18 16:35:54 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 005B8C83F1A for ; Mon, 28 Aug 2023 15:10:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232346AbjH1PJi (ORCPT ); Mon, 28 Aug 2023 11:09:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49240 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232358AbjH1PJO (ORCPT ); Mon, 28 Aug 2023 11:09:14 -0400 Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FB47129 for ; Mon, 28 Aug 2023 08:09:10 -0700 (PDT) Received: by mail-wr1-x436.google.com with SMTP id ffacd0b85a97d-31c3726cc45so2867214f8f.0 for ; Mon, 28 Aug 2023 08:09:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1693235348; x=1693840148; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dSsehURxisS0cPQOlmw5cEhdkgRF5G0B9O4abug5R1Y=; b=KcBVK2L/+QiqeWFTYXdOHgeUKp7DE3X4tkqvOHvJL3c9l2s8PVNUDW7Vbov+Z+q4gQ mcZKACunCQ1/A/aDTljARoKg3f6xbibrlG6bzvrYRt2IfOW/RY1hCJt/5Bjtk9lSUGNn 58lL0yysgJLrF2YisIvCE3BrZVByNt8ljS8SY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693235348; x=1693840148; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dSsehURxisS0cPQOlmw5cEhdkgRF5G0B9O4abug5R1Y=; b=SJAlCCpFKIOVBfqDj9LbJkYLWbkXsX00loWYkE5qZNKpDXDyq+kvxaMdB+Ss3MqqoU vZgbX+n3eUd7A8p2ilabwUYrUVc72mTopi3PhbJA4hmCOUbM+YTQCrf024eYLYA/gcRP PDyDEteZ+y5MzVCgGpIIDjOAVEuG9HE9jbRVDmI8cSUUutPE+hhRiThFdttOOWu07FXa UiAdNsb2wTIPWZshYQ+3iHAIyFf8jnj1uCoj7o1vgpGvWxjq/t2UIr3LcuFY5dRFG3pF 0gwaUG+zazwnQ/61zfeyF2wb3NBPAPU1d/AlA/eeZbttEGnPiWKQfvUCswIdBh3Y02jK BFYw== X-Gm-Message-State: AOJu0YyXDYrv+1P0ngqn9IveTZliqwXY4q5FWZVm9L5HdN8YMTIbRiSE 0MDl4kMzikaTxKFhAdVNb0lUqpK/OTZNdQxHBcw= X-Google-Smtp-Source: AGHT+IEAybtNw1oHry9kGIGPO60mG51GaKuwtgSiIvjeqoNDFS3SqrUaPm7yaU7LHb+xUqgnOcm9kA== X-Received: by 2002:a5d:574f:0:b0:317:5ece:e16a with SMTP id q15-20020a5d574f000000b003175ecee16amr18928693wrw.50.1693235348569; Mon, 28 Aug 2023 08:09:08 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:40c6:6cff:63b:c70a]) by smtp.gmail.com with ESMTPSA id v3-20020a5d43c3000000b003140fff4f75sm10730522wrr.17.2023.08.28.08.09.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Aug 2023 08:09:07 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com, ayush.jain3@amd.com, Florent Revest , Ryan Roberts Subject: [PATCH v4 2/6] kselftest: vm: Fix mdwe's mmap_FIXED test case Date: Mon, 28 Aug 2023 17:08:54 +0200 Message-ID: <20230828150858.393570-3-revest@chromium.org> X-Mailer: git-send-email 2.42.0.rc2.253.gd59a3bf2b4-goog In-Reply-To: <20230828150858.393570-1-revest@chromium.org> References: <20230828150858.393570-1-revest@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" I checked with the original author, the mmap_FIXED test case wasn't properly tested and fails. Currently, it maps two consecutive (non overlapping) pages and expects the second mapping to be denied by MDWE but these two pages have nothing to do with each other so MDWE is actually out of the picture here. What the test actually intended to do was to remap a virtual address using MAP_FIXED. However, this operation unmaps the existing mapping and creates a new one so the va is backed by a new page and MDWE is again out of the picture, all remappings should succeed. This patch keeps the test case to make it clear that this situation is expected to work: MDWE shouldn't block a MAP_FIXED replacement. Signed-off-by: Florent Revest Reviewed-by: David Hildenbrand Reviewed-by: Kees Cook Reviewed-by: Catalin Marinas Reviewed-by: Ryan Roberts Tested-by: Ryan Roberts Tested-by: Ayush Jain Fixes: 4cf1fe34fd18 ("kselftest: vm: add tests for memory-deny-write-execut= e") --- tools/testing/selftests/mm/mdwe_test.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftes= ts/mm/mdwe_test.c index d0954c657feb..91aa9c3099e7 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -168,13 +168,10 @@ TEST_F(mdwe, mmap_FIXED) self->p =3D mmap(NULL, self->size, PROT_READ, self->flags, 0, 0); ASSERT_NE(self->p, MAP_FAILED); =20 - p =3D mmap(self->p + self->size, self->size, PROT_READ | PROT_EXEC, + /* MAP_FIXED unmaps the existing page before mapping which is allowed */ + p =3D mmap(self->p, self->size, PROT_READ | PROT_EXEC, self->flags | MAP_FIXED, 0, 0); - if (variant->enabled) { - EXPECT_EQ(p, MAP_FAILED); - } else { - EXPECT_EQ(p, self->p); - } + EXPECT_EQ(p, self->p); } =20 TEST_F(mdwe, arm64_BTI) --=20 2.42.0.rc2.253.gd59a3bf2b4-goog From nobody Thu Dec 18 16:35:54 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 111A2C83F19 for ; Mon, 28 Aug 2023 15:10:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232410AbjH1PJk (ORCPT ); Mon, 28 Aug 2023 11:09:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49338 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232373AbjH1PJQ (ORCPT ); Mon, 28 Aug 2023 11:09:16 -0400 Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 59A09E5 for ; Mon, 28 Aug 2023 08:09:12 -0700 (PDT) Received: by mail-wr1-x42b.google.com with SMTP id ffacd0b85a97d-31c6cd238e0so2746057f8f.0 for ; Mon, 28 Aug 2023 08:09:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1693235350; x=1693840150; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=U6Jw13ojRxer1CiudmSrh9Dog+8TQjAfOMQPH0B+zsU=; b=Lk2KfNqdfkyZPx8vi/h/HB59i1bm7w+8tv8ZcJZqLR9PmqVKGsJ7mj84sSlppy2pKN 1Kudx1wqbxnO03PxF1S2GCnJgmlMgd5W8AwbKxspHAQbIzqb0S5gM+Uk5xxJVtI3vi6c OzY/Fal78xF4WUGyBlsEpwHcZBptFYGjvo5+s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693235350; x=1693840150; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=U6Jw13ojRxer1CiudmSrh9Dog+8TQjAfOMQPH0B+zsU=; b=A8m94fgPixoYvbXm/A1jzyEa58SLVaL5HPYkQ9s/ZeoC7zJ4pPEHO72AHbzqR29n2E 2tCPZgZRqekTYEWBk7WyFEK37bdnHXRiIkZYygdWZ12R/ZF8QyZ+MqezOQ0uxnyfQDys IO9/uTMSdvNWGZ7FjSkiSOCw3bQxkHafUDJn/jt3doYhz4Eppty+y6a0rFANdCx+CRKZ WsZQ5m8hmS+WT/gsjCOCskN/nYXWlcUhnzOMEYNzLur82+1pviIyt0zhMCxrvo4EVyKc I1bIvLvnMo5Mfnsb6GwijE4eOAtyqQJ5kT1ZGZLrUteORIOba46Nr1aWTup66dM7339W pC2Q== X-Gm-Message-State: AOJu0YzEGxmTDYT4wNqrPZkmEAHqhWmkQXxAH6zHsfsOwryqFAtgfnjA rJ1e1XPah0fBGvB344LNkvq0feaTAw/OEgewo68= X-Google-Smtp-Source: AGHT+IGXAqJyw97V+o4oaIks1Kj/kAns5+tLjlPhppgRBXwPa0+zcI2oLEhzNJD6x+xUpCRPgxj60Q== X-Received: by 2002:a5d:5389:0:b0:319:6997:9432 with SMTP id d9-20020a5d5389000000b0031969979432mr19677532wrv.1.1693235350535; Mon, 28 Aug 2023 08:09:10 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:40c6:6cff:63b:c70a]) by smtp.gmail.com with ESMTPSA id v3-20020a5d43c3000000b003140fff4f75sm10730522wrr.17.2023.08.28.08.09.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Aug 2023 08:09:09 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com, ayush.jain3@amd.com, Florent Revest Subject: [PATCH v4 3/6] kselftest: vm: Check errnos in mdwe_test Date: Mon, 28 Aug 2023 17:08:55 +0200 Message-ID: <20230828150858.393570-4-revest@chromium.org> X-Mailer: git-send-email 2.42.0.rc2.253.gd59a3bf2b4-goog In-Reply-To: <20230828150858.393570-1-revest@chromium.org> References: <20230828150858.393570-1-revest@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Invalid prctls return a negative code and set errno. It's good practice to check that errno is set as expected. Signed-off-by: Florent Revest Acked-by: Catalin Marinas Reviewed-by: Kees Cook --- tools/testing/selftests/mm/mdwe_test.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftes= ts/mm/mdwe_test.c index 91aa9c3099e7..1b84cf8e1bbe 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -23,14 +23,22 @@ TEST(prctl_flags) { EXPECT_LT(prctl(PR_SET_MDWE, 7L, 0L, 0L, 0L), 0); + EXPECT_EQ(errno, EINVAL); EXPECT_LT(prctl(PR_SET_MDWE, 0L, 7L, 0L, 0L), 0); + EXPECT_EQ(errno, EINVAL); EXPECT_LT(prctl(PR_SET_MDWE, 0L, 0L, 7L, 0L), 0); + EXPECT_EQ(errno, EINVAL); EXPECT_LT(prctl(PR_SET_MDWE, 0L, 0L, 0L, 7L), 0); + EXPECT_EQ(errno, EINVAL); =20 EXPECT_LT(prctl(PR_GET_MDWE, 7L, 0L, 0L, 0L), 0); + EXPECT_EQ(errno, EINVAL); EXPECT_LT(prctl(PR_GET_MDWE, 0L, 7L, 0L, 0L), 0); + EXPECT_EQ(errno, EINVAL); EXPECT_LT(prctl(PR_GET_MDWE, 0L, 0L, 7L, 0L), 0); + EXPECT_EQ(errno, EINVAL); EXPECT_LT(prctl(PR_GET_MDWE, 0L, 0L, 0L, 7L), 0); + EXPECT_EQ(errno, EINVAL); } =20 FIXTURE(mdwe) --=20 2.42.0.rc2.253.gd59a3bf2b4-goog From nobody Thu Dec 18 16:35:54 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 204A5C83F1B for ; Mon, 28 Aug 2023 15:10:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232460AbjH1PJl (ORCPT ); Mon, 28 Aug 2023 11:09:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49410 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232453AbjH1PJT (ORCPT ); Mon, 28 Aug 2023 11:09:19 -0400 Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 40DD412A for ; Mon, 28 Aug 2023 08:09:14 -0700 (PDT) Received: by mail-wm1-x32e.google.com with SMTP id 5b1f17b1804b1-3fe24dd8898so30691475e9.2 for ; Mon, 28 Aug 2023 08:09:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1693235352; x=1693840152; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9C6695DueeDZA9rTKrXkRn2f/fH50YffF9JA6g5ta/Y=; b=WtQfO4zgxksMpW7OaaxuZIAENI54VG0EzFAggndg9mUcIb3M2Xezcabx2+YryWgbAA N9iFiJ9bLirdEgKUNaxjDRF5W2tAbI2K3Rno8gaX6aJemzBypmY5oCw4hU97bDhNBdbn Rp2FXqPaLlJyPRfxE/Y4ar83+m9lXRdXQxNQU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693235352; x=1693840152; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9C6695DueeDZA9rTKrXkRn2f/fH50YffF9JA6g5ta/Y=; b=QX9zAZISl4gbmG4nJPU12qaSD7JlZtlmYmWfFQyaHRo6aehM3oW0MauLSygcyDBPi2 sufUpSrqOcK1d8L9lgwXvz3iPTmxcg6LmQ8ke/sOu51bvs/eZMelMM6HoippAHAjUm0N aqCBghPJBd1xnmDbxoY510bLDqfZQ6C+2r/A6cNPckbmtN+C099bwHh4GejAk6kMPAM6 0pcwHueb3YALaxxdoacjOQTvDhQiTXXKrcy27KThI1eL7v3w7LINZqbpWrwkZColJgyw l4zRMASsQs+ePwI7YP4IX91JRSPWzeYJn+bdO89KaZypI/Tn9RsO8DBmJ1nWDiI2SqzI YJlA== X-Gm-Message-State: AOJu0Yyzfo1NU3uG5yf+APp9C8mCHI0fQQZ/uMc2hM4QRv3OuedKGCFS 61MBjT7ppUvUwXn2yoYl/nOsP5/RHVhQf1Hj8So= X-Google-Smtp-Source: AGHT+IEXUnMXPaBwdEFmcdrUudhk8uAYHPBV2ErTGdS4NlCyRahLQ06reLojtBElYN3aftIEBravdQ== X-Received: by 2002:a7b:cb49:0:b0:3fb:a506:5656 with SMTP id v9-20020a7bcb49000000b003fba5065656mr20934266wmj.32.1693235352415; Mon, 28 Aug 2023 08:09:12 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:40c6:6cff:63b:c70a]) by smtp.gmail.com with ESMTPSA id v3-20020a5d43c3000000b003140fff4f75sm10730522wrr.17.2023.08.28.08.09.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Aug 2023 08:09:11 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com, ayush.jain3@amd.com, Florent Revest , stable@vger.kernel.org Subject: [PATCH v4 4/6] mm: Make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long Date: Mon, 28 Aug 2023 17:08:56 +0200 Message-ID: <20230828150858.393570-5-revest@chromium.org> X-Mailer: git-send-email 2.42.0.rc2.253.gd59a3bf2b4-goog In-Reply-To: <20230828150858.393570-1-revest@chromium.org> References: <20230828150858.393570-1-revest@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Defining a prctl flag as an int is a footgun because on a 64 bit machine and with a variadic implementation of prctl (like in musl and glibc), when used directly as a prctl argument, it can get casted to long with garbage upper bits which would result in unexpected behaviors. This patch changes the constant to an unsigned long to eliminate that possibilities. This does not break UAPI. Fixes: b507808ebce2 ("mm: implement memory-deny-write-execute as a prctl") Cc: stable@vger.kernel.org Signed-off-by: Florent Revest Suggested-by: Alexey Izbyshev Reviewed-by: David Hildenbrand Reviewed-by: Kees Cook Acked-by: Catalin Marinas --- include/uapi/linux/prctl.h | 2 +- tools/include/uapi/linux/prctl.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 3c36aeade991..9a85c69782bd 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -283,7 +283,7 @@ struct prctl_mm_map { =20 /* Memory deny write / execute */ #define PR_SET_MDWE 65 -# define PR_MDWE_REFUSE_EXEC_GAIN 1 +# define PR_MDWE_REFUSE_EXEC_GAIN (1UL << 0) =20 #define PR_GET_MDWE 66 =20 diff --git a/tools/include/uapi/linux/prctl.h b/tools/include/uapi/linux/pr= ctl.h index 3c36aeade991..9a85c69782bd 100644 --- a/tools/include/uapi/linux/prctl.h +++ b/tools/include/uapi/linux/prctl.h @@ -283,7 +283,7 @@ struct prctl_mm_map { =20 /* Memory deny write / execute */ #define PR_SET_MDWE 65 -# define PR_MDWE_REFUSE_EXEC_GAIN 1 +# define PR_MDWE_REFUSE_EXEC_GAIN (1UL << 0) =20 #define PR_GET_MDWE 66 =20 --=20 2.42.0.rc2.253.gd59a3bf2b4-goog From nobody Thu Dec 18 16:35:54 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2FF3CC83F1D for ; Mon, 28 Aug 2023 15:10:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232490AbjH1PJn (ORCPT ); Mon, 28 Aug 2023 11:09:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49426 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231284AbjH1PJV (ORCPT ); Mon, 28 Aug 2023 11:09:21 -0400 Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1FDC21AA for ; Mon, 28 Aug 2023 08:09:16 -0700 (PDT) Received: by mail-wm1-x32d.google.com with SMTP id 5b1f17b1804b1-4013454fa93so28875295e9.0 for ; Mon, 28 Aug 2023 08:09:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1693235354; x=1693840154; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QXssY8R3UfI51/fzerFRXliKac0QknXs4XkU/07pT5E=; b=TXgobUHzdy1/oc00DCkfPuEhJu9AWsZDH7ItfMlZ9px/6av7xSZfC0WrjhZ16H5vnH +BXZsUMOLMGBNanD+Ods+R3MJffoWBq5sR8yyAUkuszZbSoBMR1IFcOLTFENcXg98b7t Yahy0kl0OhvBiWJFAmjSAeDAGABOGBOn3jPxs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693235354; x=1693840154; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QXssY8R3UfI51/fzerFRXliKac0QknXs4XkU/07pT5E=; b=CEjxxbfcbIMn7C4ZcVN33X1Y4/5avd/9S/7OE+djoLG3TdQkj4Lo2unoRGVRagR73A vrOU5HLH2I3Ggk4ok+dYiS5rULVXjLcK8U2G7OAajVnRDAHJSPQIhlsv9OpfVKGoWcrI qvJJuMU3BtBhZD8Mgk84hRlSy5PQ0wgb59XvoCAv95CmkXgCRCW/pIcTfmcJna/GRXPM 0zcDxZKJ2RMy6HhPBTcS1WtUpZiUSqW8tmLziXb8gH/9TIhsdnDT0vnx3ckklEoBhUZ+ 0YbkyJo3jW0gDLj3HRWq6HM8GjE/JMx44DFHMIKr/mkT1Hc9y6jZrP59pHMaeLz49UsA UgwQ== X-Gm-Message-State: AOJu0YxTgJiRkMk0JcDd3nyniu3akR+GrpYK5sN0/eHxaCAdoUai8xGH KHHijQ2NuhgYdFKmWcPF8of3PR/sjsvvP5nAR/M= X-Google-Smtp-Source: AGHT+IGqMEI1E4b+HWptK+/EKjF7xI4VmzXlfBLXmqDJvfgj+65VugBjpc0Hy94kYyiGhQQdqXzgkQ== X-Received: by 2002:a1c:7508:0:b0:3fb:739d:27b2 with SMTP id o8-20020a1c7508000000b003fb739d27b2mr19489637wmc.8.1693235354252; Mon, 28 Aug 2023 08:09:14 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:40c6:6cff:63b:c70a]) by smtp.gmail.com with ESMTPSA id v3-20020a5d43c3000000b003140fff4f75sm10730522wrr.17.2023.08.28.08.09.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Aug 2023 08:09:13 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com, ayush.jain3@amd.com, Florent Revest Subject: [PATCH v4 5/6] mm: Add a NO_INHERIT flag to the PR_SET_MDWE prctl Date: Mon, 28 Aug 2023 17:08:57 +0200 Message-ID: <20230828150858.393570-6-revest@chromium.org> X-Mailer: git-send-email 2.42.0.rc2.253.gd59a3bf2b4-goog In-Reply-To: <20230828150858.393570-1-revest@chromium.org> References: <20230828150858.393570-1-revest@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This extends the current PR_SET_MDWE prctl arg with a bit to indicate that the process doesn't want MDWE protection to propagate to children. To implement this no-inherit mode, the tag in current->mm->flags must be absent from MMF_INIT_MASK. This means that the encoding for "MDWE but without inherit" is different in the prctl than in the mm flags. This leads to a bit of bit-mangling in the prctl implementation. Reviewed-by: Kees Cook Reviewed-by: Catalin Marinas Signed-off-by: Florent Revest --- include/linux/sched/coredump.h | 10 ++++++++++ include/uapi/linux/prctl.h | 1 + kernel/fork.c | 2 +- kernel/sys.c | 32 ++++++++++++++++++++++++++------ tools/include/uapi/linux/prctl.h | 1 + 5 files changed, 39 insertions(+), 7 deletions(-) diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h index 0ee96ea7a0e9..1b37fa8fc723 100644 --- a/include/linux/sched/coredump.h +++ b/include/linux/sched/coredump.h @@ -91,4 +91,14 @@ static inline int get_dumpable(struct mm_struct *mm) MMF_DISABLE_THP_MASK | MMF_HAS_MDWE_MASK) =20 #define MMF_VM_MERGE_ANY 29 +#define MMF_HAS_MDWE_NO_INHERIT 30 + +static inline unsigned long mmf_init_flags(unsigned long flags) +{ + if (flags & (1UL << MMF_HAS_MDWE_NO_INHERIT)) + flags &=3D ~((1UL << MMF_HAS_MDWE) | + (1UL << MMF_HAS_MDWE_NO_INHERIT)); + return flags & MMF_INIT_MASK; +} + #endif /* _LINUX_SCHED_COREDUMP_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 9a85c69782bd..370ed14b1ae0 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -284,6 +284,7 @@ struct prctl_mm_map { /* Memory deny write / execute */ #define PR_SET_MDWE 65 # define PR_MDWE_REFUSE_EXEC_GAIN (1UL << 0) +# define PR_MDWE_NO_INHERIT (1UL << 1) =20 #define PR_GET_MDWE 66 =20 diff --git a/kernel/fork.c b/kernel/fork.c index 7b8b63fb0438..9da5a1192c98 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1285,7 +1285,7 @@ static struct mm_struct *mm_init(struct mm_struct *mm= , struct task_struct *p, hugetlb_count_init(mm); =20 if (current->mm) { - mm->flags =3D current->mm->flags & MMF_INIT_MASK; + mm->flags =3D mmf_init_flags(current->mm->flags); mm->def_flags =3D current->mm->def_flags & VM_INIT_DEF_MASK; } else { mm->flags =3D default_dump_filter; diff --git a/kernel/sys.c b/kernel/sys.c index 2410e3999ebe..4a8073c1b255 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2368,19 +2368,41 @@ static int prctl_set_vma(unsigned long opt, unsigne= d long start, } #endif /* CONFIG_ANON_VMA_NAME */ =20 +static inline unsigned long get_current_mdwe(void) +{ + unsigned long ret =3D 0; + + if (test_bit(MMF_HAS_MDWE, ¤t->mm->flags)) + ret |=3D PR_MDWE_REFUSE_EXEC_GAIN; + if (test_bit(MMF_HAS_MDWE_NO_INHERIT, ¤t->mm->flags)) + ret |=3D PR_MDWE_NO_INHERIT; + + return ret; +} + static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3, unsigned long arg4, unsigned long arg5) { + unsigned long current_bits; + if (arg3 || arg4 || arg5) return -EINVAL; =20 - if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN)) + if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT)) + return -EINVAL; + + /* NO_INHERIT only makes sense with REFUSE_EXEC_GAIN */ + if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN)) return -EINVAL; =20 + current_bits =3D get_current_mdwe(); + if (current_bits && current_bits !=3D bits) + return -EPERM; /* Cannot unset the flags */ + + if (bits & PR_MDWE_NO_INHERIT) + set_bit(MMF_HAS_MDWE_NO_INHERIT, ¤t->mm->flags); if (bits & PR_MDWE_REFUSE_EXEC_GAIN) set_bit(MMF_HAS_MDWE, ¤t->mm->flags); - else if (test_bit(MMF_HAS_MDWE, ¤t->mm->flags)) - return -EPERM; /* Cannot unset the flag */ =20 return 0; } @@ -2390,9 +2412,7 @@ static inline int prctl_get_mdwe(unsigned long arg2, = unsigned long arg3, { if (arg2 || arg3 || arg4 || arg5) return -EINVAL; - - return test_bit(MMF_HAS_MDWE, ¤t->mm->flags) ? - PR_MDWE_REFUSE_EXEC_GAIN : 0; + return get_current_mdwe(); } =20 static int prctl_get_auxv(void __user *addr, unsigned long len) diff --git a/tools/include/uapi/linux/prctl.h b/tools/include/uapi/linux/pr= ctl.h index 9a85c69782bd..370ed14b1ae0 100644 --- a/tools/include/uapi/linux/prctl.h +++ b/tools/include/uapi/linux/prctl.h @@ -284,6 +284,7 @@ struct prctl_mm_map { /* Memory deny write / execute */ #define PR_SET_MDWE 65 # define PR_MDWE_REFUSE_EXEC_GAIN (1UL << 0) +# define PR_MDWE_NO_INHERIT (1UL << 1) =20 #define PR_GET_MDWE 66 =20 --=20 2.42.0.rc2.253.gd59a3bf2b4-goog From nobody Thu Dec 18 16:35:54 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41242C83F1C for ; Mon, 28 Aug 2023 15:10:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232517AbjH1PJp (ORCPT ); Mon, 28 Aug 2023 11:09:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49378 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232477AbjH1PJX (ORCPT ); Mon, 28 Aug 2023 11:09:23 -0400 Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 134D0EA for ; Mon, 28 Aug 2023 08:09:18 -0700 (PDT) Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-401ceda85cdso4861735e9.1 for ; Mon, 28 Aug 2023 08:09:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1693235356; x=1693840156; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gkrzJ6nrXmVMKGdRpiGhMw2iKfFp7Za5H8zwt1x/uYE=; b=Gcfsc20eRAp56OKEVtMEAhiDJbVxd/eH0D9DHi7azczCvXZzjwAaYRmxarKUIMR+vQ 2XanoZWuX5BE9LnjXukHoeIX3vcDykgOXzBvFzYHi1NfOQfyLIgn3bbw3Ck9WAwB0Isi 39eyQXmVEHzX3V6dpy2y9FTf1Yo/Bpgl5L9hw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693235356; x=1693840156; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gkrzJ6nrXmVMKGdRpiGhMw2iKfFp7Za5H8zwt1x/uYE=; b=EHUyJxKaYnwhyMXVr8F2T+yYGSwbIelcDDITzXIzL6ziLVI4gcTy1n4cxMaD7f/iSv IqV4XmVnGxEDhEw260dAgbkfLSR2L+3sHeHMDZXyT0/XPB1ot89IZmXs3kH3sITk0MAh DZcK7AOqa8e+3/oV2nW5HTBwC1oH5OJrCeVBY6m4cFsklKYogb+ovTbj3cuX2xNY0Oui h3iOgLtYeIJr5T2chHHr3vX7Rdjg6khgBUh/0FurWZ65+UPePlu4Wn6W9n71s715qx4E 1dMuT7FExZJjQAefZvPwQ5zOS5MqOJSDPTGCgro4c+a9CkVh/Y8QNWxc2iWY61i1sSp2 mQqw== X-Gm-Message-State: AOJu0YwdlL1Wj8AU+9m2UXcbc+Tqrf4ZWTqHmBOid1Ji7ssHXA1AA09m qVLmio6cvOcy3HOqgiIRmnZ4c4hL7UesIUbk5i0= X-Google-Smtp-Source: AGHT+IFPERDSa8GnxhdBv9hLnJGAV2jLF6UJnAF68SaqVArOPcEFQgITwMNi2q83UONR6SeCgjDrOA== X-Received: by 2002:a7b:ce91:0:b0:401:4542:5edf with SMTP id q17-20020a7bce91000000b0040145425edfmr9094986wmj.0.1693235356077; Mon, 28 Aug 2023 08:09:16 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:40c6:6cff:63b:c70a]) by smtp.gmail.com with ESMTPSA id v3-20020a5d43c3000000b003140fff4f75sm10730522wrr.17.2023.08.28.08.09.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Aug 2023 08:09:15 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com, ayush.jain3@amd.com, Florent Revest Subject: [PATCH v4 6/6] kselftest: vm: Add tests for no-inherit memory-deny-write-execute Date: Mon, 28 Aug 2023 17:08:58 +0200 Message-ID: <20230828150858.393570-7-revest@chromium.org> X-Mailer: git-send-email 2.42.0.rc2.253.gd59a3bf2b4-goog In-Reply-To: <20230828150858.393570-1-revest@chromium.org> References: <20230828150858.393570-1-revest@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Add some tests to cover the new PR_MDWE_NO_INHERIT flag of the PR_SET_MDWE prctl. Check that: - it can't be set without PR_SET_MDWE - MDWE flags can't be unset - when set, PR_SET_MDWE doesn't propagate to children Acked-by: Catalin Marinas Signed-off-by: Florent Revest Reviewed-by: Kees Cook --- tools/testing/selftests/mm/mdwe_test.c | 114 +++++++++++++++++++++++-- 1 file changed, 108 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftes= ts/mm/mdwe_test.c index 1b84cf8e1bbe..200bedcdc32e 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -22,6 +22,9 @@ =20 TEST(prctl_flags) { + EXPECT_LT(prctl(PR_SET_MDWE, PR_MDWE_NO_INHERIT, 0L, 0L, 7L), 0); + EXPECT_EQ(errno, EINVAL); + EXPECT_LT(prctl(PR_SET_MDWE, 7L, 0L, 0L, 0L), 0); EXPECT_EQ(errno, EINVAL); EXPECT_LT(prctl(PR_SET_MDWE, 0L, 7L, 0L, 0L), 0); @@ -41,6 +44,84 @@ TEST(prctl_flags) EXPECT_EQ(errno, EINVAL); } =20 +FIXTURE(consecutive_prctl_flags) {}; +FIXTURE_SETUP(consecutive_prctl_flags) {} +FIXTURE_TEARDOWN(consecutive_prctl_flags) {} + +FIXTURE_VARIANT(consecutive_prctl_flags) +{ + unsigned long first_flags; + unsigned long second_flags; + bool should_work; +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, can_keep_no_flags) +{ + .first_flags =3D 0, + .second_flags =3D 0, + .should_work =3D true, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, can_keep_exec_gain) +{ + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, + .second_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, + .should_work =3D true, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, can_keep_both_flags) +{ + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .second_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .should_work =3D true, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_mdwe) +{ + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, + .second_flags =3D 0, + .should_work =3D false, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_mdwe_no_inherit) +{ + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .second_flags =3D 0, + .should_work =3D false, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_no_inherit) +{ + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .second_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, + .should_work =3D false, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_enable_no_inherit) +{ + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, + .second_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .should_work =3D false, +}; + +TEST_F(consecutive_prctl_flags, two_prctls) +{ + int ret; + + EXPECT_EQ(prctl(PR_SET_MDWE, variant->first_flags, 0L, 0L, 0L), 0); + + ret =3D prctl(PR_SET_MDWE, variant->second_flags, 0L, 0L, 0L); + if (variant->should_work) { + EXPECT_EQ(ret, 0); + + ret =3D prctl(PR_GET_MDWE, 0L, 0L, 0L, 0L); + ASSERT_EQ(ret, variant->second_flags); + } else { + EXPECT_NE(ret, 0); + ASSERT_EQ(errno, EPERM); + } +} + FIXTURE(mdwe) { void *p; @@ -53,28 +134,45 @@ FIXTURE_VARIANT(mdwe) { bool enabled; bool forked; + bool inherit; }; =20 FIXTURE_VARIANT_ADD(mdwe, stock) { .enabled =3D false, .forked =3D false, + .inherit =3D false, }; =20 FIXTURE_VARIANT_ADD(mdwe, enabled) { .enabled =3D true, .forked =3D false, + .inherit =3D true, }; =20 -FIXTURE_VARIANT_ADD(mdwe, forked) +FIXTURE_VARIANT_ADD(mdwe, inherited) { .enabled =3D true, .forked =3D true, + .inherit =3D true, }; =20 +FIXTURE_VARIANT_ADD(mdwe, not_inherited) +{ + .enabled =3D true, + .forked =3D true, + .inherit =3D false, +}; + +static bool executable_map_should_fail(const FIXTURE_VARIANT(mdwe) *varian= t) +{ + return variant->enabled && (!variant->forked || variant->inherit); +} + FIXTURE_SETUP(mdwe) { + unsigned long mdwe_flags; int ret, status; =20 self->p =3D NULL; @@ -84,13 +182,17 @@ FIXTURE_SETUP(mdwe) if (!variant->enabled) return; =20 - ret =3D prctl(PR_SET_MDWE, PR_MDWE_REFUSE_EXEC_GAIN, 0L, 0L, 0L); + mdwe_flags =3D PR_MDWE_REFUSE_EXEC_GAIN; + if (!variant->inherit) + mdwe_flags |=3D PR_MDWE_NO_INHERIT; + + ret =3D prctl(PR_SET_MDWE, mdwe_flags, 0L, 0L, 0L); ASSERT_EQ(ret, 0) { TH_LOG("PR_SET_MDWE failed or unsupported"); } =20 ret =3D prctl(PR_GET_MDWE, 0L, 0L, 0L, 0L); - ASSERT_EQ(ret, 1); + ASSERT_EQ(ret, mdwe_flags); =20 if (variant->forked) { self->pid =3D fork(); @@ -121,7 +223,7 @@ TEST_F(mdwe, mmap_READ_EXEC) TEST_F(mdwe, mmap_WRITE_EXEC) { self->p =3D mmap(NULL, self->size, PROT_WRITE | PROT_EXEC, self->flags, 0= , 0); - if (variant->enabled) { + if (executable_map_should_fail(variant)) { EXPECT_EQ(self->p, MAP_FAILED); } else { EXPECT_NE(self->p, MAP_FAILED); @@ -147,7 +249,7 @@ TEST_F(mdwe, mprotect_add_EXEC) ASSERT_NE(self->p, MAP_FAILED); =20 ret =3D mprotect(self->p, self->size, PROT_READ | PROT_EXEC); - if (variant->enabled) { + if (executable_map_should_fail(variant)) { EXPECT_LT(ret, 0); } else { EXPECT_EQ(ret, 0); @@ -162,7 +264,7 @@ TEST_F(mdwe, mprotect_WRITE_EXEC) ASSERT_NE(self->p, MAP_FAILED); =20 ret =3D mprotect(self->p, self->size, PROT_WRITE | PROT_EXEC); - if (variant->enabled) { + if (executable_map_should_fail(variant)) { EXPECT_LT(ret, 0); } else { EXPECT_EQ(ret, 0); --=20 2.42.0.rc2.253.gd59a3bf2b4-goog