lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 3 Nov 2017 16:59:31 -0700
From:   Mike Kravetz <mike.kravetz@...cle.com>
To:     Marc-André Lureau <marcandre.lureau@...hat.com>,
        linux-mm@...ck.org, linux-kernel@...r.kernel.org
Cc:     aarcange@...hat.com, hughd@...gle.com, nyc@...omorphy.com
Subject: Re: [PATCH 6/6] memfd-tests: test hugetlbfs sealing

On 10/31/2017 11:40 AM, Marc-André Lureau wrote:
> Remove most of the special-casing of hugetlbfs now that sealing
> is supported.

The changes below look fine.  Just a couple issues.

While discussing patch 4 with David, I realized that we should modify/expand
the fuse seals test to also verify proper functionality with hugetlbfs.  I
think this is a requirement.

The output of run_tests.sh looks something like:
opening: ./mnt/memfd
fuse: DONE
memfd: CREATE
memfd: BASIC
memfd: SEAL-WRITE
memfd: SEAL-SHRINK
memfd: SEAL-GROW
memfd: SEAL-RESIZE
memfd: SHARE-DUP 
memfd: SHARE-MMAP 
memfd: SHARE-OPEN 
memfd: SHARE-FORK 
memfd: SHARE-DUP (shared file-table)
memfd: SHARE-MMAP (shared file-table)
memfd: SHARE-OPEN (shared file-table)
memfd: SHARE-FORK (shared file-table)
memfd: DONE
memfd: CREATE
memfd: BASIC
memfd: SEAL-WRITE
memfd: SEAL-SHRINK
memfd: SEAL-GROW
memfd: SEAL-RESIZE
memfd: SHARE-DUP 
memfd: SHARE-MMAP 
memfd: SHARE-OPEN 
memfd: SHARE-FORK 
memfd: SHARE-DUP (shared file-table)
memfd: SHARE-MMAP (shared file-table)
memfd: SHARE-OPEN (shared file-table)
memfd: SHARE-FORK (shared file-table)
memfd: DONE

It might be nice to distinguish testing of tmpfs and hugetlbfs.  The
string '#define MEMFD_STR "memfd:"' is prepended to the output lines.
Perhaps we could do something like:
#define MEMFD_STR       "memfd:"
#define MEMFD_HUGE_STR	"memfd-hugetlb"
char *memfd_str;

and then in main,
if (hugetlbfs_test)
	memfd_str = MEMFD_HUGE_STR;
else
	memfd_str = MEMFD_STR;

then prepend output strings with memfd_str.

This is just a suggestion and optional.

-- 
Mike Kravetz

> 
> Signed-off-by: Marc-André Lureau <marcandre.lureau@...hat.com>
> ---
>  tools/testing/selftests/memfd/memfd_test.c | 150 +++--------------------------
>  1 file changed, 15 insertions(+), 135 deletions(-)
> 
> diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c
> index f94c6d1fb46f..f5028f800107 100644
> --- a/tools/testing/selftests/memfd/memfd_test.c
> +++ b/tools/testing/selftests/memfd/memfd_test.c
> @@ -512,6 +512,10 @@ static void mfd_assert_grow_write(int fd)
>  	static char *buf;
>  	ssize_t l;
>  
> +	/* hugetlbfs does not support write */
> +	if (hugetlbfs_test)
> +		return;
> +
>  	buf = malloc(mfd_def_size * 8);
>  	if (!buf) {
>  		printf("malloc(%d) failed: %m\n", mfd_def_size * 8);
> @@ -532,6 +536,10 @@ static void mfd_fail_grow_write(int fd)
>  	static char *buf;
>  	ssize_t l;
>  
> +	/* hugetlbfs does not support write */
> +	if (hugetlbfs_test)
> +		return;
> +
>  	buf = malloc(mfd_def_size * 8);
>  	if (!buf) {
>  		printf("malloc(%d) failed: %m\n", mfd_def_size * 8);
> @@ -626,18 +634,13 @@ static void test_create(void)
>  	fd = mfd_assert_new("", 0, MFD_CLOEXEC);
>  	close(fd);
>  
> -	if (!hugetlbfs_test) {
> -		/* verify MFD_ALLOW_SEALING is allowed */
> -		fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING);
> -		close(fd);
> -
> -		/* verify MFD_ALLOW_SEALING | MFD_CLOEXEC is allowed */
> -		fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING | MFD_CLOEXEC);
> -		close(fd);
> -	} else {
> -		/* sealing is not supported on hugetlbfs */
> -		mfd_fail_new("", MFD_ALLOW_SEALING);
> -	}
> +	/* verify MFD_ALLOW_SEALING is allowed */
> +	fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING);
> +	close(fd);
> +
> +	/* verify MFD_ALLOW_SEALING | MFD_CLOEXEC is allowed */
> +	fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING | MFD_CLOEXEC);
> +	close(fd);
>  }
>  
>  /*
> @@ -648,10 +651,6 @@ static void test_basic(void)
>  {
>  	int fd;
>  
> -	/* hugetlbfs does not contain sealing support */
> -	if (hugetlbfs_test)
> -		return;
> -
>  	printf("%s BASIC\n", MEMFD_STR);
>  
>  	fd = mfd_assert_new("kern_memfd_basic",
> @@ -696,28 +695,6 @@ static void test_basic(void)
>  	close(fd);
>  }
>  
> -/*
> - * hugetlbfs doesn't support seals or write, so just verify grow and shrink
> - * on a hugetlbfs file created via memfd_create.
> - */
> -static void test_hugetlbfs_grow_shrink(void)
> -{
> -	int fd;
> -
> -	printf("%s HUGETLBFS-GROW-SHRINK\n", MEMFD_STR);
> -
> -	fd = mfd_assert_new("kern_memfd_seal_write",
> -			    mfd_def_size,
> -			    MFD_CLOEXEC);
> -
> -	mfd_assert_read(fd);
> -	mfd_assert_write(fd);
> -	mfd_assert_shrink(fd);
> -	mfd_assert_grow(fd);
> -
> -	close(fd);
> -}
> -
>  /*
>   * Test SEAL_WRITE
>   * Test whether SEAL_WRITE actually prevents modifications.
> @@ -726,13 +703,6 @@ static void test_seal_write(void)
>  {
>  	int fd;
>  
> -	/*
> -	 * hugetlbfs does not contain sealing or write support.  Just test
> -	 * basic grow and shrink via test_hugetlbfs_grow_shrink.
> -	 */
> -	if (hugetlbfs_test)
> -		return test_hugetlbfs_grow_shrink();
> -
>  	printf("%s SEAL-WRITE\n", MEMFD_STR);
>  
>  	fd = mfd_assert_new("kern_memfd_seal_write",
> @@ -759,10 +729,6 @@ static void test_seal_shrink(void)
>  {
>  	int fd;
>  
> -	/* hugetlbfs does not contain sealing support */
> -	if (hugetlbfs_test)
> -		return;
> -
>  	printf("%s SEAL-SHRINK\n", MEMFD_STR);
>  
>  	fd = mfd_assert_new("kern_memfd_seal_shrink",
> @@ -789,10 +755,6 @@ static void test_seal_grow(void)
>  {
>  	int fd;
>  
> -	/* hugetlbfs does not contain sealing support */
> -	if (hugetlbfs_test)
> -		return;
> -
>  	printf("%s SEAL-GROW\n", MEMFD_STR);
>  
>  	fd = mfd_assert_new("kern_memfd_seal_grow",
> @@ -819,10 +781,6 @@ static void test_seal_resize(void)
>  {
>  	int fd;
>  
> -	/* hugetlbfs does not contain sealing support */
> -	if (hugetlbfs_test)
> -		return;
> -
>  	printf("%s SEAL-RESIZE\n", MEMFD_STR);
>  
>  	fd = mfd_assert_new("kern_memfd_seal_resize",
> @@ -841,32 +799,6 @@ static void test_seal_resize(void)
>  	close(fd);
>  }
>  
> -/*
> - * hugetlbfs does not support seals.  Basic test to dup the memfd created
> - * fd and perform some basic operations on it.
> - */
> -static void hugetlbfs_dup(char *b_suffix)
> -{
> -	int fd, fd2;
> -
> -	printf("%s HUGETLBFS-DUP %s\n", MEMFD_STR, b_suffix);
> -
> -	fd = mfd_assert_new("kern_memfd_share_dup",
> -			    mfd_def_size,
> -			    MFD_CLOEXEC);
> -
> -	fd2 = mfd_assert_dup(fd);
> -
> -	mfd_assert_read(fd);
> -	mfd_assert_write(fd);
> -
> -	mfd_assert_shrink(fd2);
> -	mfd_assert_grow(fd2);
> -
> -	close(fd2);
> -	close(fd);
> -}
> -
>  /*
>   * Test sharing via dup()
>   * Test that seals are shared between dupped FDs and they're all equal.
> @@ -875,15 +807,6 @@ static void test_share_dup(char *banner, char *b_suffix)
>  {
>  	int fd, fd2;
>  
> -	/*
> -	 * hugetlbfs does not contain sealing support.  Perform some
> -	 * basic testing on dup'ed fd instead via hugetlbfs_dup.
> -	 */
> -	if (hugetlbfs_test) {
> -		hugetlbfs_dup(b_suffix);
> -		return;
> -	}
> -
>  	printf("%s %s %s\n", MEMFD_STR, banner, b_suffix);
>  
>  	fd = mfd_assert_new("kern_memfd_share_dup",
> @@ -926,10 +849,6 @@ static void test_share_mmap(char *banner, char *b_suffix)
>  	int fd;
>  	void *p;
>  
> -	/* hugetlbfs does not contain sealing support */
> -	if (hugetlbfs_test)
> -		return;
> -
>  	printf("%s %s %s\n", MEMFD_STR,  banner, b_suffix);
>  
>  	fd = mfd_assert_new("kern_memfd_share_mmap",
> @@ -954,32 +873,6 @@ static void test_share_mmap(char *banner, char *b_suffix)
>  	close(fd);
>  }
>  
> -/*
> - * Basic test to make sure we can open the hugetlbfs fd via /proc and
> - * perform some simple operations on it.
> - */
> -static void hugetlbfs_proc_open(char *b_suffix)
> -{
> -	int fd, fd2;
> -
> -	printf("%s HUGETLBFS-PROC-OPEN %s\n", MEMFD_STR, b_suffix);
> -
> -	fd = mfd_assert_new("kern_memfd_share_open",
> -			    mfd_def_size,
> -			    MFD_CLOEXEC);
> -
> -	fd2 = mfd_assert_open(fd, O_RDWR, 0);
> -
> -	mfd_assert_read(fd);
> -	mfd_assert_write(fd);
> -
> -	mfd_assert_shrink(fd2);
> -	mfd_assert_grow(fd2);
> -
> -	close(fd2);
> -	close(fd);
> -}
> -
>  /*
>   * Test sealing with open(/proc/self/fd/%d)
>   * Via /proc we can get access to a separate file-context for the same memfd.
> @@ -990,15 +883,6 @@ static void test_share_open(char *banner, char *b_suffix)
>  {
>  	int fd, fd2;
>  
> -	/*
> -	 * hugetlbfs does not contain sealing support.  So test basic
> -	 * functionality of using /proc fd via hugetlbfs_proc_open
> -	 */
> -	if (hugetlbfs_test) {
> -		hugetlbfs_proc_open(b_suffix);
> -		return;
> -	}
> -
>  	printf("%s %s %s\n", MEMFD_STR, banner, b_suffix);
>  
>  	fd = mfd_assert_new("kern_memfd_share_open",
> @@ -1042,10 +926,6 @@ static void test_share_fork(char *banner, char *b_suffix)
>  	int fd;
>  	pid_t pid;
>  
> -	/* hugetlbfs does not contain sealing support */
> -	if (hugetlbfs_test)
> -		return;
> -
>  	printf("%s %s %s\n", MEMFD_STR, banner, b_suffix);
>  
>  	fd = mfd_assert_new("kern_memfd_share_fork",
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ