[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20221026150457.36957-3-joey.gouly@arm.com>
Date: Wed, 26 Oct 2022 16:04:57 +0100
From: Joey Gouly <joey.gouly@....com>
To: Catalin Marinas <catalin.marinas@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Lennart Poettering <lennart@...ttering.net>,
Zbigniew Jędrzejewski-Szmek <zbyszek@...waw.pl>
CC: Alexander Viro <viro@...iv.linux.org.uk>,
Kees Cook <keescook@...omium.org>,
Szabolcs Nagy <szabolcs.nagy@....com>,
Mark Brown <broonie@...nel.org>,
Jeremy Linton <jeremy.linton@....com>,
Topi Miettinen <toiwoton@...il.com>, <linux-mm@...ck.org>,
<linux-arm-kernel@...ts.infradead.org>,
<linux-kernel@...r.kernel.org>,
<linux-abi-devel@...ts.sourceforge.net>, <nd@....com>,
<joey.gouly@....com>, <shuah@...nel.org>
Subject: [PATCH v1 2/2] kselftest: vm: add tests for memory-deny-write-execute
Add some tests to cover the new PR_SET_MDWE prctl.
Signed-off-by: Joey Gouly <joey.gouly@....com>
Cc: Shuah Khan <shuah@...nel.org>
---
tools/testing/selftests/vm/mdwe_test.c | 194 +++++++++++++++++++++++++
1 file changed, 194 insertions(+)
create mode 100644 tools/testing/selftests/vm/mdwe_test.c
diff --git a/tools/testing/selftests/vm/mdwe_test.c b/tools/testing/selftests/vm/mdwe_test.c
new file mode 100644
index 000000000000..67f3fc06d069
--- /dev/null
+++ b/tools/testing/selftests/vm/mdwe_test.c
@@ -0,0 +1,194 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <asm/hwcap.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/auxv.h>
+#include <sys/mman.h>
+#include <sys/prctl.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#include <linux/prctl.h>
+
+#include "../kselftest.h"
+
+#define PR_SET_MDWE 65
+# define PR_MDWE_FLAG_MMAP 1
+
+#define PR_GET_MDWE 66
+
+#ifdef __aarch64__
+#define PROT_BTI 0x10 /* BTI guarded page */
+#endif
+
+#define TEST1 "mmap(PROT_WRITE | PROT_EXEC)\n"
+#define TEST2 "mmap(PROT_WRITE); mprotect(PROT_EXEC)\n"
+#define TEST3 "mmap(PROT_EXEC); mprotect(PROT_EXEC | PROT_READ)\n"
+#define TEST4 "mmap(PROT_EXEC); mprotect(PROT_EXEC | PROT_BTI)\n"
+
+int fork_test(int (*func)(int))
+{
+ pid_t pid;
+ int status;
+
+ pid = fork();
+ if (pid < 0) {
+ printf("fork failed\n");
+ return KSFT_FAIL;
+ }
+
+ if (pid == 0)
+ exit(func(1));
+
+ waitpid(pid, &status, 0);
+
+ if (WIFEXITED(status))
+ return WEXITSTATUS(status);
+
+ return 0;
+}
+
+static inline void test_result(int err, const char *msg)
+{
+ switch (err) {
+ case KSFT_PASS:
+ ksft_test_result_pass(msg);
+ break;
+ case KSFT_FAIL:
+ ksft_test_result_fail(msg);
+ break;
+ case KSFT_SKIP:
+ ksft_test_result_skip(msg);
+ break;
+ default:
+ ksft_test_result_error("Unknown return code %d from %s",
+ err, msg);
+ break;
+ }
+}
+
+int test1(int mdwe_enabled)
+{
+ void *p;
+
+ int size = getpagesize();
+ int mmap_flags = MAP_SHARED | MAP_ANONYMOUS;
+
+ p = mmap(0, size, PROT_WRITE | PROT_EXEC, mmap_flags, 0, 0);
+
+ if (mdwe_enabled)
+ return p == MAP_FAILED ? KSFT_PASS : KSFT_FAIL;
+ else
+ return p != MAP_FAILED ? KSFT_PASS : KSFT_FAIL;
+}
+
+int test2(int mdwe_enabled)
+{
+ void *p;
+ int ret;
+
+ int size = getpagesize();
+ int mmap_flags = MAP_SHARED | MAP_ANONYMOUS;
+
+ p = mmap(0, size, PROT_WRITE, mmap_flags, 0, 0);
+ if (p == MAP_FAILED)
+ return 0;
+ ret = mprotect(p, size, PROT_EXEC);
+
+ if (mdwe_enabled)
+ return ret < 0 ? KSFT_PASS : KSFT_FAIL;
+ else
+ return ret == 0 ? KSFT_PASS : KSFT_FAIL;
+}
+
+int test3(int mdwe_enabled)
+{
+ void *p;
+ int ret;
+
+ int size = getpagesize();
+ int mmap_flags = MAP_SHARED | MAP_ANONYMOUS;
+
+ p = mmap(0, size, PROT_EXEC, mmap_flags, 0, 0);
+ if (p == MAP_FAILED)
+ return 0;
+
+ ret = mprotect(p, size, PROT_EXEC | PROT_READ);
+
+ return ret == 0 ? KSFT_PASS : KSFT_FAIL;
+}
+
+#ifdef __aarch64__
+int test4(int mdwe_enabled)
+{
+ void *p;
+ int ret;
+
+ int size = getpagesize();
+ int mmap_flags = MAP_SHARED | MAP_ANONYMOUS;
+
+ if (!(getauxval(AT_HWCAP2) & HWCAP2_BTI))
+ return KSFT_SKIP;
+
+ p = mmap(0, size, PROT_EXEC, mmap_flags, 0, 0);
+ if (p == MAP_FAILED)
+ return KSFT_FAIL;
+
+ ret = mprotect(p, size, PROT_EXEC | PROT_BTI);
+
+ return ret == 0 ? KSFT_PASS : KSFT_FAIL;
+}
+#endif
+
+int main(void)
+{
+ int ret;
+
+ ksft_print_header();
+#ifdef __aarch64__
+ ksft_set_plan(12);
+#else
+ ksft_set_plan(9);
+#endif
+
+ // First run the tests without MDWE
+ test_result(test1(0), TEST1);
+ test_result(test2(0), TEST2);
+ test_result(test3(0), TEST3);
+#ifdef __aarch64__
+ test_result(test4(0), TEST4);
+#endif
+
+ // Enable MDWE and then run the tests again.
+ ret = prctl(PR_SET_MDWE, PR_MDWE_FLAG_MMAP, 0, 0, 0);
+ if (ret < 0) {
+ ksft_print_msg("PR_SET_MDWE failed or unsupported!\n");
+ goto exit;
+ }
+
+ ret = prctl(PR_GET_MDWE, PR_MDWE_FLAG_MMAP, 0, 0, 0);
+ if (ret == 0)
+ ksft_exit_fail_msg("PR_GET_MDWE failed!");
+
+ test_result(test1(1), "MDWE: " TEST1);
+ test_result(test2(1), "MDWE: " TEST2);
+ test_result(test3(1), "MDWE: " TEST3);
+#ifdef __aarch64__
+ test_result(test4(1), "MDWE: " TEST4);
+#endif
+
+ // Verify the MDWE setting is transferred when fork()ing
+ test_result(fork_test(test1), "MDWE+fork: " TEST1);
+ test_result(fork_test(test2), "MDWE+fork: " TEST2);
+ test_result(fork_test(test3), "MDWE+fork: " TEST3);
+#ifdef __aarch64__
+ test_result(fork_test(test4), "MDWE+fork: " TEST4);
+#endif
+
+exit:
+ ksft_finished();
+
+ return 0;
+}
+
--
2.17.1
Powered by blists - more mailing lists