lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Nov 2022 17:33:03 +0000 From: Joey Gouly <joey.gouly@....com> To: Mark Brown <broonie@...nel.org> CC: Catalin Marinas <catalin.marinas@....com>, Andrew Morton <akpm@...ux-foundation.org>, Lennart Poettering <lennart@...ttering.net>, Zbigniew Jędrzejewski-Szmek <zbyszek@...waw.pl>, "Alexander Viro" <viro@...iv.linux.org.uk>, Kees Cook <keescook@...omium.org>, "Szabolcs Nagy" <szabolcs.nagy@....com>, Jeremy Linton <jeremy.linton@....com>, "Topi Miettinen" <toiwoton@...il.com>, <linux-mm@...ck.org>, <linux-arm-kernel@...ts.infradead.org>, <linux-kernel@...r.kernel.org>, <linux-abi-devel@...ts.sourceforge.net>, <nd@....com>, <shuah@...nel.org> Subject: Re: [PATCH v1 2/2] kselftest: vm: add tests for memory-deny-write-execute Hi, On Fri, Oct 28, 2022 at 06:03:18PM +0100, Mark Brown wrote: > On Wed, Oct 26, 2022 at 04:04:57PM +0100, Joey Gouly wrote: > > > Add some tests to cover the new PR_SET_MDWE prctl. > > Some comments below but they're all stylistic and let's not make perfect > be the enemy of the good here so > > Reviewed-by: Mark Brown <broonie@...nel.org> Thanks for the review, however I won't keep your R-b tag because I'm going to move forward with Kees' approach from: https://lore.kernel.org/linux-arm-kernel/202210281314.C5D3414722@keescook/T/#m45ac9de6c205b560d072a65e4e67e2a7ee363588 Thanks to Kees for rewriting that. > > and we can iterate later rather than blocking anything on the testcase. > > > +#ifdef __aarch64__ > > +#define PROT_BTI 0x10 /* BTI guarded page */ > > +#endif > > We should get this from the kernel headers shouldn't we? We generally > rely on things getting pulled in from there rather than locally > defining. I believe the mman.h included is from the toolchain, not the kernel's uapi headers. The toolchain I was using didn't have PROT_BTI defined in its mman.h > > > +#define TEST1 "mmap(PROT_WRITE | PROT_EXEC)\n" > > +#define TEST2 "mmap(PROT_WRITE); mprotect(PROT_EXEC)\n" > > +#define TEST3 "mmap(PROT_EXEC); mprotect(PROT_EXEC | PROT_READ)\n" > > +#define TEST4 "mmap(PROT_EXEC); mprotect(PROT_EXEC | PROT_BTI)\n" > > > +int test1(int mdwe_enabled) > > +{ > > It feels like we could usefully make an array of > > struct test { > int (*run)(bool mdwe_enabled); > char *name; > } > > then we'd need fewer ifdefs, things could be more usefully named and > it'd be a bit easier to add new cases. > > > +#ifdef __aarch64__ > > + ksft_set_plan(12); > > +#else > > + ksft_set_plan(9); > > +#endif > > That'd just be ksft_test_plan(3 * ARRAY_SIZE(tests). > > > + // First run the tests without MDWE > > + test_result(test1(0), TEST1); > > + test_result(test2(0), TEST2); > > + test_result(test3(0), TEST3); > > +#ifdef __aarch64__ > > + test_result(test4(0), TEST4); > > +#endif > > and these calls to the tests would all be iterating over the array. These comments are solved by the kselftest_harness approach that Kees suggested. Thanks, Joey
Powered by blists - more mailing lists