lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 27 Oct 2023 13:41:44 +0300
From:   Alexey Dobriyan <adobriyan@...il.com>
To:     Swarup Laxman Kotiaklapudi <swarupkotikalapudi@...il.com>
Cc:     shuah@...nel.org, akpm@...ux-foundation.org, hughd@...gle.com,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-kselftest@...r.kernel.org,
        linux-kernel-mentees@...ts.linuxfoundation.org
Subject: Re: [PATCH] selftests:proc ProtectionKey check in smpas test

On Thu, Oct 26, 2023 at 01:06:27AM +0530, Swarup Laxman Kotiaklapudi wrote:
> Check ProtectionKey field in /proc/*/smaps output,
> if system supports page-based memory permissions.

> --- a/tools/testing/selftests/proc/proc-empty-vm.c
> +++ b/tools/testing/selftests/proc/proc-empty-vm.c
> @@ -37,6 +37,7 @@
>  #include <sys/types.h>
>  #include <sys/wait.h>
>  #include <unistd.h>
> +#include "../kselftest.h"

I'd rather not include stuff. The reason is that this include makes
the test not (less) self-contained so it requires copying two files
to some machine where it is broken for debugging.

> @@ -83,10 +84,7 @@ static const char proc_pid_smaps_vsyscall_1[] =
>  "SwapPss:               0 kB\n"
>  "Locked:                0 kB\n"
>  "THPeligible:           0\n"
> -/*
> - * "ProtectionKey:" field is conditional. It is possible to check it as well,
> - * but I don't have such machine.
> - */
> +"ProtectionKey:         0\n"
>  ;
>  
>  static const char proc_pid_smaps_vsyscall_2[] =
> @@ -113,10 +111,7 @@ static const char proc_pid_smaps_vsyscall_2[] =
>  "SwapPss:               0 kB\n"
>  "Locked:                0 kB\n"
>  "THPeligible:           0\n"
> -/*
> - * "ProtectionKey:" field is conditional. It is possible to check it as well,
> - * but I'm too tired.
> - */
> +"ProtectionKey:         0\n"
>  ;
>  
>  static void sigaction_SIGSEGV(int _, siginfo_t *__, void *___)
> @@ -241,13 +236,26 @@ static int test_proc_pid_smaps(pid_t pid)
>  	} else {
>  		ssize_t rv = read(fd, buf, sizeof(buf));
>  		close(fd);
> -		if (g_vsyscall == 0) {
> -			assert(rv == 0);
> -		} else {
> -			size_t len = strlen(g_proc_pid_maps_vsyscall);
> -			/* TODO "ProtectionKey:" */
> -			assert(rv > len);
> -			assert(memcmp(buf, g_proc_pid_maps_vsyscall, len) == 0);
> +		assert(rv >= 0);
> +		assert(rv <= sizeof(buf));
> +		if (g_vsyscall != 0) {
> +			int pkey = pkey_alloc(0, 0);

I'd call syscall(). glibc might not have pkey_alloc(3) [[citation needed]]
And I'd move this pkey support testing to the very beginning (like vsyscall).

> +			if (pkey < 0) {
> +				size_t len = strlen(g_proc_pid_maps_vsyscall);

OK this test was broken, but it is not your fault. See my next patch.

> +
> +				assert(rv > len);
> +				assert(memcmp(buf, g_proc_pid_maps_vsyscall, len) == 0);
> +			} else {
> +				pkey_free(pkey);
> +				static const char * const S[] = {
> +					"ProtectionKey:         0\n"
> +				};
> +				int i;
> +
> +				for (i = 0; i < ARRAY_SIZE(S); i++)
> +					assert(memmem(buf, rv, S[i], strlen(S[i])));
> +			}

OK-ish.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ