| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241205192943.3228757-1-isaacmanjarres@google.com>
Date: Thu, 5 Dec 2024 11:29:41 -0800
From: "Isaac J. Manjarres" <isaacmanjarres@...gle.com>
To: Shuah Khan <shuah@...nel.org>, Jeff Xu <jeffxu@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>, Daniel Verkamp <dverkamp@...omium.org>,
Kees Cook <kees@...nel.org>
Cc: "Isaac J. Manjarres" <isaacmanjarres@...gle.com>, stable@...r.kernel.org,
Suren Baghdasaryan <surenb@...gle.com>, Kalesh Singh <kaleshsingh@...gle.com>, kernel-team@...roid.com,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH v1] selftests/memfd: Run sysctl tests when PID namespace
support is enabled
The sysctl tests for vm.memfd_noexec rely on the kernel to support PID
namespaces (i.e. the kernel is built with CONFIG_PID_NS=y). If the
kernel the test runs on does not support PID namespaces, the first
sysctl test will fail when attempting to spawn a new thread in a new
PID namespace, abort the test, preventing the remaining tests from
being run.
This is not desirable, as not all kernels need PID namespaces, but can
still use the other features provided by memfd. Therefore, only run the
sysctl tests if the kernel supports PID namespaces. Otherwise, skip
those tests and emit an informative message to let the user know why
the sysctl tests are not being run.
Fixes: 11f75a01448f ("selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC")
Cc: stable@...r.kernel.org # v6.6+
Cc: Jeff Xu <jeffxu@...gle.com>
Cc: Suren Baghdasaryan <surenb@...gle.com>
Cc: Kalesh Singh <kaleshsingh@...gle.com>
Signed-off-by: Isaac J. Manjarres <isaacmanjarres@...gle.com>
---
tools/testing/selftests/memfd/memfd_test.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c
index 95af2d78fd31..0a0b55516028 100644
--- a/tools/testing/selftests/memfd/memfd_test.c
+++ b/tools/testing/selftests/memfd/memfd_test.c
@@ -9,6 +9,7 @@
#include <fcntl.h>
#include <linux/memfd.h>
#include <sched.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
@@ -1557,6 +1558,11 @@ static void test_share_fork(char *banner, char *b_suffix)
close(fd);
}
+static bool pid_ns_supported(void)
+{
+ return access("/proc/self/ns/pid", F_OK) == 0;
+}
+
int main(int argc, char **argv)
{
pid_t pid;
@@ -1591,8 +1597,12 @@ int main(int argc, char **argv)
test_seal_grow();
test_seal_resize();
- test_sysctl_simple();
- test_sysctl_nested();
+ if (pid_ns_supported()) {
+ test_sysctl_simple();
+ test_sysctl_nested();
+ } else {
+ printf("PID namespaces are not supported; skipping sysctl tests\n");
+ }
test_share_dup("SHARE-DUP", "");
test_share_mmap("SHARE-MMAP", "");
--
2.47.0.338.g60cca15819-goog
Powered by blists - more mailing lists