lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CALmYWFvGZj5Bc8LfveMCc=3ZAgd-Lqr=186K4swpnTc=2a-JkQ@mail.gmail.com>
Date: Thu, 5 Dec 2024 11:53:57 -0800
From: Jeff Xu <jeffxu@...gle.com>
To: "Isaac J. Manjarres" <isaacmanjarres@...gle.com>
Cc: Shuah Khan <shuah@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, 
	Daniel Verkamp <dverkamp@...omium.org>, Kees Cook <kees@...nel.org>, stable@...r.kernel.org, 
	Suren Baghdasaryan <surenb@...gle.com>, Kalesh Singh <kaleshsingh@...gle.com>, kernel-team@...roid.com, 
	linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1] selftests/memfd: Run sysctl tests when PID namespace
 support is enabled

On Thu, Dec 5, 2024 at 11:29 AM Isaac J. Manjarres
<isaacmanjarres@...gle.com> wrote:
>
> The sysctl tests for vm.memfd_noexec rely on the kernel to support PID
> namespaces (i.e. the kernel is built with CONFIG_PID_NS=y). If the
> kernel the test runs on does not support PID namespaces, the first
> sysctl test will fail when attempting to spawn a new thread in a new
> PID namespace, abort the test, preventing the remaining tests from
> being run.
>
> This is not desirable, as not all kernels need PID namespaces, but can
> still use the other features provided by memfd. Therefore, only run the
> sysctl tests if the kernel supports PID namespaces. Otherwise, skip
> those tests and emit an informative message to let the user know why
> the sysctl tests are not being run.
>
Thanks for fixing this.

> Fixes: 11f75a01448f ("selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC")
> Cc: stable@...r.kernel.org # v6.6+
> Cc: Jeff Xu <jeffxu@...gle.com>
> Cc: Suren Baghdasaryan <surenb@...gle.com>
> Cc: Kalesh Singh <kaleshsingh@...gle.com>
> Signed-off-by: Isaac J. Manjarres <isaacmanjarres@...gle.com>
> ---
>  tools/testing/selftests/memfd/memfd_test.c | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c
> index 95af2d78fd31..0a0b55516028 100644
> --- a/tools/testing/selftests/memfd/memfd_test.c
> +++ b/tools/testing/selftests/memfd/memfd_test.c
> @@ -9,6 +9,7 @@
>  #include <fcntl.h>
>  #include <linux/memfd.h>
>  #include <sched.h>
> +#include <stdbool.h>
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <signal.h>
> @@ -1557,6 +1558,11 @@ static void test_share_fork(char *banner, char *b_suffix)
>         close(fd);
>  }
>
> +static bool pid_ns_supported(void)
> +{
> +       return access("/proc/self/ns/pid", F_OK) == 0;
> +}
> +
>  int main(int argc, char **argv)
>  {
>         pid_t pid;
> @@ -1591,8 +1597,12 @@ int main(int argc, char **argv)
>         test_seal_grow();
>         test_seal_resize();
>
> -       test_sysctl_simple();
> -       test_sysctl_nested();
> +       if (pid_ns_supported()) {
> +               test_sysctl_simple();
> +               test_sysctl_nested();
> +       } else {
> +               printf("PID namespaces are not supported; skipping sysctl tests\n");
> +       }
>
>         test_share_dup("SHARE-DUP", "");
>         test_share_mmap("SHARE-MMAP", "");
> --
> 2.47.0.338.g60cca15819-goog
>
Reviewed-by: Jeff Xu <jeffxu@...gle.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ