From patchwork Thu May 4 17:09:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 90156 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp483264vqo; Thu, 4 May 2023 10:16:08 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7F0/L/eAmc14zfDDzw+AmaMS3YNLSvwcUqyeyqCUz3vxmpGZFN7teIkYsb+2V8RWGSm2dx X-Received: by 2002:a05:6a20:1442:b0:f0:9cbd:78e3 with SMTP id a2-20020a056a20144200b000f09cbd78e3mr3669950pzi.0.1683220567687; Thu, 04 May 2023 10:16:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683220567; cv=none; d=google.com; s=arc-20160816; b=UW9bExwj6A5Fp4S7R8qS405AZvQbNhzzSKEAF1FeDeCVQZ5XX33AdHiz9Hqyge2Czk Eh9tmp8kgHSX0hTFrqeZHyIJMEoSBUhllOkRqiVTPi6xSW6M/sjN7ss7IHt0CAaxroEV 0qVXwj0dBRzOdTom+jrERqqfRcVmcp9/Xalm9Mk+o8DTkxBPMUUBsMV7we5K9GZ3yf8k +OpwD4z5JFNO0Jo1Ix+2nDx4sGJ6eKqYPj8Dq9GS3XCJiBsClOwySEd7sWkayy8opuYZ I9knIDk+g+c0YRc31qfm3DGVV4eSQg/HJKDxs4i1kwFfjiQr9E1MF/CqlUbT+leK8KFo e3JQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eTHDgvve2rlDjfEENOqXxQ+73XcCxja6nWFDNUvgskk=; b=zpEWkAU6EkIW2jK8DsLf0LE+9+t0uXTsTR6zKh/SRoxKGMQol8xd+LNWWQ7rbEB6DH u98nOGnnTzojxUJbSafHGlF05wKMJ3lJIbphfab7z/0TQ0Ry20cBYXYBqpQBZE3NLbfR UR7kwQ7DcpgWqrZ3W9NXwdrSFeMAl29H/OetScP/bHRHr1iGU3jPvj8GHcdCHBEcHBZs ynnVixX+CWg8mYXdCm4F0V/8ZCiITykTCZN1OEUPBIysMIqkq81HcLUVVe1cXBnr/L8M j319ZPybjVJYeHurfNSsdIL3sUFDXKhf+lWKNlB0h9ekAxTibgdZFMTLTFmdSA66CI+M vvuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=TLY8hWAN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 22-20020a631756000000b0052c5e4694d1si4072216pgx.439.2023.05.04.10.15.51; Thu, 04 May 2023 10:16:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=TLY8hWAN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229757AbjEDRKO (ORCPT + 99 others); Thu, 4 May 2023 13:10:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41938 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229735AbjEDRKM (ORCPT ); Thu, 4 May 2023 13:10:12 -0400 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 333762D62 for ; Thu, 4 May 2023 10:10:11 -0700 (PDT) Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-3f315735514so71889565e9.1 for ; Thu, 04 May 2023 10:10:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1683220209; x=1685812209; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eTHDgvve2rlDjfEENOqXxQ+73XcCxja6nWFDNUvgskk=; b=TLY8hWANkz5dJ2crHOy+zJ3/fsXy3K91NDqWzUUpWFnWsc5AvwcKHembAMeXUVfNXl 6aHNKialveKSsvzkPszrvlNeMUCPp2K6hCxbxuo99eVWUuZP9iSacZWOKIfONAsoKL8i GjDtmWIGIo7DVSqPDWi7y6KDAWwPrZSeph3cY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683220209; x=1685812209; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eTHDgvve2rlDjfEENOqXxQ+73XcCxja6nWFDNUvgskk=; b=DfKrZtOm5qZpwBugBYsYQ8WBgLK1ji01Kg7N3GVbgj5tQprstxfc7jKMpOuI9UkDSk aUGScNghSQA5k6b4zfL5HEDYuoJ7qhNX7BFeytzid38Wd+Hk+z/dfmO6avbGrwYeh6K0 NpvHcOa1qqzHwlVL7jjFaApNwwY4Hktc5kKOhdYrxH4iQWooSFmlNTHfcEO/+kQtG1/o J1WUBVUVB/cQbdOh1T0bYEg8zPF+RON8qzOas94m/TvsL0Ryx+QnfK8ZEquImLIWlrgV 19mhhZj88lfyHKm5WRnu6iVmanaw+vVn5PXt0RYmYgSxMqD5WvU0PrtiaDIdy8CadFiS PYzw== X-Gm-Message-State: AC+VfDybLOCxAp9EamphbuAhrohh4dFViIlDl8fuYAkKMuI35+AbKmRR 2Ftw2HO3mJgu7Yz0uRGZH6yGyWeS2E1NdfedwBU= X-Received: by 2002:a05:600c:3555:b0:3f1:89de:7e51 with SMTP id i21-20020a05600c355500b003f189de7e51mr262426wmq.12.1683220209275; Thu, 04 May 2023 10:10:09 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:c740:f74d:132c:ca99]) by smtp.gmail.com with ESMTPSA id q3-20020a1cf303000000b003f3157988f8sm5447895wmq.26.2023.05.04.10.10.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 May 2023 10:10:08 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, nd@arm.com, broonie@kernel.org, szabolcs.nagy@arm.com, Florent Revest Subject: [PATCH 1/4] kselftest: vm: Fix tabs/spaces inconsistency in the mdwe test Date: Thu, 4 May 2023 19:09:39 +0200 Message-ID: <20230504170942.822147-2-revest@chromium.org> X-Mailer: git-send-email 2.40.1.495.gc816e09b53d-goog In-Reply-To: <20230504170942.822147-1-revest@chromium.org> References: <20230504170942.822147-1-revest@chromium.org> MIME-Version: 1.0 X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1764984690040973734?= X-GMAIL-MSGID: =?utf-8?q?1764984690040973734?= Signed-off-by: Florent Revest --- tools/testing/selftests/mm/mdwe_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftests/mm/mdwe_test.c index bc91bef5d254..d0954c657feb 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -49,19 +49,19 @@ FIXTURE_VARIANT(mdwe) FIXTURE_VARIANT_ADD(mdwe, stock) { - .enabled = false, + .enabled = false, .forked = false, }; FIXTURE_VARIANT_ADD(mdwe, enabled) { - .enabled = true, + .enabled = true, .forked = false, }; FIXTURE_VARIANT_ADD(mdwe, forked) { - .enabled = true, + .enabled = true, .forked = true, }; From patchwork Thu May 4 17:09:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 90157 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp483775vqo; Thu, 4 May 2023 10:16:52 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5oetT21WqkGX0LMTy7vFQBo1a8HDPo5V4al965QbuPXOjVsFMOVHjBYYnr1LR0Ls3FphGU X-Received: by 2002:a05:6a21:7895:b0:f0:5a5b:7bea with SMTP id bf21-20020a056a21789500b000f05a5b7beamr3395486pzc.61.1683220612588; Thu, 04 May 2023 10:16:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683220612; cv=none; d=google.com; s=arc-20160816; b=yK45ff8UWiuVLAQvtwbzFEjRBpe6AyuKYZYG53AkNIgPJk+yYfwL19guT/5YIqWtve oQ48affyq81IwB+Rxi6JovtJFDI8eQ5jFuGjO7T8G9Yq235P0TSaKkLNMLV7ALryCRyh dwpTRAPcsAJMUnk9rdV9cccZnVJFJwmAaf9Mi8Iuzf1OEnfrwoRI1HgKZkwh6bTzeGyI F+GeYqJWxLRpo6v/FSDKIKanYeBhmgLE+cm9J7VAmJBewFOowT6j6FIe1uVW7FWUpvmV gtK9e0sJGK6zZwGAs+PglAQqqG9fYfAinhrzPvNKfzsJGOgKovUOX+BYBwS4VSvU6LoW R23g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=P3QYW4dMv2fssbqcmbr7kPwxf8O4yB5nA1oU7n1NpuI=; b=qlBoGg/j5OzQusTvZtJHJQk2e0AI0ai0Syqh10aeJ6NYr3EoeYnxtya4tdzcWqzuUB qQeni+yyfLFGr5g5+j2LAAjzg2YKt80J79vmBcOEz2JYkevcqWYZOHKa/HXEQLQ/RlBI dJbrvu258QGBAYWhhHjRlFRZUIj+69Y26x6yYScPZz2UkApQjyEdlzGYa6SOVyykRPWa K/qfEVjSjD4UeNn3YkY0DBlrRY9Da8CLRHP9CtJiH0xTchKHtrQdOCfbmNCxJGV5DgHn 4mI168LRhkVHGuYjqKZ07awPhrcH5ovO5cTVz4mgYx82LLgB1tk7/TA6vGwycXLBrEG/ yJ3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=D7x4fa+X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 33-20020a630d61000000b0052c6489dc91si3916519pgn.105.2023.05.04.10.16.36; Thu, 04 May 2023 10:16:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=D7x4fa+X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229822AbjEDRKS (ORCPT + 99 others); Thu, 4 May 2023 13:10:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229714AbjEDRKO (ORCPT ); Thu, 4 May 2023 13:10:14 -0400 Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E0F8940F5 for ; Thu, 4 May 2023 10:10:12 -0700 (PDT) Received: by mail-wm1-x332.google.com with SMTP id 5b1f17b1804b1-3f4000ec71dso5859385e9.2 for ; Thu, 04 May 2023 10:10:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1683220211; x=1685812211; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=P3QYW4dMv2fssbqcmbr7kPwxf8O4yB5nA1oU7n1NpuI=; b=D7x4fa+X6qIEzk2IbZ+D0fz5GhTgakeCXE+E81V7L4crHzOUgGASrNmikW+8iJh6Lp M1n6L4lENTLNeOLhBvCOq7Kq+mXd93sRdO8S61OdMearQDPJkCAv7Q+7Bh7n2mXiDfYh UHQAZtPHV+bXdXq/fi6Bp3nU8BvBD8blOwy0E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683220211; x=1685812211; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=P3QYW4dMv2fssbqcmbr7kPwxf8O4yB5nA1oU7n1NpuI=; b=V/TMsV1WulG7aZDtECXvG5RR2zLZfUNPdYncgt8jIkZR447AxrGGsEaKKnb6KCSJFN vbIXWV9m0dw9FS09a7/O7R1EWkjVU7p5XlVrEKDfIGw2YOeW8cK810Bp1Xmfwn6l/jON bdq1NbcS5zxt6haTf1cRZ8PfQ/Hpyo+722NTrNGePU8EdJDNrF+VkUGyxOO0vzD1UGxW L6uE2JzCSoq0RHfewwq9Nh7DkNjNGZEJL9nxKZnTJTNPdAexCHWsG380htY92wfzeuL2 cGtDGJ1urnB8AYSOgb06JhFh3sptk/+12avnk0FjHiXA0+GTkq0TY1yllFpcVd+ILgoc BTiw== X-Gm-Message-State: AC+VfDwakvdgZ1KGCuEH8GMAdpSVU8RBV8zEHSByCR1dsqQGsoAeOWjA qB2TeoLrITT1Qwte+L3vtLRD+tuoRKkmZYwaY+s= X-Received: by 2002:a1c:740d:0:b0:3ef:6819:b2ad with SMTP id p13-20020a1c740d000000b003ef6819b2admr265910wmc.37.1683220210796; Thu, 04 May 2023 10:10:10 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:c740:f74d:132c:ca99]) by smtp.gmail.com with ESMTPSA id q3-20020a1cf303000000b003f3157988f8sm5447895wmq.26.2023.05.04.10.10.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 May 2023 10:10:10 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, nd@arm.com, broonie@kernel.org, szabolcs.nagy@arm.com, Florent Revest Subject: [PATCH 2/4] kselftest: vm: Fix mdwe's mmap_FIXED test case Date: Thu, 4 May 2023 19:09:40 +0200 Message-ID: <20230504170942.822147-3-revest@chromium.org> X-Mailer: git-send-email 2.40.1.495.gc816e09b53d-goog In-Reply-To: <20230504170942.822147-1-revest@chromium.org> References: <20230504170942.822147-1-revest@chromium.org> MIME-Version: 1.0 X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1764984736643404933?= X-GMAIL-MSGID: =?utf-8?q?1764984736643404933?= I checked with the original author, the mmap_FIXED test case wasn't properly tested and fails. Currently, it maps two consecutive (non overlapping) pages and expects the second mapping to be denied by MDWE but these two pages have nothing to do with each other so MDWE is actually out of the picture here. What the test actually intended to do was to remap a virtual address using MAP_FIXED. However, this operation unmaps the existing mapping and creates a new one so the va is backed by a new page and MDWE is again out of the picture, all remappings should succeed. This patch keeps the test case to make it clear that this situation is expected to work. Signed-off-by: Florent Revest --- tools/testing/selftests/mm/mdwe_test.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftests/mm/mdwe_test.c index d0954c657feb..91aa9c3099e7 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -168,13 +168,10 @@ TEST_F(mdwe, mmap_FIXED) self->p = mmap(NULL, self->size, PROT_READ, self->flags, 0, 0); ASSERT_NE(self->p, MAP_FAILED); - p = mmap(self->p + self->size, self->size, PROT_READ | PROT_EXEC, + /* MAP_FIXED unmaps the existing page before mapping which is allowed */ + p = mmap(self->p, self->size, PROT_READ | PROT_EXEC, self->flags | MAP_FIXED, 0, 0); - if (variant->enabled) { - EXPECT_EQ(p, MAP_FAILED); - } else { - EXPECT_EQ(p, self->p); - } + EXPECT_EQ(p, self->p); } TEST_F(mdwe, arm64_BTI) From patchwork Thu May 4 17:09:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 90155 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp483091vqo; Thu, 4 May 2023 10:15:51 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4CC6cFxZPItVZ43Z9orQzrrTiNUj/wuGDd2eNrI8zsWhx5QY+SAA2+6SVDsPCSrEQ6i/FX X-Received: by 2002:a17:90b:154b:b0:24e:1ef0:8c40 with SMTP id ig11-20020a17090b154b00b0024e1ef08c40mr2638136pjb.35.1683220551058; Thu, 04 May 2023 10:15:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683220551; cv=none; d=google.com; s=arc-20160816; b=B09BGYA2OJbrKRKcF3GkPMJuZSvtD4Pu0JXrXBkLlJcBVXnw8u969Yi/iKoqkI64IF UK/XwvY6+ywcsL4Xn1Yrnxjzpx7ykcYT6nE79wXXGY4FUgGrPDRuCJtaLxqZGzb0+iOM 9PpFe5GeSDDV3HBqipst/eBnCzCuyqzymZcX8m4nQgWo9inh11YzZlH4oH7qqmLOXiHJ iviF51WwDWffgv3k+oPH8vC2Ih0PyUdL0sI6JWs2Wsns5BAZjVpBYg0a0kmtXlRz8hUS yIKVPPEJRGdHvWfEPmt32MyyfWAI5JVDD/oRntAXkPysEHOu6nbBV9flJPWOQ4Irv4PW hH0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=as31pCoPiH/Lp8KLJm8spaUi4yVvoAv9TTcEhjCAAgY=; b=FLV5AlUCL4LOp2aUT2zJqJSexo71QmuTpzOJLaDgpV08I3cSjAG4UowVFfxy4Pszps ixTyr+1mdm1GhnSgnzHrYTkLXV6jyoyN5I6mCg8w0afNNs0tJ9kMvGnjlNxmY0uPFFf3 bAzXCwxP3yta51rr8mxVS4Sie/dIZmYxhapgtyzO7kw/Q1fWVwy13VBVTJ7mBBUWQuEH TX7k0IVmzCX6dyPvKdwQ5367v0WuLAhqUjU0NgTt/XLNrP8EHUgedampNxPWguQW9ezQ 9dRl3AhRK5NQUGPAtojP/l4pgkRn15RS0ZuVsxAkjZHqaL0JrEx95SoN0LaFOK9+ArWk Ae1A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=LPi2IBa3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id me17-20020a17090b17d100b002470448b9d2si17952593pjb.7.2023.05.04.10.15.32; Thu, 04 May 2023 10:15:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=LPi2IBa3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229845AbjEDRKU (ORCPT + 99 others); Thu, 4 May 2023 13:10:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42032 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229774AbjEDRKQ (ORCPT ); Thu, 4 May 2023 13:10:16 -0400 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8990D46B6 for ; Thu, 4 May 2023 10:10:14 -0700 (PDT) Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-3f178da21b5so5847615e9.3 for ; Thu, 04 May 2023 10:10:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1683220212; x=1685812212; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=as31pCoPiH/Lp8KLJm8spaUi4yVvoAv9TTcEhjCAAgY=; b=LPi2IBa3epGcENfstLDmxknEDjzoeVoyMCOVXvn2hIqJbhS/z3Z7beqcX8HNc6RUU/ /pzEgUoHJDLiDTe06ySVWNrxzOY57B8Ei43G0kuT69v4VEEQebPwALydX2HCV6VqXzRz DN1UCfrQbZ+PMVzcuWYehyE4oV9BCc+rsc8xk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683220212; x=1685812212; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=as31pCoPiH/Lp8KLJm8spaUi4yVvoAv9TTcEhjCAAgY=; b=cWWmQbZZwkkwdC+1phIlvfvsKIeVdWp2u/MvMaHuZCRvZIGVmlXxgSYYHXvA2rhMuE UtXWUecxEwAWjPCN55gJsBNqAML6qtdPGo2UksBYAYufCP/xJCG23KU+J6v+2anw+U7G eq5qMRrVbk3AsUJDnMCG9D0pDYFQYNWnSJE+jPkmiEAwwwqzYvRZFxmJe+22FS7VnVxh QjbuoeQEXDCZPyL0TRybeuvhigXIzY76YCKIqd/vXJOaOho/p9wKqQVdFmXkecuaAoIK pogMvGZuzQgwBJWKqk9COQRkGdwB50UvYrywdb5D6tWQ9puaFC5eGAoYnVH82bBHN2/k bV3w== X-Gm-Message-State: AC+VfDzL4he7dN5t6MmlrvMLdzaOIkQNAtplTf4Djujz3WtCZutkDHj2 wDqdhRPxHBMhBQveL2Maf3OvpKlF3rU2kwWahn8= X-Received: by 2002:a7b:ce84:0:b0:3f2:4fca:1b0f with SMTP id q4-20020a7bce84000000b003f24fca1b0fmr255985wmj.24.1683220212624; Thu, 04 May 2023 10:10:12 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:c740:f74d:132c:ca99]) by smtp.gmail.com with ESMTPSA id q3-20020a1cf303000000b003f3157988f8sm5447895wmq.26.2023.05.04.10.10.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 May 2023 10:10:11 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, nd@arm.com, broonie@kernel.org, szabolcs.nagy@arm.com, Florent Revest Subject: [PATCH 3/4] mm: Add a NO_INHERIT flag to the PR_SET_MDWE prctl Date: Thu, 4 May 2023 19:09:41 +0200 Message-ID: <20230504170942.822147-4-revest@chromium.org> X-Mailer: git-send-email 2.40.1.495.gc816e09b53d-goog In-Reply-To: <20230504170942.822147-1-revest@chromium.org> References: <20230504170942.822147-1-revest@chromium.org> MIME-Version: 1.0 X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1764984672453763268?= X-GMAIL-MSGID: =?utf-8?q?1764984672453763268?= This extends the current PR_SET_MDWE prctl arg with a bit to indicate that the process doesn't want MDWE protection to propagate to children. To implement this no-inherit mode, the tag in current->mm->flags must be absent from MMF_INIT_MASK. This means that the encoding for "MDWE but without inherit" is different in the prctl than in the mm flags. This leads to a bit of bit-mangling in the prctl implementation. Signed-off-by: Florent Revest --- include/linux/mman.h | 8 +++++++- include/linux/sched/coredump.h | 1 + include/uapi/linux/prctl.h | 1 + kernel/sys.c | 29 +++++++++++++++++++++++------ tools/include/uapi/linux/prctl.h | 1 + 5 files changed, 33 insertions(+), 7 deletions(-) diff --git a/include/linux/mman.h b/include/linux/mman.h index cee1e4b566d8..3d7a0b70ad2d 100644 --- a/include/linux/mman.h +++ b/include/linux/mman.h @@ -157,6 +157,12 @@ calc_vm_flag_bits(unsigned long flags) unsigned long vm_commit_limit(void); +static inline bool has_mdwe_enabled(struct task_struct *task) +{ + return test_bit(MMF_HAS_MDWE, &task->mm->flags) || + test_bit(MMF_HAS_MDWE_NO_INHERIT, &task->mm->flags); +} + /* * Denies creating a writable executable mapping or gaining executable permissions. * @@ -178,7 +184,7 @@ unsigned long vm_commit_limit(void); */ static inline bool map_deny_write_exec(struct vm_area_struct *vma, unsigned long vm_flags) { - if (!test_bit(MMF_HAS_MDWE, ¤t->mm->flags)) + if (!has_mdwe_enabled(current)) return false; if ((vm_flags & VM_EXEC) && (vm_flags & VM_WRITE)) diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h index 0ee96ea7a0e9..b2d9659ef863 100644 --- a/include/linux/sched/coredump.h +++ b/include/linux/sched/coredump.h @@ -91,4 +91,5 @@ static inline int get_dumpable(struct mm_struct *mm) MMF_DISABLE_THP_MASK | MMF_HAS_MDWE_MASK) #define MMF_VM_MERGE_ANY 29 +#define MMF_HAS_MDWE_NO_INHERIT 30 #endif /* _LINUX_SCHED_COREDUMP_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index f23d9a16507f..31ec44728412 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -284,6 +284,7 @@ struct prctl_mm_map { /* Memory deny write / execute */ #define PR_SET_MDWE 65 # define PR_MDWE_REFUSE_EXEC_GAIN 1 +# define PR_MDWE_NO_INHERIT 2 #define PR_GET_MDWE 66 diff --git a/kernel/sys.c b/kernel/sys.c index 339fee3eff6a..c864fd42ece1 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2368,12 +2368,25 @@ static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3, if (arg3 || arg4 || arg5) return -EINVAL; - if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN)) + if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT)) return -EINVAL; - if (bits & PR_MDWE_REFUSE_EXEC_GAIN) - set_bit(MMF_HAS_MDWE, ¤t->mm->flags); - else if (test_bit(MMF_HAS_MDWE, ¤t->mm->flags)) + /* Cannot set NO_INHERIT without REFUSE_EXEC_GAIN */ + if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN)) + return -EINVAL; + + if (bits & PR_MDWE_REFUSE_EXEC_GAIN) { + if (bits & PR_MDWE_NO_INHERIT) { + /* Cannot go from inherit mode to no inherit */ + if (test_bit(MMF_HAS_MDWE, ¤t->mm->flags)) + return -EPERM; + + set_bit(MMF_HAS_MDWE_NO_INHERIT, ¤t->mm->flags); + } else { + set_bit(MMF_HAS_MDWE, ¤t->mm->flags); + clear_bit(MMF_HAS_MDWE_NO_INHERIT, ¤t->mm->flags); + } + } else if (has_mdwe_enabled(current)) return -EPERM; /* Cannot unset the flag */ return 0; @@ -2385,8 +2398,12 @@ static inline int prctl_get_mdwe(unsigned long arg2, unsigned long arg3, if (arg2 || arg3 || arg4 || arg5) return -EINVAL; - return test_bit(MMF_HAS_MDWE, ¤t->mm->flags) ? - PR_MDWE_REFUSE_EXEC_GAIN : 0; + if (test_bit(MMF_HAS_MDWE, ¤t->mm->flags)) + return PR_MDWE_REFUSE_EXEC_GAIN; + else if (test_bit(MMF_HAS_MDWE_NO_INHERIT, ¤t->mm->flags)) + return PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT; + + return 0; } static int prctl_get_auxv(void __user *addr, unsigned long len) diff --git a/tools/include/uapi/linux/prctl.h b/tools/include/uapi/linux/prctl.h index 759b3f53e53f..a3424852d2d6 100644 --- a/tools/include/uapi/linux/prctl.h +++ b/tools/include/uapi/linux/prctl.h @@ -284,6 +284,7 @@ struct prctl_mm_map { /* Memory deny write / execute */ #define PR_SET_MDWE 65 # define PR_MDWE_REFUSE_EXEC_GAIN 1 +# define PR_MDWE_NO_INHERIT 2 #define PR_GET_MDWE 66 From patchwork Thu May 4 17:09:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 90158 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp484526vqo; Thu, 4 May 2023 10:18:00 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5txsreu/SaBz6ZESZWImZ8Afqqgi7cJ+bVqBMLF5n+oR3SdFjp7gWKk+xgYOvTchfzXMJ1 X-Received: by 2002:a05:6a00:1a11:b0:63b:89ba:fc9c with SMTP id g17-20020a056a001a1100b0063b89bafc9cmr3602098pfv.27.1683220679897; Thu, 04 May 2023 10:17:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683220679; cv=none; d=google.com; s=arc-20160816; b=oejHE8T25/2Qdn/tCnQVCGTCwYIS/A3aLWhFVrqmfgGB6Shk1oI3dk/DPoKDwPazde ou0y9iOXpKRDWa2+EuJ6x4FYbVP9K6QrUPNtB2dVL+7pKV7+q+77W+mHtpmhKUEu86p5 K3PuMOmpgjb9HgFxON+8AnKSqU2py0qZgx8oCXC41PyUK3jsWLYU9RfDr0Oco/9R4jxh 8kPCs3G4ZGMOlkThnafxcU8O1sAEQkPpEWwcGNpfwOodnyz7cAw0XYDrpKk+Lsk3VYrs reKYWyw/+xRoJZmg1hjOPS7iZwSa2+3ijQELK9OonM+wTYgxL2dxEK582UZiz0zRduEl Xcrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1SRzuJqpvnzSAOXKSWghhiqVYW6J1y/TsKOBytQBtN4=; b=VMj/Z3oLWi1/hH7R5ab9IVzzIGIzlF8xzAuX4jEEzEb+Mp+2bhVv1vM/H93Cw2bZb8 uCnDFRR96cPq/e1GqXgAWISTcaMJw4Ko/7YrQ1Kce9YJTe6w1NeXcio2lQNls9yrBatw RNFMH7iYZ2gVo3Z+AxZanxWqNmRsRVcUJvARBhDFLrjyafqOr/5ZdMVoCFrz6y/4vR/Z +4gFWojvqGQQlG8eVZM5dSGX8CVV2R26kI8cRcs4GCSTFESEMMS/BIDLVGlohBKEGbkL kdPD6dgXMBUC7jpF90iI+eTx8o1i9XgeNksoxNSe3tSGclvJyK/veOutxwRfsZDJ0mV1 A1zA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=b0n2C4i8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v2-20020aa799c2000000b00640ee8ddf24si23691159pfi.87.2023.05.04.10.17.42; Thu, 04 May 2023 10:17:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=b0n2C4i8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229897AbjEDRKZ (ORCPT + 99 others); Thu, 4 May 2023 13:10:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229813AbjEDRKS (ORCPT ); Thu, 4 May 2023 13:10:18 -0400 Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 921A944A0 for ; Thu, 4 May 2023 10:10:16 -0700 (PDT) Received: by mail-wr1-x42c.google.com with SMTP id ffacd0b85a97d-3064099f9b6so534494f8f.1 for ; Thu, 04 May 2023 10:10:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1683220214; x=1685812214; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1SRzuJqpvnzSAOXKSWghhiqVYW6J1y/TsKOBytQBtN4=; b=b0n2C4i8lymk8dRpWOfTuJnCia7q/qvlmX+zU/kRwHQNNJ4h/PvDPJfE3TW4FuEQyq GxNI2PXk7U7odx4x/SMJ8jZxUvjY9mXIu6yBOFpsQlRvi71FueOZC0jH/GF+2fU/HMk9 5hofoAb5Ek/MaQvYilxsgGZjtqaxikqck0/r8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683220214; x=1685812214; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1SRzuJqpvnzSAOXKSWghhiqVYW6J1y/TsKOBytQBtN4=; b=DZ/ol24vVKTFTJftGl6yuvlcUlYNwHIZudMIAGGQZnTbjfeonoJsbTlRRQJ3foLkSK 47WGx941O0VlpCYUDzXC/YbNdZnQS4RzZ/xcOWXOiCob5IkYzmoAaNRvQrtC3gyGYcB2 rT7X8HJ/67BcUDt2ckubHuPAqn3ippwdJqJYoXcbX5eOUROzQ8gv44eQk1jrsnriN23k T04BdL3Kzi/cvEb1Tct1x6/iMePinzvx2CPonaGEPic1sqqjwJbVb085FUgOBYC2RnKX +FZIyst+EsuDHdbA/1jsAb6e+7Z734c4d03ibeSsStygDUwr7v4Y3B5UGvV5yQ8FHo1x oK9A== X-Gm-Message-State: AC+VfDz5RM3ig+ULp7Iq0X4n1MnSzK2ckKpZKSiWd+2kNxA0fBrHnVeC Ky6eaxgZozlomq1KIVhkXmtXAIInh9kizdBnIZ0= X-Received: by 2002:a05:6000:108f:b0:307:4d2c:8353 with SMTP id y15-20020a056000108f00b003074d2c8353mr1400687wrw.53.1683220214530; Thu, 04 May 2023 10:10:14 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:c740:f74d:132c:ca99]) by smtp.gmail.com with ESMTPSA id q3-20020a1cf303000000b003f3157988f8sm5447895wmq.26.2023.05.04.10.10.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 May 2023 10:10:14 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, nd@arm.com, broonie@kernel.org, szabolcs.nagy@arm.com, Florent Revest Subject: [PATCH 4/4] kselftest: vm: Add tests for no-inherit memory-deny-write-execute Date: Thu, 4 May 2023 19:09:42 +0200 Message-ID: <20230504170942.822147-5-revest@chromium.org> X-Mailer: git-send-email 2.40.1.495.gc816e09b53d-goog In-Reply-To: <20230504170942.822147-1-revest@chromium.org> References: <20230504170942.822147-1-revest@chromium.org> MIME-Version: 1.0 X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1764984807709424170?= X-GMAIL-MSGID: =?utf-8?q?1764984807709424170?= Add some tests to cover the new PR_MDWE_NO_INHERIT flag of the PR_SET_MDWE prctl. Signed-off-by: Florent Revest --- tools/testing/selftests/mm/mdwe_test.c | 95 ++++++++++++++++++++++++-- 1 file changed, 89 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftests/mm/mdwe_test.c index 91aa9c3099e7..9f08ed1b99ae 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -22,6 +22,8 @@ TEST(prctl_flags) { + EXPECT_LT(prctl(PR_SET_MDWE, PR_MDWE_NO_INHERIT, 0L, 0L, 7L), 0); + EXPECT_LT(prctl(PR_SET_MDWE, 7L, 0L, 0L, 0L), 0); EXPECT_LT(prctl(PR_SET_MDWE, 0L, 7L, 0L, 0L), 0); EXPECT_LT(prctl(PR_SET_MDWE, 0L, 0L, 7L, 0L), 0); @@ -33,6 +35,66 @@ TEST(prctl_flags) EXPECT_LT(prctl(PR_GET_MDWE, 0L, 0L, 0L, 7L), 0); } +FIXTURE(consecutive_prctl_flags) {}; +FIXTURE_SETUP(consecutive_prctl_flags) {} +FIXTURE_TEARDOWN(consecutive_prctl_flags) {} + +FIXTURE_VARIANT(consecutive_prctl_flags) +{ + unsigned long first_flags; + unsigned long second_flags; + bool should_work; +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, same) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .second_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .should_work = true, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_mdwe) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .second_flags = 0, + .should_work = false, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_mdwe_no_inherit) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .second_flags = 0, + .should_work = false, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, can_lower_privileges) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .second_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .should_work = true, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_gain_privileges) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .second_flags = PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .should_work = false, +}; + +TEST_F(consecutive_prctl_flags, two_prctls) +{ + int ret; + + EXPECT_EQ(prctl(PR_SET_MDWE, variant->first_flags, 0L, 0L, 0L), 0); + + ret = prctl(PR_SET_MDWE, variant->second_flags, 0L, 0L, 0L); + if (variant->should_work) { + EXPECT_EQ(ret, 0); + } else { + EXPECT_NE(ret, 0); + } +} + FIXTURE(mdwe) { void *p; @@ -45,28 +107,45 @@ FIXTURE_VARIANT(mdwe) { bool enabled; bool forked; + bool inherit; }; FIXTURE_VARIANT_ADD(mdwe, stock) { .enabled = false, .forked = false, + .inherit = false, }; FIXTURE_VARIANT_ADD(mdwe, enabled) { .enabled = true, .forked = false, + .inherit = true, }; -FIXTURE_VARIANT_ADD(mdwe, forked) +FIXTURE_VARIANT_ADD(mdwe, inherited) { .enabled = true, .forked = true, + .inherit = true, }; +FIXTURE_VARIANT_ADD(mdwe, not_inherited) +{ + .enabled = true, + .forked = true, + .inherit = false, +}; + +static bool executable_map_should_fail(const FIXTURE_VARIANT(mdwe) *variant) +{ + return variant->enabled && (!variant->forked || variant->inherit); +} + FIXTURE_SETUP(mdwe) { + unsigned long mdwe_flags; int ret, status; self->p = NULL; @@ -76,13 +155,17 @@ FIXTURE_SETUP(mdwe) if (!variant->enabled) return; - ret = prctl(PR_SET_MDWE, PR_MDWE_REFUSE_EXEC_GAIN, 0L, 0L, 0L); + mdwe_flags = PR_MDWE_REFUSE_EXEC_GAIN; + if (!variant->inherit) + mdwe_flags |= PR_MDWE_NO_INHERIT; + + ret = prctl(PR_SET_MDWE, mdwe_flags, 0L, 0L, 0L); ASSERT_EQ(ret, 0) { TH_LOG("PR_SET_MDWE failed or unsupported"); } ret = prctl(PR_GET_MDWE, 0L, 0L, 0L, 0L); - ASSERT_EQ(ret, 1); + ASSERT_EQ(ret, mdwe_flags); if (variant->forked) { self->pid = fork(); @@ -113,7 +196,7 @@ TEST_F(mdwe, mmap_READ_EXEC) TEST_F(mdwe, mmap_WRITE_EXEC) { self->p = mmap(NULL, self->size, PROT_WRITE | PROT_EXEC, self->flags, 0, 0); - if (variant->enabled) { + if (executable_map_should_fail(variant)) { EXPECT_EQ(self->p, MAP_FAILED); } else { EXPECT_NE(self->p, MAP_FAILED); @@ -139,7 +222,7 @@ TEST_F(mdwe, mprotect_add_EXEC) ASSERT_NE(self->p, MAP_FAILED); ret = mprotect(self->p, self->size, PROT_READ | PROT_EXEC); - if (variant->enabled) { + if (executable_map_should_fail(variant)) { EXPECT_LT(ret, 0); } else { EXPECT_EQ(ret, 0); @@ -154,7 +237,7 @@ TEST_F(mdwe, mprotect_WRITE_EXEC) ASSERT_NE(self->p, MAP_FAILED); ret = mprotect(self->p, self->size, PROT_WRITE | PROT_EXEC); - if (variant->enabled) { + if (executable_map_should_fail(variant)) { EXPECT_LT(ret, 0); } else { EXPECT_EQ(ret, 0);