From patchwork Tue Jul 4 15:36:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 115844 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp1314422vqx; Tue, 4 Jul 2023 08:54:45 -0700 (PDT) X-Google-Smtp-Source: APBJJlGbWNcrhE/x6/tc30P+wFNFfB33B3AXhURNsoQZqvF3XrdLWX50AHkdx1I72vzIKvrqg+AA X-Received: by 2002:a17:902:c246:b0:1b6:864b:20aa with SMTP id 6-20020a170902c24600b001b6864b20aamr15040367plg.31.1688486084888; Tue, 04 Jul 2023 08:54:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688486084; cv=none; d=google.com; s=arc-20160816; b=EbGHu0z/yQhtJMMkgtNWkopp8O/Fgfl0pXcMZLOwUqoDEQ1JPmqD7DsBjRmufZIlPA 9+R7kCfFu96baofmi2sOloZjQlLHj7HFt+188/+h6xT+aiHci1eMHRnykwyLQHNoPORB EkPwTgY3KB5JUhonHAIYn+S9yuAePzzAJDaPQl+jqLCokpU/kDe4nlXWqLBVpik4H3Mv wOqP9Gd9BQxi5ykQ5xP8PJogR/FOQfKSf9NZml1qhwOhLZ8hMxD4ZymPQGFxz+NJpWJi RshgSUD5T2kCVNbBg12/mXsKleYzS52EPeNjquBWTKF3vTrHYE/rGXDEhEQI2na9rTKs OwFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1v5lGibnAF/heTsoRNB1jAJr0Wc+6STg6A/2r7lAh8k=; fh=qt+3dfk+I7w4O6ICPehLV2qOV3K4oyIze2E4W9KFR+E=; b=zNe13lA3qWLZTXjCsTDq0VcKSitWowI/FmRGejq1X5t08sudCpR/LjMrVKVxDw2TDw yEumJW+Ev7R0bFN14W1YysXoR6/96vpgkLWXvQCt24pJMzuKDcdmAqUzi0dJa0f8Y6qz Es4IRebcD4VWEGj7U21mZ87bVHE+GvjNBmSjySLmkT+iyvq5yV/5tVHBO9GNjVnVSyQ6 jmbkTNipk+huSuhKAO0G5IWIVZgECLonsXtXhY46NoU9h0AVyBQwCQ9VxwJEVGMcnvrf rMCg3oInXXRIC6gjurfqlykJ63B9f0HXNpVAASe8vshUGCjBMficQcLwNUN2u7dtq8ix S2+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="Z1/poYmW"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r2-20020a170903410200b001b7e6528c6fsi18811825pld.108.2023.07.04.08.54.32; Tue, 04 Jul 2023 08:54:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="Z1/poYmW"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231736AbjGDPhN (ORCPT + 99 others); Tue, 4 Jul 2023 11:37:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48078 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230255AbjGDPhK (ORCPT ); Tue, 4 Jul 2023 11:37:10 -0400 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 445171B2 for ; Tue, 4 Jul 2023 08:37:09 -0700 (PDT) Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-3112f5ab0b1so6394889f8f.0 for ; Tue, 04 Jul 2023 08:37:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1688485027; x=1691077027; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1v5lGibnAF/heTsoRNB1jAJr0Wc+6STg6A/2r7lAh8k=; b=Z1/poYmW45cjv7LNYkKB69NwMZFwnZvKh4vFG+6k08+f3spLw+mSSsETwE1tgZbMD1 HKU7aZ1QKyT4aOvcP8fHNQn8gTaqeG/F0VlqaCbQYBQXuAmW0OSwQa/XQQti57AVxQCe p79ZfZDYrSgg8pFr2OcW+0iCZO/Excu3e9VeE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688485027; x=1691077027; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1v5lGibnAF/heTsoRNB1jAJr0Wc+6STg6A/2r7lAh8k=; b=Yj33gVUmkyjpJ6gCzjFkgPppjKMkAde98R6UzisrzRZG/RUf4zAxZTRdY9OgYvP1qr 8TUumgAZq9FpA7mPDmBHAHlxQnK28KGuKEB5xkYYrr8KpFMqJAaDrLaPo3FvRSIrQ+cI zerBaCvDDClX8ih1Wuo0mwk5tWBJkmEPOnXunXlchP1WPQ034luvJAjTIoUsqq+G2V38 1UJay8pgEVAbLy5XfejIzvS8yYaPicyxAObG2RbVwT+KK7HS0uuVLTPQtp9f06B3K/Sl C2+jZ0P7oaNnChFcn535yEYlyEYKY8TEhF6DNB5hT5NoRnaFRDdGJVTA0ulrFgV52uqT 1rcg== X-Gm-Message-State: ABy/qLZExW4S+fMbTKoKl6Sk2WVHlGVhPLNsy2We/tUV6PANlesIcSgz VQSuOVGgQb2sTma8bZgDlcscuYz3kCNWVHA76cg= X-Received: by 2002:adf:cd0a:0:b0:314:10d8:b482 with SMTP id w10-20020adfcd0a000000b0031410d8b482mr10533375wrm.65.1688485027313; Tue, 04 Jul 2023 08:37:07 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:99b2:81bb:8407:5369]) by smtp.gmail.com with ESMTPSA id b2-20020adfde02000000b0030c4d8930b1sm28538709wrm.91.2023.07.04.08.37.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Jul 2023 08:37:06 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com, Florent Revest Subject: [PATCH v3 1/5] kselftest: vm: Fix tabs/spaces inconsistency in the mdwe test Date: Tue, 4 Jul 2023 17:36:25 +0200 Message-ID: <20230704153630.1591122-2-revest@chromium.org> X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog In-Reply-To: <20230704153630.1591122-1-revest@chromium.org> References: <20230704153630.1591122-1-revest@chromium.org> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770505985068452114?= X-GMAIL-MSGID: =?utf-8?q?1770505985068452114?= Reviewed-by: David Hildenbrand Signed-off-by: Florent Revest Acked-by: Catalin Marinas --- tools/testing/selftests/mm/mdwe_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftests/mm/mdwe_test.c index bc91bef5d254..d0954c657feb 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -49,19 +49,19 @@ FIXTURE_VARIANT(mdwe) FIXTURE_VARIANT_ADD(mdwe, stock) { - .enabled = false, + .enabled = false, .forked = false, }; FIXTURE_VARIANT_ADD(mdwe, enabled) { - .enabled = true, + .enabled = true, .forked = false, }; FIXTURE_VARIANT_ADD(mdwe, forked) { - .enabled = true, + .enabled = true, .forked = true, }; From patchwork Tue Jul 4 15:36:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 115842 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp1313349vqx; Tue, 4 Jul 2023 08:52:40 -0700 (PDT) X-Google-Smtp-Source: APBJJlEf4wBITcrW7zzeNJUYAilwLChzafYiqpewoDSoU1w8t52D7tMTsiYjTFFg4mykj/ONyDSe X-Received: by 2002:a37:f706:0:b0:767:4d81:469 with SMTP id q6-20020a37f706000000b007674d810469mr9366486qkj.52.1688485960156; Tue, 04 Jul 2023 08:52:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688485960; cv=none; d=google.com; s=arc-20160816; b=jesNlbj9IO8XoOj5W6gXwyvGmBsnfboqv/Uf47nUwc85tsfAKn17mB0XS6s0SHBuEK TmXKv20HQIGtzd/5rqMjYUE960AJs8YZgJiFpMuC1xK9KHbm189tuTMok/23YDLEp6QJ wHL1kuw1EBV01GxQTkliJ1kEDDxlFnaW32a8DQywbtIgoT1MV2rAdlhVlEBv83eAcXNA MWq+tSGxSf40a8g9OFrpeuVY2SSTxv7thMMudVwiEQHtncHJONbcR2L+92s6q2jlYOho m3NM1n23EUutJEZ9BwuUa33sgYrTjVN/kToQ8e81EvGK7CdkMlFa8Aw2uAiL2jvoAur2 NpBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=beswSwVGAkwwt+hvsxKunV4bjZ5oFhW4HtgFlCfoMD8=; fh=qt+3dfk+I7w4O6ICPehLV2qOV3K4oyIze2E4W9KFR+E=; b=HA9+26r5FwkGRJ5SnYoGakDYIY97Crr9YK23K2dAAfcBUtEvPhGqz9wVh18vMWc4Tp yuehMqw+rswtNWk6iyy5GkD2m3HSQFODD3j7GkSR3dCub8qTMXiP6vN6153b6kRIXJLy QTvDNkui7NFNvouNZNDnrhboFf2USL3XNJKa2UyxN1nNcMs+hnaE7F8zc83wUwZKZAXs aFvgxMbThYmidJGARkWp5zNYP1D6mPFVJ1/T/wo9E8fbeVqO4MWW4XkT/4p6VlBlOSzz 1P2Ok1KLecMhjtW9zxpzaxka9F6uLKGSY+zXmLHJG+aZ8grxriU4ATTc8oZ4G20x5DNw v15Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=im9v3tz+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y27-20020a056a00181b00b0068273fe79fdsi8203770pfa.163.2023.07.04.08.52.27; Tue, 04 Jul 2023 08:52:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=im9v3tz+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230255AbjGDPhP (ORCPT + 99 others); Tue, 4 Jul 2023 11:37:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230300AbjGDPhM (ORCPT ); Tue, 4 Jul 2023 11:37:12 -0400 Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B216F1B2 for ; Tue, 4 Jul 2023 08:37:10 -0700 (PDT) Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-314313f127fso3214290f8f.1 for ; Tue, 04 Jul 2023 08:37:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1688485029; x=1691077029; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=beswSwVGAkwwt+hvsxKunV4bjZ5oFhW4HtgFlCfoMD8=; b=im9v3tz+dDQKllRZMfAl2CXof/kWuglwbcaU6I+/SM3taNN9W0TM7sI67nnkl3lDSX 9evAJPoxo2Tv50rEz5lihIj5frPU3Hxo1Et5ixkKvTNtQhQyTA6xiirfJK5+I7SVGHC2 vJhjhWvhzJTSHRPd/yK9QTQbknde3VwTLbMWE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688485029; x=1691077029; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=beswSwVGAkwwt+hvsxKunV4bjZ5oFhW4HtgFlCfoMD8=; b=MpG+8JekEMy0pHYzBEZv+2XuIVtA/n0sm91DryhRltOz/JaIUifUDLq0lSi3CccjLd 7EwsoCsAcKyxl/m36SiyVz9UWyKUaEnjcmc7pS0i6bKiXgI1BPA4hVDJl56s6OKP7Vp4 xNAbvah6h3QDzb4xckM115a7WAtDUgqTg34yCutXbHct0u4RlUNkAJUmNVInZRtB7nLi U8djlMy2vH16JaBjDcorYbth385YLowGNqv4xOeOyn9VVRpki9tb8ZBCCKfwXjktWmZG zTcStHtqZuhG2q9l2UrC8WA5+BgyqcTfTRtMA1POhe3fsUg1T4amwBwKuagNV2Xz/QER fP9w== X-Gm-Message-State: ABy/qLY0bet3RijTbkuXboK2VQkt2DWkRiMZywCx+d69CQHx1qc2GmNR IKERAT2CrOV3uBdJnSWAC7Ppt+jRI/WTJy8A3vs= X-Received: by 2002:a5d:4950:0:b0:313:f7f1:e34c with SMTP id r16-20020a5d4950000000b00313f7f1e34cmr11728009wrs.60.1688485028942; Tue, 04 Jul 2023 08:37:08 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:99b2:81bb:8407:5369]) by smtp.gmail.com with ESMTPSA id b2-20020adfde02000000b0030c4d8930b1sm28538709wrm.91.2023.07.04.08.37.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Jul 2023 08:37:08 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com, Florent Revest Subject: [PATCH v3 2/5] kselftest: vm: Fix mdwe's mmap_FIXED test case Date: Tue, 4 Jul 2023 17:36:26 +0200 Message-ID: <20230704153630.1591122-3-revest@chromium.org> X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog In-Reply-To: <20230704153630.1591122-1-revest@chromium.org> References: <20230704153630.1591122-1-revest@chromium.org> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770505854125919652?= X-GMAIL-MSGID: =?utf-8?q?1770505854125919652?= I checked with the original author, the mmap_FIXED test case wasn't properly tested and fails. Currently, it maps two consecutive (non overlapping) pages and expects the second mapping to be denied by MDWE but these two pages have nothing to do with each other so MDWE is actually out of the picture here. What the test actually intended to do was to remap a virtual address using MAP_FIXED. However, this operation unmaps the existing mapping and creates a new one so the va is backed by a new page and MDWE is again out of the picture, all remappings should succeed. This patch keeps the test case to make it clear that this situation is expected to work. Signed-off-by: Florent Revest Reviewed-by: David Hildenbrand Fixes: 4cf1fe34fd18 ("kselftest: vm: add tests for memory-deny-write-execute") Reviewed-by: Ryan Roberts Tested-by: Ryan Roberts Reviewed-by: Catalin Marinas --- tools/testing/selftests/mm/mdwe_test.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftests/mm/mdwe_test.c index d0954c657feb..91aa9c3099e7 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -168,13 +168,10 @@ TEST_F(mdwe, mmap_FIXED) self->p = mmap(NULL, self->size, PROT_READ, self->flags, 0, 0); ASSERT_NE(self->p, MAP_FAILED); - p = mmap(self->p + self->size, self->size, PROT_READ | PROT_EXEC, + /* MAP_FIXED unmaps the existing page before mapping which is allowed */ + p = mmap(self->p, self->size, PROT_READ | PROT_EXEC, self->flags | MAP_FIXED, 0, 0); - if (variant->enabled) { - EXPECT_EQ(p, MAP_FAILED); - } else { - EXPECT_EQ(p, self->p); - } + EXPECT_EQ(p, self->p); } TEST_F(mdwe, arm64_BTI) From patchwork Tue Jul 4 15:36:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 115843 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp1314015vqx; Tue, 4 Jul 2023 08:54:04 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ71ZAeSADK8mJnSbInv/kMi4eAPxHQokuuPPD4TEcDsaF390ahjybTF0dTrvwfd6wr/ak2b X-Received: by 2002:a05:6a20:3d89:b0:126:9f02:da6f with SMTP id s9-20020a056a203d8900b001269f02da6fmr12969247pzi.14.1688486044344; Tue, 04 Jul 2023 08:54:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688486044; cv=none; d=google.com; s=arc-20160816; b=eQ2lGxLPu3dQEShi5nhEQjto+FeRQL2tR+ClPtrhdwpmwmwWwi7NyAYo0/5Ds2FQGN 5Q6PY0xd1x4tj8ADLbqv3sk6/ApexpQMfVK602CgHD8JAsbssfL5qYut3zb4R2FRX5+C Jz/3k7YG1zL9zDHDqOJ6SZQOfv3y67ayc/FmiVobjZttk0/RFWBY6D/yuHWNoSSrl0lD MPt89Ym6pocfepPWrMnhUjNnnscgDqNijsO56qQoHAJ4n8AxLikBUU/1khDtlVLpDT60 jl+b9GMDV3hCIPvMx0tRVzt7wb5Y/6IzPPuQ7P53zvo2USxVmEs9BxmOub459JvIbdn/ KSxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4ZVHggtHO+yJauR9LskgHgrRJhbEnps/FtwfSudSsCo=; fh=+xJFWSwJ73YmTLOVJ5/wbiW+pe05IJ5Lovecy4Q1DYI=; b=BZ1E5bjlDluP7xqqFpnb8WCKT2Aa/z3M+wPgKvhF5wOjs5ZnOw/DpLBvauE/Fn+ASM S5f6wx2qZaCaq2ym+vz4Eo2WNO942UoiLOHYJLHpf40ODwFlydyuOaSr14dNBrdz+9+p nZ9TYTPKLg3I6E7r+rzzSpsGCne4k7a0/QtAtJ48R23kh940BOBNNLOjdz9Mt2nT+Tn0 mVSj2+5P1zVS46TTNJd1k8XUma7nO0NKVAnG+RVmQzr+GDGo+2QqhBE4e9MH6LowGzmw Tzj73cSnuzgrqaSIXe/1hgVgjp9McVnVGq8i9XZI8mFB5u+7X/TxLm3z0R8t79jM6htE j0kg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=MFwOF7sq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q15-20020a631f4f000000b005575a0b31d3si21581532pgm.11.2023.07.04.08.53.49; Tue, 04 Jul 2023 08:54:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=MFwOF7sq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231773AbjGDPhT (ORCPT + 99 others); Tue, 4 Jul 2023 11:37:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48102 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231732AbjGDPhN (ORCPT ); Tue, 4 Jul 2023 11:37:13 -0400 Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6FCE8E4F for ; Tue, 4 Jul 2023 08:37:12 -0700 (PDT) Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-313f61890fbso6220183f8f.3 for ; Tue, 04 Jul 2023 08:37:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1688485030; x=1691077030; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4ZVHggtHO+yJauR9LskgHgrRJhbEnps/FtwfSudSsCo=; b=MFwOF7sqVXBxFanxQfr0POOuegrGEdOtkhF028G3OsKGL3xdsPPzrHjjHCl/yZUQsi 0u2xWsEBho6iRvSucxENpzwYqu7b0USkS0W+q1mqavp72R9LwsRuiUSOgH6bJqxDI2N6 Myg7WgOAMHNQAOKGq0YrI/FSXNdf8mMkegW+0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688485030; x=1691077030; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4ZVHggtHO+yJauR9LskgHgrRJhbEnps/FtwfSudSsCo=; b=Yq04T6bXx7osBDBTUMvMlyuoTX7fPi2Wi+Ma8mZxYng5+hwgFUrTS7PswYvqJcOcBJ 6/wn8gUL0W1NUu7cd3O3fUf2axQFUgFSx0rso9VSzC4HINpUzoTbs9+Bo19P69XFMieE B8qBGNC0+O2xfhy93Xh34U/y45j/jzZRHdU1sw9ZQtonxhjIZYRNUwje8Q0CBz/vmVsg 2R164CMP6DoWDC0sUtgBo1/53BKtYvg3iup18AFrEZ4pBmHYTKE6KdEqoD/h0kxTI86G BKkSV+YBZyLqoibMoQPW52iDVhUTVvdwrz5oib0KQrW+AHXEoz78mTaG2iXrT6YZ/Nex rE3g== X-Gm-Message-State: ABy/qLY4Qu2l+nV43do8+I1+2zr27sbfXs0xnYMtHlwT5q+I5ZvVsUtJ nzmtB6QqZvgDGWEwbmXCUY8ddtdvJbUYdWYoqzI= X-Received: by 2002:a5d:44c2:0:b0:314:1ad7:2ea8 with SMTP id z2-20020a5d44c2000000b003141ad72ea8mr11140519wrr.54.1688485030643; Tue, 04 Jul 2023 08:37:10 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:99b2:81bb:8407:5369]) by smtp.gmail.com with ESMTPSA id b2-20020adfde02000000b0030c4d8930b1sm28538709wrm.91.2023.07.04.08.37.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Jul 2023 08:37:10 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com, Florent Revest , linux-stable@vger.kernel.org Subject: [PATCH v3 3/5] mm: Make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long Date: Tue, 4 Jul 2023 17:36:27 +0200 Message-ID: <20230704153630.1591122-4-revest@chromium.org> X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog In-Reply-To: <20230704153630.1591122-1-revest@chromium.org> References: <20230704153630.1591122-1-revest@chromium.org> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770505942286719471?= X-GMAIL-MSGID: =?utf-8?q?1770505942286719471?= Defining a prctl flag as an int is a footgun because on a 64 bit machine and with a variadic implementation of prctl (like in musl and glibc), when used directly as a prctl argument, it can get casted to long with garbage upper bits which would result in unexpected behaviors. This patch changes the constant to an unsigned long to eliminate that possibilities. This does not break UAPI. Fixes: b507808ebce2 ("mm: implement memory-deny-write-execute as a prctl") Cc: linux-stable@vger.kernel.org Signed-off-by: Florent Revest Suggested-by: Alexey Izbyshev Reviewed-by: David Hildenbrand Acked-by: Catalin Marinas --- include/uapi/linux/prctl.h | 2 +- tools/include/uapi/linux/prctl.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index f23d9a16507f..6e9af6cbc950 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -283,7 +283,7 @@ struct prctl_mm_map { /* Memory deny write / execute */ #define PR_SET_MDWE 65 -# define PR_MDWE_REFUSE_EXEC_GAIN 1 +# define PR_MDWE_REFUSE_EXEC_GAIN (1UL << 0) #define PR_GET_MDWE 66 diff --git a/tools/include/uapi/linux/prctl.h b/tools/include/uapi/linux/prctl.h index f23d9a16507f..6e9af6cbc950 100644 --- a/tools/include/uapi/linux/prctl.h +++ b/tools/include/uapi/linux/prctl.h @@ -283,7 +283,7 @@ struct prctl_mm_map { /* Memory deny write / execute */ #define PR_SET_MDWE 65 -# define PR_MDWE_REFUSE_EXEC_GAIN 1 +# define PR_MDWE_REFUSE_EXEC_GAIN (1UL << 0) #define PR_GET_MDWE 66 From patchwork Tue Jul 4 15:36:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 115839 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp1312550vqx; Tue, 4 Jul 2023 08:50:58 -0700 (PDT) X-Google-Smtp-Source: APBJJlEpm/502brpCXUqAkpMxQKhrg1RHlFYhggl82wFBuLmY3vJMkhKXk5WqHTCBrbzLS5PMPOq X-Received: by 2002:a05:6a21:900c:b0:123:2973:672c with SMTP id tq12-20020a056a21900c00b001232973672cmr9225415pzb.57.1688485857901; Tue, 04 Jul 2023 08:50:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688485857; cv=none; d=google.com; s=arc-20160816; b=FPvdqQhhCLx6QPmpRUjesezTQ7ICZVGGGxJ7jHqqtTqxzyZnxwnbFLGfoZx8ZXgy0V sHRMl2POVGzG5F3kbDIJa7CWAbrFxclEedcYzlL8CbfIS0W5tPfM5SBR/k0wm3mjJA/2 eUNg/Au/3ZQWrUqZHq7fNJqK4vsNBiYOMXYzqYA7W8uDdWxlYdRNAqYDWNnbPWikmDVv VeipKuyT7qbeqKIy6MsaNm+GGPuz1hqlPOc+PJaFgaNo7CZYvLAEXDBp+dfQ6sAGuFBj +Wfse4hKhIUTwzy3XQbMLto1hu24vGBOW6mND/VzL/CwEJmTSUKBal4GfhM5eljs/fRH tEzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=R7tunI1lKMH4tXxhhZlNnHm4rteRjjg9hHxMHKz9rMs=; fh=qt+3dfk+I7w4O6ICPehLV2qOV3K4oyIze2E4W9KFR+E=; b=s2e4cO0WEBG8ICQyFFBHh0OnpUw703J/f6wN/0ID2o5G9OzNmV0WNDqfDisuzddEkY vNFd9czti1pmM6KdlCl7nfnrEblTVhe4/uXpII0AkezMVTnc8Eom3OAmu+xQypIpmf+P spH0i0eVYK7bwj++Zsty04C/iDBkDqGecAeEIjPjB3KUM5AoD/V//RkUlfZqXMUX5PUg kokVx5wRcQejFckn7+ekW+4x9iyhq5QSiGyeN74AMDPDlJoONKgvXA7PLVtSjxIuype9 kxawdtZGFzKgEE85LPUtPKkMFGIStifsLDY98bGuYASG3bwKbWcuZZkaCMV1jO52ta/U xYqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="IH8/lYad"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j13-20020a170902c3cd00b001b86deba2fbsi9204634plj.605.2023.07.04.08.50.44; Tue, 04 Jul 2023 08:50:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="IH8/lYad"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231583AbjGDPhW (ORCPT + 99 others); Tue, 4 Jul 2023 11:37:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231750AbjGDPhP (ORCPT ); Tue, 4 Jul 2023 11:37:15 -0400 Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6031BE42 for ; Tue, 4 Jul 2023 08:37:14 -0700 (PDT) Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-307d20548adso6353240f8f.0 for ; Tue, 04 Jul 2023 08:37:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1688485032; x=1691077032; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=R7tunI1lKMH4tXxhhZlNnHm4rteRjjg9hHxMHKz9rMs=; b=IH8/lYadcMH//iw9M9Op8dU0l1sj9aFWw0lBe6q6pMiopghB2cvLo/OcIkjbXfOgC6 Y7x5+a5kcNvS9pp+WWGqp5o36R5bI4rsQwvbYsUc1Qx6T4i713ReMLLt4ZaDVZsYaSd5 A3rBFK/cCnkuHUUrd8RED5SGzIm8RjYv50e0Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688485032; x=1691077032; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R7tunI1lKMH4tXxhhZlNnHm4rteRjjg9hHxMHKz9rMs=; b=YAJu9BjjfN8+TYd0Nt1Lp57Ikw7WDZGHqjRCYNtEScSb6Qjj8aZNy1t6b8kUtHG1TV rCz/4heUAb+GZmuur/RIr+limqkce2IJxrtUv6eBZ1gXT/kYSOXEUtdgDXsvNs2DCx6L Ml7uPZxHNcYZjNPXeBWh7qpAqSzeO7J83mxfO0u12ZLUnc6VGj6hn3aEZqL/XnzYpygF HHTEkTGE6gq4C+69vRUsYBOtZ+7vg120cTmwkkU/AtBFcI9LRikgW9fYHoG+ix4tM+0q NPVPnYJUWtbpfyFB27w+uX7KZvbFVpd3gKNF8f3xs4J1Czvw8K1dwcqdo/+l9DEDv0J3 cOnw== X-Gm-Message-State: ABy/qLZRFdQIjVjwyk4k2bYnmt8rncUUGbFjOsZr+8c4ZZzqXTkYF1+x 3EpqAeGx6lukjvHAJyhI81cnS8FMZuwNtr3krGc= X-Received: by 2002:a5d:4f86:0:b0:30f:c42e:3299 with SMTP id d6-20020a5d4f86000000b0030fc42e3299mr10482799wru.60.1688485032503; Tue, 04 Jul 2023 08:37:12 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:99b2:81bb:8407:5369]) by smtp.gmail.com with ESMTPSA id b2-20020adfde02000000b0030c4d8930b1sm28538709wrm.91.2023.07.04.08.37.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Jul 2023 08:37:11 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com, Florent Revest Subject: [PATCH v3 4/5] mm: Add a NO_INHERIT flag to the PR_SET_MDWE prctl Date: Tue, 4 Jul 2023 17:36:28 +0200 Message-ID: <20230704153630.1591122-5-revest@chromium.org> X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog In-Reply-To: <20230704153630.1591122-1-revest@chromium.org> References: <20230704153630.1591122-1-revest@chromium.org> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770505747198181823?= X-GMAIL-MSGID: =?utf-8?q?1770505747198181823?= This extends the current PR_SET_MDWE prctl arg with a bit to indicate that the process doesn't want MDWE protection to propagate to children. To implement this no-inherit mode, the tag in current->mm->flags must be absent from MMF_INIT_MASK. This means that the encoding for "MDWE but without inherit" is different in the prctl than in the mm flags. This leads to a bit of bit-mangling in the prctl implementation. Signed-off-by: Florent Revest Reviewed-by: Catalin Marinas --- include/linux/sched/coredump.h | 10 ++++++++++ include/uapi/linux/prctl.h | 1 + kernel/fork.c | 2 +- kernel/sys.c | 32 ++++++++++++++++++++++++++------ tools/include/uapi/linux/prctl.h | 1 + 5 files changed, 39 insertions(+), 7 deletions(-) diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h index 0ee96ea7a0e9..1b37fa8fc723 100644 --- a/include/linux/sched/coredump.h +++ b/include/linux/sched/coredump.h @@ -91,4 +91,14 @@ static inline int get_dumpable(struct mm_struct *mm) MMF_DISABLE_THP_MASK | MMF_HAS_MDWE_MASK) #define MMF_VM_MERGE_ANY 29 +#define MMF_HAS_MDWE_NO_INHERIT 30 + +static inline unsigned long mmf_init_flags(unsigned long flags) +{ + if (flags & (1UL << MMF_HAS_MDWE_NO_INHERIT)) + flags &= ~((1UL << MMF_HAS_MDWE) | + (1UL << MMF_HAS_MDWE_NO_INHERIT)); + return flags & MMF_INIT_MASK; +} + #endif /* _LINUX_SCHED_COREDUMP_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 6e9af6cbc950..dacbe824e7c3 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -284,6 +284,7 @@ struct prctl_mm_map { /* Memory deny write / execute */ #define PR_SET_MDWE 65 # define PR_MDWE_REFUSE_EXEC_GAIN (1UL << 0) +# define PR_MDWE_NO_INHERIT (1UL << 1) #define PR_GET_MDWE 66 diff --git a/kernel/fork.c b/kernel/fork.c index d17995934eb4..bc3c762d378f 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1284,7 +1284,7 @@ static struct mm_struct *mm_init(struct mm_struct *mm, struct task_struct *p, hugetlb_count_init(mm); if (current->mm) { - mm->flags = current->mm->flags & MMF_INIT_MASK; + mm->flags = mmf_init_flags(current->mm->flags); mm->def_flags = current->mm->def_flags & VM_INIT_DEF_MASK; } else { mm->flags = default_dump_filter; diff --git a/kernel/sys.c b/kernel/sys.c index 339fee3eff6a..1a2dc3da43ea 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2362,19 +2362,41 @@ static int prctl_set_vma(unsigned long opt, unsigned long start, } #endif /* CONFIG_ANON_VMA_NAME */ +static inline unsigned long get_current_mdwe(void) +{ + unsigned long ret = 0; + + if (test_bit(MMF_HAS_MDWE, ¤t->mm->flags)) + ret |= PR_MDWE_REFUSE_EXEC_GAIN; + if (test_bit(MMF_HAS_MDWE_NO_INHERIT, ¤t->mm->flags)) + ret |= PR_MDWE_NO_INHERIT; + + return ret; +} + static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3, unsigned long arg4, unsigned long arg5) { + unsigned long current_bits; + if (arg3 || arg4 || arg5) return -EINVAL; - if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN)) + if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT)) + return -EINVAL; + + /* NO_INHERIT only makes sense with REFUSE_EXEC_GAIN */ + if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN)) return -EINVAL; + current_bits = get_current_mdwe(); + if (current_bits && current_bits != bits) + return -EPERM; /* Cannot unset the flags */ + + if (bits & PR_MDWE_NO_INHERIT) + set_bit(MMF_HAS_MDWE_NO_INHERIT, ¤t->mm->flags); if (bits & PR_MDWE_REFUSE_EXEC_GAIN) set_bit(MMF_HAS_MDWE, ¤t->mm->flags); - else if (test_bit(MMF_HAS_MDWE, ¤t->mm->flags)) - return -EPERM; /* Cannot unset the flag */ return 0; } @@ -2384,9 +2406,7 @@ static inline int prctl_get_mdwe(unsigned long arg2, unsigned long arg3, { if (arg2 || arg3 || arg4 || arg5) return -EINVAL; - - return test_bit(MMF_HAS_MDWE, ¤t->mm->flags) ? - PR_MDWE_REFUSE_EXEC_GAIN : 0; + return (int)get_current_mdwe(); } static int prctl_get_auxv(void __user *addr, unsigned long len) diff --git a/tools/include/uapi/linux/prctl.h b/tools/include/uapi/linux/prctl.h index 6e9af6cbc950..dacbe824e7c3 100644 --- a/tools/include/uapi/linux/prctl.h +++ b/tools/include/uapi/linux/prctl.h @@ -284,6 +284,7 @@ struct prctl_mm_map { /* Memory deny write / execute */ #define PR_SET_MDWE 65 # define PR_MDWE_REFUSE_EXEC_GAIN (1UL << 0) +# define PR_MDWE_NO_INHERIT (1UL << 1) #define PR_GET_MDWE 66 From patchwork Tue Jul 4 15:36:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 115838 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp1311598vqx; Tue, 4 Jul 2023 08:48:57 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ73qqsnYWOvVT8ztpb00dSGzBnoUs3viOQhJlQAA40s5G1/HdxCAR6iHHbPPLgBUOptt15+ X-Received: by 2002:a05:6a20:3943:b0:128:b722:e789 with SMTP id r3-20020a056a20394300b00128b722e789mr14462996pzg.1.1688485737392; Tue, 04 Jul 2023 08:48:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688485737; cv=none; d=google.com; s=arc-20160816; b=hHcUt2ytWzqeKw/gS1egyb4v1nJlpQnDP42iyeGQmAtCXWLTgL3XkPrVwKkmQtrl7f Hxc0e3NLQmUBUXjiGH915rIyOkKlmHIk9cKslm4hiL51FGtrtB4gyxkqRK1F6ZOY1281 +iystb8uWUI24SC5JcZ+StfbNrgO+h5DcwVNm6aaZxWhCaSh9KchNKWol3WLCkCuultP 8FqVB+D+tpGHqpYGZY2X3XXuAOg2C4KwSJl3L81jVBa400IRSRSpIu5Bsheahkiu/Dan eRelBGp7VVGGY2e5TqMIJpCeLYuV5SQuYozaj9do12XgjkYkoMG+8yLVrcURQo2OcfGy jBpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=rLVIku7SViX3h+Lcl0E/1oJd3wDCllnW/4/cStAOVU8=; fh=qt+3dfk+I7w4O6ICPehLV2qOV3K4oyIze2E4W9KFR+E=; b=Sak7n/uYWUOWrDR19E/4cZqvx1WXsd5SRUUMHC+1QgRloYNlZEUXdOVThJ5f3JJSWj syy4DkRmx3F52xmnTpBHNOxDEoBxX1fY0QPW8agY29eWS6/sbC8ayiomVHO5LKf7f91z SjG0SMUp9l2Bq3863B+rGANMMI47dJUj1WlxXfTVTHv6DwU+CtjJxIAqzUXM6nVF9O5t 6nZij4QSc1jk+nXKrZxKy2kJJ6ZmIRAxuDAa0L/QIOA0/N6yK+pANyqs4UgkRW47y6gy SKUESG/uaIlP1oc86zeEdiXUyV0k5jKOu3EsMpvaAUojfWBRv4hyH40PhvtsI6PYKgB1 x13A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=JOEPaz3v; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s20-20020a656914000000b00557a2aa39d7si19962372pgq.31.2023.07.04.08.48.44; Tue, 04 Jul 2023 08:48:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=JOEPaz3v; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231604AbjGDPhZ (ORCPT + 99 others); Tue, 4 Jul 2023 11:37:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48156 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231765AbjGDPhR (ORCPT ); Tue, 4 Jul 2023 11:37:17 -0400 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2AF47E54 for ; Tue, 4 Jul 2023 08:37:16 -0700 (PDT) Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-313fb7f0f80so6339744f8f.2 for ; Tue, 04 Jul 2023 08:37:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1688485034; x=1691077034; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rLVIku7SViX3h+Lcl0E/1oJd3wDCllnW/4/cStAOVU8=; b=JOEPaz3vnVicEmuh0M2bGeQ1kl3GzOWIF49GpZl60KzO+GPWcT5dbD+wvseGGR0wpF IxOhrzyb0mInXy8d4183tOtH9SMwjHJhP23A8fyQrPc/56y0fXEdeGOra4JIsTvrhDEV wdGE+jVfHMmym/en2jJSDy3V5xHMkHz6rdQqU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688485034; x=1691077034; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rLVIku7SViX3h+Lcl0E/1oJd3wDCllnW/4/cStAOVU8=; b=XYT7+FwE5PS0sdDRVttelkLM3NC82f8D8IrxqfR3f7abV+v/dHsEILZqj37bzIo4RR bQCgNqoa4+57CqfOq+L8AivDrJwO2ZK751tYFzW5FlIwD1wPyA0jX66voeeipF0Vo6rn XvYGRAxIOSmthMhgLA7nZ2D/8HtdpG+zLuxlEUMBtZPjgRT+k/SUChegcFq2YaVl4zTi ScCCX/jYx5/qDgVQP1m8Ut59z9JE0gciQQXPXIq2Wk0aKzMPgVG8pnz682uSx1egiNAa XXRz42dfQK2E6lk6a+Ku/2W6ALmvFcQhoXO0QUoqJ4Mu3jfXk30wGoNW05y+6lN9oGCu PPMA== X-Gm-Message-State: ABy/qLZ8AvheEEdUdJqXXDlE+8/tLyEds0Q/seCA6Qe5qOaCneeTd+np KqJzZuerfHunuiPBnyPUXble9lc/bjKgEH/U3TI= X-Received: by 2002:a5d:6392:0:b0:314:37a2:5900 with SMTP id p18-20020a5d6392000000b0031437a25900mr5264050wru.14.1688485034312; Tue, 04 Jul 2023 08:37:14 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:99b2:81bb:8407:5369]) by smtp.gmail.com with ESMTPSA id b2-20020adfde02000000b0030c4d8930b1sm28538709wrm.91.2023.07.04.08.37.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Jul 2023 08:37:13 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com, Florent Revest Subject: [PATCH v3 5/5] kselftest: vm: Add tests for no-inherit memory-deny-write-execute Date: Tue, 4 Jul 2023 17:36:29 +0200 Message-ID: <20230704153630.1591122-6-revest@chromium.org> X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog In-Reply-To: <20230704153630.1591122-1-revest@chromium.org> References: <20230704153630.1591122-1-revest@chromium.org> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770505620361549306?= X-GMAIL-MSGID: =?utf-8?q?1770505620361549306?= Add some tests to cover the new PR_MDWE_NO_INHERIT flag of the PR_SET_MDWE prctl. Check that: - it can't be set without PR_SET_MDWE - MDWE flags can't be unset - when set, PR_SET_MDWE doesn't propagate to children Signed-off-by: Florent Revest Acked-by: Catalin Marinas --- tools/testing/selftests/mm/mdwe_test.c | 98 ++++++++++++++++++++++++-- 1 file changed, 92 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftests/mm/mdwe_test.c index 91aa9c3099e7..7bfc98bf9baa 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -22,6 +22,8 @@ TEST(prctl_flags) { + EXPECT_LT(prctl(PR_SET_MDWE, PR_MDWE_NO_INHERIT, 0L, 0L, 7L), 0); + EXPECT_LT(prctl(PR_SET_MDWE, 7L, 0L, 0L, 0L), 0); EXPECT_LT(prctl(PR_SET_MDWE, 0L, 7L, 0L, 0L), 0); EXPECT_LT(prctl(PR_SET_MDWE, 0L, 0L, 7L, 0L), 0); @@ -33,6 +35,69 @@ TEST(prctl_flags) EXPECT_LT(prctl(PR_GET_MDWE, 0L, 0L, 0L, 7L), 0); } +FIXTURE(consecutive_prctl_flags) {}; +FIXTURE_SETUP(consecutive_prctl_flags) {} +FIXTURE_TEARDOWN(consecutive_prctl_flags) {} + +FIXTURE_VARIANT(consecutive_prctl_flags) +{ + unsigned long first_flags; + unsigned long second_flags; + bool should_work; +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, same) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .second_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .should_work = true, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_mdwe) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .second_flags = 0, + .should_work = false, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_mdwe_no_inherit) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .second_flags = 0, + .should_work = false, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_no_inherit) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .second_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .should_work = false, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_enable_no_inherit) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .second_flags = PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .should_work = false, +}; + +TEST_F(consecutive_prctl_flags, two_prctls) +{ + int ret; + + EXPECT_EQ(prctl(PR_SET_MDWE, variant->first_flags, 0L, 0L, 0L), 0); + + ret = prctl(PR_SET_MDWE, variant->second_flags, 0L, 0L, 0L); + if (variant->should_work) { + EXPECT_EQ(ret, 0); + + ret = prctl(PR_GET_MDWE, 0L, 0L, 0L, 0L); + ASSERT_EQ(ret, variant->second_flags); + } else { + EXPECT_NE(ret, 0); + } +} + FIXTURE(mdwe) { void *p; @@ -45,28 +110,45 @@ FIXTURE_VARIANT(mdwe) { bool enabled; bool forked; + bool inherit; }; FIXTURE_VARIANT_ADD(mdwe, stock) { .enabled = false, .forked = false, + .inherit = false, }; FIXTURE_VARIANT_ADD(mdwe, enabled) { .enabled = true, .forked = false, + .inherit = true, }; -FIXTURE_VARIANT_ADD(mdwe, forked) +FIXTURE_VARIANT_ADD(mdwe, inherited) { .enabled = true, .forked = true, + .inherit = true, }; +FIXTURE_VARIANT_ADD(mdwe, not_inherited) +{ + .enabled = true, + .forked = true, + .inherit = false, +}; + +static bool executable_map_should_fail(const FIXTURE_VARIANT(mdwe) *variant) +{ + return variant->enabled && (!variant->forked || variant->inherit); +} + FIXTURE_SETUP(mdwe) { + unsigned long mdwe_flags; int ret, status; self->p = NULL; @@ -76,13 +158,17 @@ FIXTURE_SETUP(mdwe) if (!variant->enabled) return; - ret = prctl(PR_SET_MDWE, PR_MDWE_REFUSE_EXEC_GAIN, 0L, 0L, 0L); + mdwe_flags = PR_MDWE_REFUSE_EXEC_GAIN; + if (!variant->inherit) + mdwe_flags |= PR_MDWE_NO_INHERIT; + + ret = prctl(PR_SET_MDWE, mdwe_flags, 0L, 0L, 0L); ASSERT_EQ(ret, 0) { TH_LOG("PR_SET_MDWE failed or unsupported"); } ret = prctl(PR_GET_MDWE, 0L, 0L, 0L, 0L); - ASSERT_EQ(ret, 1); + ASSERT_EQ(ret, mdwe_flags); if (variant->forked) { self->pid = fork(); @@ -113,7 +199,7 @@ TEST_F(mdwe, mmap_READ_EXEC) TEST_F(mdwe, mmap_WRITE_EXEC) { self->p = mmap(NULL, self->size, PROT_WRITE | PROT_EXEC, self->flags, 0, 0); - if (variant->enabled) { + if (executable_map_should_fail(variant)) { EXPECT_EQ(self->p, MAP_FAILED); } else { EXPECT_NE(self->p, MAP_FAILED); @@ -139,7 +225,7 @@ TEST_F(mdwe, mprotect_add_EXEC) ASSERT_NE(self->p, MAP_FAILED); ret = mprotect(self->p, self->size, PROT_READ | PROT_EXEC); - if (variant->enabled) { + if (executable_map_should_fail(variant)) { EXPECT_LT(ret, 0); } else { EXPECT_EQ(ret, 0); @@ -154,7 +240,7 @@ TEST_F(mdwe, mprotect_WRITE_EXEC) ASSERT_NE(self->p, MAP_FAILED); ret = mprotect(self->p, self->size, PROT_WRITE | PROT_EXEC); - if (variant->enabled) { + if (executable_map_should_fail(variant)) { EXPECT_LT(ret, 0); } else { EXPECT_EQ(ret, 0);