From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E61ACC433F5 for ; Thu, 7 Apr 2022 20:01:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 414246B0072; Thu, 7 Apr 2022 16:01:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3942D6B0073; Thu, 7 Apr 2022 16:01:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 20F536B0074; Thu, 7 Apr 2022 16:01:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (relay.hostedemail.com [64.99.140.25]) by kanga.kvack.org (Postfix) with ESMTP id 0A4B76B0072 for ; Thu, 7 Apr 2022 16:01:02 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id CDCE425E62 for ; Thu, 7 Apr 2022 20:00:51 +0000 (UTC) X-FDA: 79331151102.12.E6F0B3F Received: from mail-io1-f45.google.com (mail-io1-f45.google.com [209.85.166.45]) by imf08.hostedemail.com (Postfix) with ESMTP id 2AD4C160026 for ; Thu, 7 Apr 2022 20:00:35 +0000 (UTC) Received: by mail-io1-f45.google.com with SMTP id r2so8138427iod.9 for ; Thu, 07 Apr 2022 13:00:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=EW4jKj0Aht/BtYVNZ+iEkVJaVKtkBsTq1J5snmk+nuY=; b=flcQDSKpQ1QojYalveVlM2QHe4EtNYUqKNuiUf73lypG7bstIhL9ocdBgbQBh5Sqja xwvhtj2rN4/FqHuP1JsNlWwRpWCWnAc6tTUbe+0v1JUFdXEEmb2SI6rUMigoHiIPhEky 9RNA6V8JjVxaC7YbWgKp/Hd558UCx0VCb0DxY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=EW4jKj0Aht/BtYVNZ+iEkVJaVKtkBsTq1J5snmk+nuY=; b=hAZUFg9lJWp76PJqwjgtjuYegtp2WOTulmognXsgPJN9w0uay82HkRMC23cY9v69jH WRPX1MlhuW/wZIQLsd1hi7uePYZrI9Jt2Kq97l/USdR2NhNZWt/q/gjt32bjFgxE/UCs Cmvrhe7l2NR0MkSDWAFPf5oYUtXk9mxfrTFy72dluC3x4k0c0mM35rPUN62FUgEWEe77 YzqHitwYu88xzbNyHdFgmU1BfUvrRWaC7yb702LPtp7lNZ8bgrW7eYG/DXUiGeBvdafa YRyoHh9Jv/Okb+xYJL/xDOB1nAirZ4lE8aMtZHWqSshfVRY+QRR0hLqarmWeUTbwwFfZ uUug== X-Gm-Message-State: AOAM531F+SH2P19U+xy1hrkToaDjncGPfkPANpyvlHIf6wFsbh+s6y0o oyUeiBpptrHQSbkgUEWo8DUY2g== X-Google-Smtp-Source: ABdhPJwNaq968o79j7Sy32TZQ5p516IMnSRGKRGZljWrjagyqsAVFjo4QD4QFxfDdSlgbH/rE3i/zQ== X-Received: by 2002:a02:a98f:0:b0:315:19db:27a3 with SMTP id q15-20020a02a98f000000b0031519db27a3mr7313724jam.184.1649361633505; Thu, 07 Apr 2022 13:00:33 -0700 (PDT) Received: from [192.168.1.128] ([71.205.29.0]) by smtp.gmail.com with ESMTPSA id u15-20020a056e021a4f00b002c665afb993sm12217063ilv.11.2022.04.07.13.00.32 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 07 Apr 2022 13:00:33 -0700 (PDT) Subject: Re: [PATCH 3/4] selftests/memfd: add tests for F_SEAL_EXEC To: Daniel Verkamp , linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Andrew Morton , Hugh Dickins , Mattias Nissler , Dmitry Torokhov , Kees Cook , Shuah Khan References: <20220401220834.307660-1-dverkamp@chromium.org> <20220401220834.307660-4-dverkamp@chromium.org> From: Shuah Khan Message-ID: <6f71a4f3-8f8e-926b-883c-1df630cfc1a0@linuxfoundation.org> Date: Thu, 7 Apr 2022 14:00:32 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: <20220401220834.307660-4-dverkamp@chromium.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Stat-Signature: w6rz7mu138kixoscbyowdm9izfca77hu X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 2AD4C160026 Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=linuxfoundation.org header.s=google header.b=flcQDSKp; dmarc=temperror reason="query timed out" header.from=linuxfoundation.org (policy=temperror); spf=pass (imf08.hostedemail.com: domain of skhan@linuxfoundation.org designates 209.85.166.45 as permitted sender) smtp.mailfrom=skhan@linuxfoundation.org X-Rspam-User: X-HE-Tag: 1649361635-751722 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 4/1/22 4:08 PM, Daniel Verkamp wrote: > Basic tests to ensure that user/group/other execute bits cannot be > changed after applying F_SEAL_EXEC to a memfd. > > Signed-off-by: Daniel Verkamp > --- > tools/testing/selftests/memfd/memfd_test.c | 80 ++++++++++++++++++++++ > 1 file changed, 80 insertions(+) > > diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c > index 94df2692e6e4..fdb0e46e9df9 100644 > --- a/tools/testing/selftests/memfd/memfd_test.c > +++ b/tools/testing/selftests/memfd/memfd_test.c > @@ -28,6 +28,10 @@ > #define MFD_DEF_SIZE 8192 > #define STACK_SIZE 65536 > > +#ifndef F_SEAL_EXEC > +#define F_SEAL_EXEC 0x0020 > +#endif > + > /* > * Default is not to test hugetlbfs > */ > @@ -594,6 +598,48 @@ static void mfd_fail_grow_write(int fd) > } > } > > +static void mfd_assert_mode(int fd, int mode) > +{ > + struct stat st; > + > + if (fstat(fd, &st) < 0) { > + printf("fstat(%d) failed: %m\n", fd); Let's print the filename here - just printing fd isn't useful. > + abort(); > + } else if ((st.st_mode & 07777) != mode) { > + printf("wrong file mode 0%04o, but expected 0%04o\n", > + (int)st.st_mode & 07777, mode); This one doesn't even print fd - same comment here about filename. > + abort(); > + } > +} > + > +static void mfd_assert_chmod(int fd, int mode) > +{ > + if (fchmod(fd, mode) < 0) { > + printf("fchmod(0%04o) failed: %m\n", mode); Same here. > + abort(); > + } > + > + mfd_assert_mode(fd, mode); > +} > + > +static void mfd_fail_chmod(int fd, int mode) > +{ > + struct stat st; > + > + if (fstat(fd, &st) < 0) { > + printf("fstat(%d) failed: %m\n", fd); Same comment about filename > + abort(); > + } > + > + if (fchmod(fd, mode) == 0) { > + printf("fchmod(0%04o) didn't fail as expected\n"); Same comment about filename > + abort(); > + } > + > + /* verify that file mode bits did not change */ > + mfd_assert_mode(fd, st.st_mode & 07777); > +} > + > static int idle_thread_fn(void *arg) > { > sigset_t set; > @@ -880,6 +926,39 @@ static void test_seal_resize(void) > close(fd); > } > > +/* > + * Test SEAL_EXEC > + * Test that chmod() cannot change x bits after sealing > + */ > +static void test_seal_exec(void) > +{ > + int fd; > + > + printf("%s SEAL-EXEC\n", memfd_str); > + > + fd = mfd_assert_new("kern_memfd_seal_exec", > + mfd_def_size, > + MFD_CLOEXEC | MFD_ALLOW_SEALING); > + > + mfd_assert_mode(fd, 0777); > + > + mfd_assert_chmod(fd, 0644); > + > + mfd_assert_has_seals(fd, 0); > + mfd_assert_add_seals(fd, F_SEAL_EXEC); > + mfd_assert_has_seals(fd, F_SEAL_EXEC); > + > + mfd_assert_chmod(fd, 0600); > + mfd_fail_chmod(fd, 0777); > + mfd_fail_chmod(fd, 0670); > + mfd_fail_chmod(fd, 0605); > + mfd_fail_chmod(fd, 0700); > + mfd_fail_chmod(fd, 0100); > + mfd_assert_chmod(fd, 0666); > + > + close(fd); > +} > + > /* > * Test sharing via dup() > * Test that seals are shared between dupped FDs and they're all equal. > @@ -1059,6 +1138,7 @@ int main(int argc, char **argv) > test_seal_shrink(); > test_seal_grow(); > test_seal_resize(); > + test_seal_exec(); > > test_share_dup("SHARE-DUP", ""); > test_share_mmap("SHARE-MMAP", ""); > The rest looks good. thanks, -- Shuah