From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BA6B2C83F12 for ; Mon, 28 Aug 2023 14:47:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4F99B28001B; Mon, 28 Aug 2023 10:47:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4AA218E000E; Mon, 28 Aug 2023 10:47:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 34B3D28001B; Mon, 28 Aug 2023 10:47:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 23A408E000E for ; Mon, 28 Aug 2023 10:47:36 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id E694B80465 for ; Mon, 28 Aug 2023 14:47:35 +0000 (UTC) X-FDA: 81173792070.02.D2734A2 Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by imf01.hostedemail.com (Postfix) with ESMTP id 1ECA240015 for ; Mon, 28 Aug 2023 14:47:33 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=hRMqq5hV; spf=pass (imf01.hostedemail.com: domain of revest@chromium.org designates 209.85.210.173 as permitted sender) smtp.mailfrom=revest@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1693234054; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ExceV+hrrvGrpXdUMoyT/5SYkxh4kUw1IYyrUMACmZs=; b=vB+/y47YfPxbL3I40Tp0HaZu6oyUjcE3myDOdSL909t4cEnA1W1hmjhpow26syX3aaM9eB fqvfZn6gGp8orKUxwi/fiswSZqKLO0l2078/4+KOv3PqUde/tHqcUvKs3cgWe3HYlJRQuN KQYXXkW/IMdgaOr1kFMmcbm4azM2VpA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1693234054; a=rsa-sha256; cv=none; b=MeKD1vPW6rKLrVPuFzVXeZ6GpxGkjigvytMNn9nfBShQ1gl89x8kG+38VLcMx9gZSovcgQ +3IQ4upYAtqxvoMdeTP0Y8BcQjOK4/64yB42mzUpaJEOXMIOygn9lRMK9dTin1p05dgUso cGQl2SCKxKpDzfj6kD5K1zqRy91FVwE= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=hRMqq5hV; spf=pass (imf01.hostedemail.com: domain of revest@chromium.org designates 209.85.210.173 as permitted sender) smtp.mailfrom=revest@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-686be3cbea0so2831805b3a.0 for ; Mon, 28 Aug 2023 07:47:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1693234053; x=1693838853; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ExceV+hrrvGrpXdUMoyT/5SYkxh4kUw1IYyrUMACmZs=; b=hRMqq5hVKK0gMe+Ktzn8O+AePjKMYaGeOfOjtFOleMfY2bpVFGAyr5Tb51GkJEquzp 6xIKksDL1WfcMyidWqB9xB460JM/z6cj8EHA0z8PK1MrhqotyiHLwDwjtlH9NwtclcgC c3R2F/bja1Kme2reS1Ljdi9mRmQogCbNMNbM4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693234053; x=1693838853; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ExceV+hrrvGrpXdUMoyT/5SYkxh4kUw1IYyrUMACmZs=; b=ME3bG+oP3dNsZavGzou5ZqQ6flqgXLlaSIpk5YlnXmY3yxLEnwyPD+qwWVtp5Xz304 NCP6uvlgCIQO9RU3JILkGe5E5zaucWOTGCacJTih/GV1rw6aHtLjDQWbDlufmp2xVsH7 Q891/lOu/ka4gsrO54uvWDC1KrDCzbMiDm2ibHm7yTdahkNTw0o2weC8V8ZVrIbTi4bl xE4wLF6lxc77Xfb3MWrIuaxNnN1MH9++77mRVxl1y/o0PcTTQ0DXFSdA67zIL2t7mgsP uk6XupxurjH5Y/VT/z6h4wGedd7zKO1175qmrlns5lDrp3LlX/U3Y3yQ/OYEWM6f/hS/ AXeA== X-Gm-Message-State: AOJu0YzuExbAmL3bXlY3YDq60W7iPxfN3VF3PuROQoYglX/rsXJbb8XB F0vl85Lf2AvuLh4U9lSn6dOR9dSbj7PcN7s9smvfzQ== X-Google-Smtp-Source: AGHT+IGu90ReA3cm4dDkeELUS1d/I9GphXu+VHcIkMBRJeYE7IjncmkQmrYZO11+F3sPny3dE3iQMhcxXmFk1/KnXTw= X-Received: by 2002:a17:90a:cb12:b0:26f:6f2a:a11 with SMTP id z18-20020a17090acb1200b0026f6f2a0a11mr32136188pjt.12.1693234052762; Mon, 28 Aug 2023 07:47:32 -0700 (PDT) MIME-Version: 1.0 References: <20230704153630.1591122-1-revest@chromium.org> <20230704153630.1591122-6-revest@chromium.org> <202308251538.F716651@keescook> In-Reply-To: <202308251538.F716651@keescook> From: Florent Revest Date: Mon, 28 Aug 2023 16:47:21 +0200 Message-ID: Subject: Re: [PATCH v3 5/5] kselftest: vm: Add tests for no-inherit memory-deny-write-execute To: Kees Cook Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 1ECA240015 X-Rspam-User: X-Stat-Signature: ac4csi7ch1ypc8npi8h3jm6b4j8gwwpa X-Rspamd-Server: rspam03 X-HE-Tag: 1693234053-822744 X-HE-Meta: U2FsdGVkX1+StB5WR8PMdexOaU3ETvsjm60PcfaqD+mIlW9avhEawSgcjhDqI2HkEGjcYQn//oOyLPOYi9zibGEKlBZB5zGy9fXHFQiM031jivl9dtCSTJ+Gw5FjwS7enE4lrgI1wGht1a0y6JqutYe3Wm3SKaqplqO4QGA8asF3tFOEp1NSTumGZgsnH+c7svsJZrT3wXgdkHyLOqIWpF4t+OkOVh6RIJ9PV1HsBkf9OvuDt9E+n5DXXQt5QMM+VB1BR8KyqhxcKvhKG7SSZgPPRcQmKUWzpGJj/V9adU0eLzKlun6dj+j9kXBGzZRwqaHFhtYb+5f235XVPJYzogOMVzCLeouWHCwWRkvF7L0efsHDK6zqmKOolS1TyNctSs+BEcADXjwtcEGEhWnA6B8PhVbodWRSceTwVtbmw6l/UXCYTsfrmEBiPEAJRS05K5Bqb9FyCTbU/wK0cYAmLRLwYcKg6RP7eZ7uHHD06TZh0oJ4G5vnKR9RLbg/iqdr/zsp8aZ1IIBfGvJytB0XMjam9aUeS3611l30JhQ5CqKcZ4lHHO/guOZ9jT98CxVCxRa40nckjNGT/Sa7pZLFpBDQUMjlvW9qMDc6TKQ39dvjHmfTM74TiuZO/fkhiGBW9IzFwQoMEBXi3NgMHC5E9Ie2fz95NVBEJkvdzC/DecUl5pE+wrVMoyoDws7JGFPpKWZd6Gkt5vDzIgGtNq6vgQEXyBOwTEYr19NWPCTxUnHnN0cXNQ0NPJPLJ3Kdt8B1/8hlOouTROhkL0XW0cMX+B8dMeZgNP3njTyjcOiIpnCyi3jVCet1noJtnG+raB7HtfxljRsaq0/CaI3t3ZmTOUzqcWuLwT4MYQr+sC3uUcjFAmLHOYLu8FnhcIyy1k3Pg5bT6o1kKaXxpX22VDq3dfXo71zt7uU2agE9fWeIzvISeM9dfqwLouDvqjQWMqS6aNxvHWuBv7PoYDIqpKt +FJZvIC9 KRzkJIDsiPileQ2i1pcoR7TyLWuk6nLNXRzX2cNiO7GLD9BUYDlt66f2Y/cAD5J4ozXvuGaG2EtzsoiflrD3vNilzVgk23x1hhkFHxRau4CFA3BrNmlupSfaVI6Vdkxu9snAwqJyRHJU34IFvjPiB4stqbwWpDeMfSTPNcUlYeNcNF2kc/N5puKQI1dElBH7P8T8Nl1UEDa6+LPr9qYrtjWqOJ8wqDm6OaWe8HmyMx+kDKh4UPp+Raf/e1TtzPRxYxeg4rHHepqE4P/rwML7J85mKkjiFj08FHm8b X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sat, Aug 26, 2023 at 12:45=E2=80=AFAM Kees Cook = wrote: > > On Tue, Jul 04, 2023 at 05:36:29PM +0200, Florent Revest wrote: > > Add some tests to cover the new PR_MDWE_NO_INHERIT flag of the > > PR_SET_MDWE prctl. > > > > Check that: > > - it can't be set without PR_SET_MDWE > > - MDWE flags can't be unset > > - when set, PR_SET_MDWE doesn't propagate to children > > I love more self tests! :) *Insert here a ridiculously long series of party and dancing emojis* ... :) > > > > Signed-off-by: Florent Revest > > --- > > tools/testing/selftests/mm/mdwe_test.c | 98 ++++++++++++++++++++++++-- > > 1 file changed, 92 insertions(+), 6 deletions(-) > > > > diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/sel= ftests/mm/mdwe_test.c > > index 91aa9c3099e7..7bfc98bf9baa 100644 > > --- a/tools/testing/selftests/mm/mdwe_test.c > > +++ b/tools/testing/selftests/mm/mdwe_test.c > > @@ -22,6 +22,8 @@ > > > > TEST(prctl_flags) > > { > > + EXPECT_LT(prctl(PR_SET_MDWE, PR_MDWE_NO_INHERIT, 0L, 0L, 7L), 0); > > + > > An existing issue, but I think the errno should be checked for each > of these... Makes sense! I'll add a bunch of EXPECT_EQ(errno, EINVAL); To every existing line here as part of a previous patch, and modify this patch to cover errnos in the new test cases too. > > EXPECT_LT(prctl(PR_SET_MDWE, 7L, 0L, 0L, 0L), 0); > > EXPECT_LT(prctl(PR_SET_MDWE, 0L, 7L, 0L, 0L), 0); > > EXPECT_LT(prctl(PR_SET_MDWE, 0L, 0L, 7L, 0L), 0); > > @@ -33,6 +35,69 @@ TEST(prctl_flags) > > EXPECT_LT(prctl(PR_GET_MDWE, 0L, 0L, 0L, 7L), 0); > > } > > > > +FIXTURE(consecutive_prctl_flags) {}; > > +FIXTURE_SETUP(consecutive_prctl_flags) {} > > +FIXTURE_TEARDOWN(consecutive_prctl_flags) {} > > + > > +FIXTURE_VARIANT(consecutive_prctl_flags) > > +{ > > + unsigned long first_flags; > > + unsigned long second_flags; > > + bool should_work; > > +}; > > + > > +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, same) > > +{ > > + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, > > + .second_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, > > + .should_work =3D true, > > +}; > > I think two more variants should be added to get all the combinations: > > FIXTURE_VARIANT_ADD(consecutive_prctl_no_flags, same) > { > .first_flags =3D 0, > .second_flags =3D 0, > .should_work =3D true, > }; > > FIXTURE_VARIANT_ADD(consecutive_prctl_both_flags, same) > { > .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, > .second_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, > .should_work =3D true, > }; Agreed! :) > > + > > +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_mdwe) > > +{ > > + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, > > + .second_flags =3D 0, > > + .should_work =3D false, > > +}; > > + > > +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_mdwe_no_inhe= rit) > > +{ > > + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, > > + .second_flags =3D 0, > > + .should_work =3D false, > > +}; > > + > > +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_no_inherit) > > +{ > > + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, > > + .second_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, > > + .should_work =3D false, > > +}; > > + > > +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_enable_no_inherit) > > +{ > > + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, > > + .second_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, > > + .should_work =3D false, > > +}; > > + > > +TEST_F(consecutive_prctl_flags, two_prctls) > > +{ > > + int ret; > > + > > + EXPECT_EQ(prctl(PR_SET_MDWE, variant->first_flags, 0L, 0L, 0L), 0= ); > > + > > + ret =3D prctl(PR_SET_MDWE, variant->second_flags, 0L, 0L, 0L); > > + if (variant->should_work) { > > + EXPECT_EQ(ret, 0); > > + > > + ret =3D prctl(PR_GET_MDWE, 0L, 0L, 0L, 0L); > > + ASSERT_EQ(ret, variant->second_flags); > > + } else { > > + EXPECT_NE(ret, 0); > > Please test the expected errno value here. Alright! > > + } > > +} > > + > > FIXTURE(mdwe) > > { > > void *p; > > @@ -45,28 +110,45 @@ FIXTURE_VARIANT(mdwe) > > { > > bool enabled; > > bool forked; > > + bool inherit; > > }; > > > > FIXTURE_VARIANT_ADD(mdwe, stock) > > { > > .enabled =3D false, > > .forked =3D false, > > + .inherit =3D false, > > }; > > > > FIXTURE_VARIANT_ADD(mdwe, enabled) > > { > > .enabled =3D true, > > .forked =3D false, > > + .inherit =3D true, > > }; > > > > -FIXTURE_VARIANT_ADD(mdwe, forked) > > +FIXTURE_VARIANT_ADD(mdwe, inherited) > > { > > .enabled =3D true, > > .forked =3D true, > > + .inherit =3D true, > > }; > > > > +FIXTURE_VARIANT_ADD(mdwe, not_inherited) > > +{ > > + .enabled =3D true, > > + .forked =3D true, > > + .inherit =3D false, > > +}; > > + > > +static bool executable_map_should_fail(const FIXTURE_VARIANT(mdwe) *va= riant) > > +{ > > + return variant->enabled && (!variant->forked || variant->inherit)= ; > > +} > > + > > FIXTURE_SETUP(mdwe) > > { > > + unsigned long mdwe_flags; > > int ret, status; > > > > self->p =3D NULL; > > @@ -76,13 +158,17 @@ FIXTURE_SETUP(mdwe) > > if (!variant->enabled) > > return; > > > > - ret =3D prctl(PR_SET_MDWE, PR_MDWE_REFUSE_EXEC_GAIN, 0L, 0L, 0L); > > + mdwe_flags =3D PR_MDWE_REFUSE_EXEC_GAIN; > > + if (!variant->inherit) > > + mdwe_flags |=3D PR_MDWE_NO_INHERIT; > > + > > + ret =3D prctl(PR_SET_MDWE, mdwe_flags, 0L, 0L, 0L); > > ASSERT_EQ(ret, 0) { > > TH_LOG("PR_SET_MDWE failed or unsupported"); > > } > > > > ret =3D prctl(PR_GET_MDWE, 0L, 0L, 0L, 0L); > > - ASSERT_EQ(ret, 1); > > + ASSERT_EQ(ret, mdwe_flags); > > > > if (variant->forked) { > > self->pid =3D fork(); > > @@ -113,7 +199,7 @@ TEST_F(mdwe, mmap_READ_EXEC) > > TEST_F(mdwe, mmap_WRITE_EXEC) > > { > > self->p =3D mmap(NULL, self->size, PROT_WRITE | PROT_EXEC, self->= flags, 0, 0); > > - if (variant->enabled) { > > + if (executable_map_should_fail(variant)) { > > EXPECT_EQ(self->p, MAP_FAILED); > > } else { > > EXPECT_NE(self->p, MAP_FAILED); > > @@ -139,7 +225,7 @@ TEST_F(mdwe, mprotect_add_EXEC) > > ASSERT_NE(self->p, MAP_FAILED); > > > > ret =3D mprotect(self->p, self->size, PROT_READ | PROT_EXEC); > > - if (variant->enabled) { > > + if (executable_map_should_fail(variant)) { > > EXPECT_LT(ret, 0); > > } else { > > EXPECT_EQ(ret, 0); > > @@ -154,7 +240,7 @@ TEST_F(mdwe, mprotect_WRITE_EXEC) > > ASSERT_NE(self->p, MAP_FAILED); > > > > ret =3D mprotect(self->p, self->size, PROT_WRITE | PROT_EXEC); > > - if (variant->enabled) { > > + if (executable_map_should_fail(variant)) { > > EXPECT_LT(ret, 0); > > } else { > > EXPECT_EQ(ret, 0); > > -- > > 2.41.0.255.g8b1d071c50-goog > > > > Otherwise looks good to me! *more happy emojis* On Sat, Aug 26, 2023 at 12:45=E2=80=AFAM Kees Cook = wrote: > > On Tue, Jul 04, 2023 at 05:36:29PM +0200, Florent Revest wrote: > > Add some tests to cover the new PR_MDWE_NO_INHERIT flag of the > > PR_SET_MDWE prctl. > > > > Check that: > > - it can't be set without PR_SET_MDWE > > - MDWE flags can't be unset > > - when set, PR_SET_MDWE doesn't propagate to children > > I love more self tests! :) > > > > > Signed-off-by: Florent Revest > > --- > > tools/testing/selftests/mm/mdwe_test.c | 98 ++++++++++++++++++++++++-- > > 1 file changed, 92 insertions(+), 6 deletions(-) > > > > diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/sel= ftests/mm/mdwe_test.c > > index 91aa9c3099e7..7bfc98bf9baa 100644 > > --- a/tools/testing/selftests/mm/mdwe_test.c > > +++ b/tools/testing/selftests/mm/mdwe_test.c > > @@ -22,6 +22,8 @@ > > > > TEST(prctl_flags) > > { > > + EXPECT_LT(prctl(PR_SET_MDWE, PR_MDWE_NO_INHERIT, 0L, 0L, 7L), 0); > > + > > An existing issue, but I think the errno should be checked for each > of these... > > > EXPECT_LT(prctl(PR_SET_MDWE, 7L, 0L, 0L, 0L), 0); > > EXPECT_LT(prctl(PR_SET_MDWE, 0L, 7L, 0L, 0L), 0); > > EXPECT_LT(prctl(PR_SET_MDWE, 0L, 0L, 7L, 0L), 0); > > @@ -33,6 +35,69 @@ TEST(prctl_flags) > > EXPECT_LT(prctl(PR_GET_MDWE, 0L, 0L, 0L, 7L), 0); > > } > > > > +FIXTURE(consecutive_prctl_flags) {}; > > +FIXTURE_SETUP(consecutive_prctl_flags) {} > > +FIXTURE_TEARDOWN(consecutive_prctl_flags) {} > > + > > +FIXTURE_VARIANT(consecutive_prctl_flags) > > +{ > > + unsigned long first_flags; > > + unsigned long second_flags; > > + bool should_work; > > +}; > > + > > +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, same) > > +{ > > + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, > > + .second_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, > > + .should_work =3D true, > > +}; > > I think two more variants should be added to get all the combinations: > > FIXTURE_VARIANT_ADD(consecutive_prctl_no_flags, same) > { > .first_flags =3D 0, > .second_flags =3D 0, > .should_work =3D true, > }; > > FIXTURE_VARIANT_ADD(consecutive_prctl_both_flags, same) > { > .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, > .second_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, > .should_work =3D true, > }; > > > + > > +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_mdwe) > > +{ > > + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, > > + .second_flags =3D 0, > > + .should_work =3D false, > > +}; > > + > > +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_mdwe_no_inhe= rit) > > +{ > > + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, > > + .second_flags =3D 0, > > + .should_work =3D false, > > +}; > > + > > +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_no_inherit) > > +{ > > + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, > > + .second_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, > > + .should_work =3D false, > > +}; > > + > > +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_enable_no_inherit) > > +{ > > + .first_flags =3D PR_MDWE_REFUSE_EXEC_GAIN, > > + .second_flags =3D PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, > > + .should_work =3D false, > > +}; > > + > > +TEST_F(consecutive_prctl_flags, two_prctls) > > +{ > > + int ret; > > + > > + EXPECT_EQ(prctl(PR_SET_MDWE, variant->first_flags, 0L, 0L, 0L), 0= ); > > + > > + ret =3D prctl(PR_SET_MDWE, variant->second_flags, 0L, 0L, 0L); > > + if (variant->should_work) { > > + EXPECT_EQ(ret, 0); > > + > > + ret =3D prctl(PR_GET_MDWE, 0L, 0L, 0L, 0L); > > + ASSERT_EQ(ret, variant->second_flags); > > + } else { > > + EXPECT_NE(ret, 0); > > Please test the expected errno value here. > > > + } > > +} > > + > > FIXTURE(mdwe) > > { > > void *p; > > @@ -45,28 +110,45 @@ FIXTURE_VARIANT(mdwe) > > { > > bool enabled; > > bool forked; > > + bool inherit; > > }; > > > > FIXTURE_VARIANT_ADD(mdwe, stock) > > { > > .enabled =3D false, > > .forked =3D false, > > + .inherit =3D false, > > }; > > > > FIXTURE_VARIANT_ADD(mdwe, enabled) > > { > > .enabled =3D true, > > .forked =3D false, > > + .inherit =3D true, > > }; > > > > -FIXTURE_VARIANT_ADD(mdwe, forked) > > +FIXTURE_VARIANT_ADD(mdwe, inherited) > > { > > .enabled =3D true, > > .forked =3D true, > > + .inherit =3D true, > > }; > > > > +FIXTURE_VARIANT_ADD(mdwe, not_inherited) > > +{ > > + .enabled =3D true, > > + .forked =3D true, > > + .inherit =3D false, > > +}; > > + > > +static bool executable_map_should_fail(const FIXTURE_VARIANT(mdwe) *va= riant) > > +{ > > + return variant->enabled && (!variant->forked || variant->inherit)= ; > > +} > > + > > FIXTURE_SETUP(mdwe) > > { > > + unsigned long mdwe_flags; > > int ret, status; > > > > self->p =3D NULL; > > @@ -76,13 +158,17 @@ FIXTURE_SETUP(mdwe) > > if (!variant->enabled) > > return; > > > > - ret =3D prctl(PR_SET_MDWE, PR_MDWE_REFUSE_EXEC_GAIN, 0L, 0L, 0L); > > + mdwe_flags =3D PR_MDWE_REFUSE_EXEC_GAIN; > > + if (!variant->inherit) > > + mdwe_flags |=3D PR_MDWE_NO_INHERIT; > > + > > + ret =3D prctl(PR_SET_MDWE, mdwe_flags, 0L, 0L, 0L); > > ASSERT_EQ(ret, 0) { > > TH_LOG("PR_SET_MDWE failed or unsupported"); > > } > > > > ret =3D prctl(PR_GET_MDWE, 0L, 0L, 0L, 0L); > > - ASSERT_EQ(ret, 1); > > + ASSERT_EQ(ret, mdwe_flags); > > > > if (variant->forked) { > > self->pid =3D fork(); > > @@ -113,7 +199,7 @@ TEST_F(mdwe, mmap_READ_EXEC) > > TEST_F(mdwe, mmap_WRITE_EXEC) > > { > > self->p =3D mmap(NULL, self->size, PROT_WRITE | PROT_EXEC, self->= flags, 0, 0); > > - if (variant->enabled) { > > + if (executable_map_should_fail(variant)) { > > EXPECT_EQ(self->p, MAP_FAILED); > > } else { > > EXPECT_NE(self->p, MAP_FAILED); > > @@ -139,7 +225,7 @@ TEST_F(mdwe, mprotect_add_EXEC) > > ASSERT_NE(self->p, MAP_FAILED); > > > > ret =3D mprotect(self->p, self->size, PROT_READ | PROT_EXEC); > > - if (variant->enabled) { > > + if (executable_map_should_fail(variant)) { > > EXPECT_LT(ret, 0); > > } else { > > EXPECT_EQ(ret, 0); > > @@ -154,7 +240,7 @@ TEST_F(mdwe, mprotect_WRITE_EXEC) > > ASSERT_NE(self->p, MAP_FAILED); > > > > ret =3D mprotect(self->p, self->size, PROT_WRITE | PROT_EXEC); > > - if (variant->enabled) { > > + if (executable_map_should_fail(variant)) { > > EXPECT_LT(ret, 0); > > } else { > > EXPECT_EQ(ret, 0); > > -- > > 2.41.0.255.g8b1d071c50-goog > > > > Otherwise looks good to me! > > -- > Kees Cook