From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5BAADCA100A for ; Fri, 30 Aug 2024 23:57:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CD67A6B027C; Fri, 30 Aug 2024 19:57:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CAD1A6B027D; Fri, 30 Aug 2024 19:57:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B4D586B027E; Fri, 30 Aug 2024 19:57:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 8AF8D6B027C for ; Fri, 30 Aug 2024 19:57:42 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 038CC4077E for ; Fri, 30 Aug 2024 23:57:41 +0000 (UTC) X-FDA: 82510576764.02.0831126 Received: from mail-oa1-f43.google.com (mail-oa1-f43.google.com [209.85.160.43]) by imf24.hostedemail.com (Postfix) with ESMTP id 0CDD318001A for ; Fri, 30 Aug 2024 23:57:39 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=ZbYL2ESK; spf=pass (imf24.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.160.43 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1725062169; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=nvEfYKOVVxE8dkrUColYKOziuScNHjuMeSwgzin4M+4=; b=MfOGRRxHxPr2ZZsdKmNSCA221dubPdQ4WKIyg7w5Ne7MI8kO9EI2J9/cLKxvJ23ZChK8EM tNLhxhUgpJ8tM6doO7AO671jWyJGxzMR+xWtoddaGjCUcIXRRo8Vl2tRSG5SHZUxcxtlc4 VTVwmOZ+jq2guNlljqqHu0aAhLH8448= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1725062169; a=rsa-sha256; cv=none; b=7NK7mLaXxYHGnUjYgU3XWhhEhSFa1O8hGdIy8JliXZbGSM/FH3aTjJzqMCaTf4JFQ3IhlW 6LqGTz6fRaYBhdvRErH5q7sr5AEwMGiIyWYPrsgvMqVzsmLRyQHQtLPRNf4OLIYsB2pHKv tTN600YMSZLjzFMGJnyWCTIDyaEsj4E= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=ZbYL2ESK; spf=pass (imf24.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.160.43 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-oa1-f43.google.com with SMTP id 586e51a60fabf-2611dcc3941so154697fac.3 for ; Fri, 30 Aug 2024 16:57:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1725062259; x=1725667059; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=nvEfYKOVVxE8dkrUColYKOziuScNHjuMeSwgzin4M+4=; b=ZbYL2ESKTelx3kMwJKnTzLcOeXbVlCxsvAebGegXZHQPXGrRzwuv4pV+y/poep7R1l 2kEPwp0y5HzSgs/BR0UvEqMCHuI0QU7YOsRjW6MWtMnUEGdr0x5K8CJ4Zcsg6bWLzb3e 9b7FmoBi4dg73NQ0QETh9vhAuMC7Qh+J3iiJ8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725062259; x=1725667059; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nvEfYKOVVxE8dkrUColYKOziuScNHjuMeSwgzin4M+4=; b=WVQWWcnkJinI0yN5dRK4Y8pGd00/EmrwPLbEgnJ2zNEI01xUfyXLFlnw5dt+oP1Eia lYJ9HgKa9M6jem+0ja7S0f3zLmQmCchSJzyFWUy0GjZRFSn/SO2NZmctrnd7fMhh8szW UammWvKTNeJ1EWF4Ha+VJB3Am1lE5OvHFezkg0kA1LwrUfrO60A0zUAuHKE98mJw+fyq 9IrPJ2O0pJdZ893ErGORzNIF7XDvkkMvY6IpYSVM9KS61ahUHANzxQ6cyWuwkHMv7FV3 +OvsCxrg/UYvgUK0B0rPigDAw2ki0eDQudMxvXl4jbPPTkm0fkEVQ1i3GpqzL25Ct4OE 1B4Q== X-Forwarded-Encrypted: i=1; AJvYcCW+v4bnSoDlazA5aTWKusOERA3qKIowLoxv/m2tJueXqdVlc2CzI3c0rBpAKLUrBcI4sijslG4MXQ==@kvack.org X-Gm-Message-State: AOJu0Yz/4bKNL8OcHkopayMe/Mq38I2bQ0twOQi3VV5GvAIjBEzgqNdD NUHXLYu+Rq08sr/Xb2OIothSVZTzlPqRWTPgNcbMkFd+jf8sibsKyCl2Le60xLh6Fta/KMqexYg EALHR6BgJi7CLfR86rOa4hkvev2I94CwqG2es X-Google-Smtp-Source: AGHT+IGjMwvg2UrGjfLtNCLSGM6nxH1ui5UjTCg13Enlj4QaUBaQ5TbLUJTqV1S+O33PHEODxv9SrU2l5S/YzS1NHlE= X-Received: by 2002:a05:6870:218c:b0:277:6b90:1915 with SMTP id 586e51a60fabf-277b0e4fcc6mr2021449fac.9.1725062258617; Fri, 30 Aug 2024 16:57:38 -0700 (PDT) MIME-Version: 1.0 References: <20240830180237.1220027-1-jeffxu@chromium.org> <20240830180237.1220027-5-jeffxu@chromium.org> In-Reply-To: From: Jeff Xu Date: Fri, 30 Aug 2024 16:57:26 -0700 Message-ID: Subject: Re: [PATCH v3 4/5] selftests/mseal: add more tests for mmap To: Lorenzo Stoakes Cc: akpm@linux-foundation.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, pedro.falcato@gmail.com, willy@infradead.org, broonie@kernel.org, vbabka@suse.cz, Liam.Howlett@oracle.com, rientjes@google.com, keescook@chromium.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 0CDD318001A X-Stat-Signature: a16qhiytpahcmd1iamk8h17bnjw63yoj X-HE-Tag: 1725062259-478483 X-HE-Meta: U2FsdGVkX19NjCgzFN4j4OmzxenWBFrMTIR25VPy14m8xHPtDI+Qu+O39ik+mvm8c8RphpDtqiuiVXjkCJPxTR7apGYE4Dv+jYSy/aUw1LLY4cBze7KnM+eSpPlgDfBoeJy+p4D7mrGZax8DRqS4gtAcZUD4/RklUEsBJC6rEVkIS6LbKBRzl5HoVP2Eb1di5bM8xiTns4vR0pRragVhVdlldzd5Yzv+yy+41Hm1X1OghALu579/UUiqEMVdAdFoz6KDC5y4BIejAIw8o/YYJhWEV4ykKTQJMc7m+1Q/4L8fMAsmd3fFhorVw4oJcxdueZQz0Vo0F+z5y5FI7C9iSUqtziMtSC800h5DgmGhZlvNNlG+8+dGONSpBpKdQj+3EtZ8so5B+up6DNKMAczRpE+0BxLFlkTB3zS9rgfm3E5lrwvxpW+GfHqv2DPUUl3Dxum63+cM1FC47L66imuNFRHHAq09BVyxk5cgpoO1qDG9+ZTEsxHnGYVqMWScvbH1TvlXbp1gvxuVuahHJGzHyy/gksTkNJYj6ObbLALsFpMFwVU6/de0ZuEkX6sug+NgeI8cpN3L4/H+AiyjdJ+TlrDZJ+iVMBq90/a3gjIiaiLYU0xMAKorqgqELpMs1wemTmMdyudTezkd8kSwMGKOM6odmuTOm892g4uKEu0+OFG6fq+k3+7ZqwF9ITYu5IKQiBXXRJSHku6zTfeBylHkpP/ypFbIgAWTxeHgxnceb8WGOkiYs9RHfUEFmL/sEkcQVcAPw9AFze753UJWT+AVBLpfOMeC6seYxfg6vE4Zo8EONS/0sRy4bft1zkwcsj0CSJ5tF4bjhlkq3ct6qYmidi14Z9h7IoQhnIzu5M/0usz5f2+oOhHVdA11pigjVwcT4C/WpvJlNdJSYceGSWgu80mJwVq+IZZSWokyYK0w4sVZBkoKll0+Q6jFx7F7wF8LRKI2nueZJShtPKzF2Va 6jA2eg1j zgTodNJ8voaIpaWFN6IE4PanW9tHHBsEFyKSRh3Z+5V6ydSQoKYAvWH/pyARp94pz0VA6eSe3aTdIC4fRGM6FHBqvOd9ARza06LzGcvGzPBOXViXQOjcNZVOhvM7TQe0n3wR45RLCV04ifpg3jiX1qezePLSDEq+jawkk6BWRqABIYlxW7/hNeZwsMIT4uDtou6YBwjvofW4mnB4sy3jcjQV7axZJvh2Z1uaKyRA2Jo6KeMlvibs5COclzOv6RSRKwV9K2wA+XF9NnhITRhn4jb70x1qjU9viaTd3BrRcDmv96Dx/WpEG5TT826+YYQUw4lNK X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Aug 30, 2024 at 12:23=E2=80=AFPM Lorenzo Stoakes wrote: > > On Fri, Aug 30, 2024 at 07:43:12PM GMT, Lorenzo Stoakes wrote: > > On Fri, Aug 30, 2024 at 06:02:36PM GMT, jeffxu@chromium.org wrote: > > > From: Jeff Xu > > > > > > Add sealing test to cover mmap for > > > Expand/shrink across sealed vmas (MAP_FIXED) > > > Reuse the same address in !MAP_FIXED case. > > > > This commit message is woefully small. I told you on v1 to improve the > > commit messages. Linus has told you to do this before. > > > > Please actually respond to feedback. Thanks. > > > > > > > > Signed-off-by: Jeff Xu > > > --- > > > tools/testing/selftests/mm/mseal_test.c | 126 ++++++++++++++++++++++= +- > > > 1 file changed, 125 insertions(+), 1 deletion(-) > > > > > > diff --git a/tools/testing/selftests/mm/mseal_test.c b/tools/testing/= selftests/mm/mseal_test.c > > > index e855c8ccefc3..3516389034a7 100644 > > > --- a/tools/testing/selftests/mm/mseal_test.c > > > +++ b/tools/testing/selftests/mm/mseal_test.c > > > @@ -2222,6 +2222,123 @@ static void test_munmap_free_multiple_ranges(= bool seal) > > > REPORT_TEST_PASS(); > > > } > > > > > > +static void test_seal_mmap_expand_seal_middle(bool seal) > > > > This test doesn't expand, doesn't do anything in the middle. It does mm= ap() > > though and relates to mseal, so that's something... this is compeltely > > misnamed and needs to be rethought. > > > > OK correction - it _seals_ in the middle. The remained of the criticism r= emains, > and this is rather confusing... and I continue to wonder what the purpose= of > this is? > It expands the size (start from ptr). > > > +{ > > > + void *ptr; > > > + unsigned long page_size =3D getpagesize(); > > > + unsigned long size =3D 12 * page_size; > > > + int ret; > > > + void *ret2; > > > + int prot; > > > + > > > + setup_single_address(size, &ptr); > > > > Please replace every single instance of this with an mmap(). There's > > literally no reason to abstract it. And munmap() what you map. > > No, we need to abstract it. In addition to the mmap, it also allocates an additional two blocks before and after the allocated memory, to avoid auto-merging, so we can use get_vma_size. > > > + FAIL_TEST_IF_FALSE(ptr !=3D (void *)-1); > > > > Pretty sure Pedro pointed out you should be checking against MAP_FAILED > > here. I really don't understand why the rest of your test is full of > > mmap()'s but for some reason you choose to abstract this one call? What= ? > > > > > + /* ummap last 4 pages. */ > > > + ret =3D sys_munmap(ptr + 8 * page_size, 4 * page_size); > > > > sys_munmap()? What's wrong with munmap()? > > > > > + FAIL_TEST_IF_FALSE(!ret); > > > > Why do we not have a FAIL_TEST_IF_TRUE()? This is crazy. > > > > Would be nice to have something human-readable like ASSERT_EQ() or > > ASSERT_TRUE() or ASSERT_FALSE(). > > ASSERT_EQ and ASSERT_TURE are not recommended by the self-test. The FAIL_TEST_IF_FAIL wrap will take care of some of the admin tasks related to self-test infra, such as count how many tests are failing. > > > + > > > + size =3D get_vma_size(ptr, &prot); > > > + FAIL_TEST_IF_FALSE(size =3D=3D 8 * page_size); > > > + FAIL_TEST_IF_FALSE(prot =3D=3D 0x4); > > > + > > > + if (seal) { > > > + ret =3D sys_mseal(ptr + 4 * page_size, 4 * page_size); > > > + FAIL_TEST_IF_FALSE(!ret); > > > + } > > > + > > > + /* use mmap to expand and overwrite (MAP_FIXED) */ > > > > You don't really need to say MAP_FIXED, it's below. > > Adding a comment here to help reviewers. > > > + ret2 =3D mmap(ptr, 12 * page_size, PROT_READ, > > > + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); > > > > Why read-only? > > > > You're not expanding you're overwriting. You're not doing anything in t= he > > middle. > > The MAP_FIXED is overwriting. It also expands the address range (start from ptr) from 8 to 12 pages. > > I'm again confused about what you think you're testing here. I don't th= ink > > we need an arbitrary MAP_FIXED mmap() at a size larger than the overwri= tten > > VMA? > > > > You just need a single instance of a MAP_FIXED mmap() over a sealed mma= p() > > if that's what you want. > > > > > + if (seal) { > > > + FAIL_TEST_IF_FALSE(ret2 =3D=3D MAP_FAILED); > > > + FAIL_TEST_IF_FALSE(errno =3D=3D EPERM); > > > + > > > + size =3D get_vma_size(ptr, &prot); > > > + FAIL_TEST_IF_FALSE(size =3D=3D 4 * page_size); > > > + FAIL_TEST_IF_FALSE(prot =3D=3D 0x4); > > > + > > > + size =3D get_vma_size(ptr + 4 * page_size, &prot); > > > + FAIL_TEST_IF_FALSE(size =3D=3D 4 * page_size); > > > + FAIL_TEST_IF_FALSE(prot =3D=3D 0x4); > > > + } else > > > + FAIL_TEST_IF_FALSE(ret2 =3D=3D ptr); > > > > Don't do dangling else's after a big block. > > patch passed the checkpatch.pl for style check. > > > + > > > + REPORT_TEST_PASS(); > > > +} > > > + > > > +static void test_seal_mmap_shrink_seal_middle(bool seal) > > > > What's going on in the 'middle'? This test doesn't shrink, it overwrite= s > > the beginning of a sealed VMA? > > Correction - the middle is sealed. Other points remain. > The mmap attempts to shrink the address range from 12 pages to 8 pages. > > > +{ > > > + void *ptr; > > > + unsigned long page_size =3D getpagesize(); > > > + unsigned long size =3D 12 * page_size; > > > + int ret; > > > + void *ret2; > > > + int prot; > > > + > > > + setup_single_address(size, &ptr); > > > + FAIL_TEST_IF_FALSE(ptr !=3D (void *)-1); > > > + > > > + if (seal) { > > > + ret =3D sys_mseal(ptr + 4 * page_size, 4 * page_size); > > > + FAIL_TEST_IF_FALSE(!ret); > > > + } > > > + > > > + /* use mmap to shrink and overwrite (MAP_FIXED) */ > > > > What exactly are you shrinking? You're overwriting the start of the vma= ? > > > > What is this testing that is different from the previous test? This see= ms > > useless honestly. > > Again, as above, one test is expanding, the other test is shrinking. Please take a look at mmap parameters and steps before mmap call. > > > + ret2 =3D mmap(ptr, 7 * page_size, PROT_READ, > > > + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); > > > + if (seal) { > > > + FAIL_TEST_IF_FALSE(ret2 =3D=3D MAP_FAILED); > > > + FAIL_TEST_IF_FALSE(errno =3D=3D EPERM); > > > + > > > + size =3D get_vma_size(ptr, &prot); > > > + FAIL_TEST_IF_FALSE(size =3D=3D 4 * page_size); > > > + FAIL_TEST_IF_FALSE(prot =3D=3D 0x4); > > > > What the hell is this comparison to magic numbers? This is > > ridiculous. What's wrong with PROT_xxx?? > > The PROT_xxx can't be used here. get_vma_size doesn't return PROT_ type, i.e. the bit sequence is different. > > > + > > > + size =3D get_vma_size(ptr + 4 * page_size, &prot); > > > + FAIL_TEST_IF_FALSE(size =3D=3D 4 * page_size); > > > + FAIL_TEST_IF_FALSE(prot =3D=3D 0x4); > > > + > > > + size =3D get_vma_size(ptr + 4 * page_size, &prot); > > > + FAIL_TEST_IF_FALSE(size =3D=3D 4 * page_size); > > > + FAIL_TEST_IF_FALSE(prot =3D=3D 0x4); > > > > Err dude, you're doing this twice? > > The second get_vma_size should be (ptr + 8 * page_size) I will update that. > > So what are we testing here exactly? That we got a VMA split? This is > > err... why are we asserting this? > > I guess, that we can't overwrite a sealed bit of a VMA at the end. But ag= ain > this feels entirely redundant. For this kind of thing to fail would mean = the > whole VMA machinery is broken. > The test is testing mmap(MAP_FIXED), since it can be used to overwrite the sealed memory range (without sealing), then there is a variant of expand/shrink. > > > > > + } else > > > + FAIL_TEST_IF_FALSE(ret2 =3D=3D ptr); > > > + > > > + REPORT_TEST_PASS(); > > > +} > > > + > > > +static void test_seal_mmap_reuse_addr(bool seal) > > > > This is wrong, you're not reusing anything. This test is useless. > > The ptr is reused as a hint. > > > +{ > > > + void *ptr; > > > + unsigned long page_size =3D getpagesize(); > > > + unsigned long size =3D page_size; > > > + int ret; > > > + void *ret2; > > > + int prot; > > > + > > > + setup_single_address(size, &ptr); > > > + FAIL_TEST_IF_FALSE(ptr !=3D (void *)-1); > > > + > > > + if (seal) { > > > + ret =3D sys_mseal(ptr, size); > > > + FAIL_TEST_IF_FALSE(!ret); > > > > We could avoid this horrid ret, ret2 naming if you just did: > > > > FAIL_TEST_IF_FALSE(sys_mseal(ptr, size)); > > > > > + } > > > + > > > + /* use mmap to change protection. */ > > > + ret2 =3D mmap(ptr, size, PROT_NONE, > > > + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); > > > > How are you using mmap to change the protection when you're providing a > > hint to the address to use? You're not changing any protection at all! > > It is necessary to add the this tests to make sure mseal is behave as it should be, which is !MAP_FIXED case, new address will be allocated, instead of fail of mmap() > > You're allocating an entirely new VMA hinting that you want it near > > ptr. Please read the man page for mmap(): > > > > If addr is NULL, then the kernel chooses the (page-aligned) addr= ess > > at which to create the mapping; this is the most portable method= of > > creating a new mapping. If addr is not NULL, then the kernel ta= kes > > it as a hint about where to place the mapping; on Linux, the ker= nel > > will pick a nearby page boundary (but always above or equal to t= he > > value specified by /proc/sys/vm/mmap_min_addr) and attempt to cr= eate > > the mapping there. If another mapping already exists there, the > > kernel picks a new address that may or may not depend on the hin= t. > > The address of the new mapping is returned as the result of the > > call. > > > > > + > > > + /* MAP_FIXED is not used, expect new addr */ > > > + FAIL_TEST_IF_FALSE(!(ret2 =3D=3D MAP_FAILED)); > > > > This is beyond horrible. You really have to add more asserts. > > Again assert is not recommended by self_test > > Also you're expecting a new address here, so again, what on earth are y= ou > > asserting? That we can mmap()? > > > > > + FAIL_TEST_IF_FALSE(ret2 !=3D ptr); > > > + > > > + size =3D get_vma_size(ptr, &prot); > > > + FAIL_TEST_IF_FALSE(size =3D=3D page_size); > > > + FAIL_TEST_IF_FALSE(prot =3D=3D 0x4); > > > + > > > + REPORT_TEST_PASS(); > > > +} > > > + > > > int main(int argc, char **argv) > > > { > > > bool test_seal =3D seal_support(); > > > @@ -2243,7 +2360,7 @@ int main(int argc, char **argv) > > > if (!get_vma_size_supported()) > > > ksft_exit_skip("get_vma_size not supported\n"); > > > > > > - ksft_set_plan(91); > > > + ksft_set_plan(97); > > > > I'm guessing this is the number of tests, but I mean this is horrible. = Is > > there not a better way of doing this? > > Again, this is recommended by self-test. > > > > > > test_seal_addseal(); > > > test_seal_unmapped_start(); > > > @@ -2357,5 +2474,12 @@ int main(int argc, char **argv) > > > test_munmap_free_multiple_ranges(false); > > > test_munmap_free_multiple_ranges(true); > > > > > > + test_seal_mmap_expand_seal_middle(false); > > > + test_seal_mmap_expand_seal_middle(true); > > > + test_seal_mmap_shrink_seal_middle(false); > > > + test_seal_mmap_shrink_seal_middle(true); > > > + test_seal_mmap_reuse_addr(false); > > > + test_seal_mmap_reuse_addr(true); > > > + > > > ksft_finished(); > > > } > > > -- > > > 2.46.0.469.g59c65b2a67-goog > > >