From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8B8EC282C6 for ; Mon, 3 Mar 2025 19:47:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0CA3D280007; Mon, 3 Mar 2025 14:47:33 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 07AEB280006; Mon, 3 Mar 2025 14:47:33 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E5CCF280007; Mon, 3 Mar 2025 14:47:32 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id C4867280006 for ; Mon, 3 Mar 2025 14:47:32 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 16C49120F25 for ; Mon, 3 Mar 2025 19:47:32 +0000 (UTC) X-FDA: 83181274344.10.EDD42EC Received: from mail-oi1-f177.google.com (mail-oi1-f177.google.com [209.85.167.177]) by imf03.hostedemail.com (Postfix) with ESMTP id 7D1DA20008 for ; Mon, 3 Mar 2025 19:47:08 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b="adU/Kk05"; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf03.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.167.177 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1741031228; a=rsa-sha256; cv=none; b=Yq2BjZ0YR6uvwRAqva5KdGdbwFExKjwomZRNrdHxDZaZX7bCPBAzsoVJiByht+bcCc/hlp 4wr5gpLGZJfVjt3mPAY8D2z0c+x25LsqC78gHTj/8gSc0MOmqBui1x4RO+db7zU05pV1+F hghuzHmEr0vKzvQbtOxpK8nQoQxpr84= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b="adU/Kk05"; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf03.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.167.177 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1741031228; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=tdySKNh+U/MozZaPGFIgSr4OVSnw7VsTVIZmgZPuEMc=; b=LMsDasckhTyUpGirXJms3Z6f5C5RwJ1LtNVQL4dpUP09BSJj43HgADzMh1rh52r8nHMOvr /iE7zqy8TeUGyPmD+X5MdQ2PhR71pp42XIFCZmITRshmg/Bq9rD30QiRTOdJ6WbSpMq8YK bRbhVlCfCkkkmGl78cgkBu6JnokEHho= Received: by mail-oi1-f177.google.com with SMTP id 5614622812f47-3f3ff8d7362so69661b6e.2 for ; Mon, 03 Mar 2025 11:47:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1741031227; x=1741636027; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=tdySKNh+U/MozZaPGFIgSr4OVSnw7VsTVIZmgZPuEMc=; b=adU/Kk05HJm8LbhdMGjTVPlr+o5KJbQuSWWCU5N+FD+6vwsY9Fxey6TBY5EjPp/v/N 6j6LZHEX41rRbibxpvbrdwDJCr0XzDqSTw9HZ/vI+USpybAyiY+CgQ/3pfHYCxNteoyu yE2nblCLUrvDO/uz7A6yLki4ImBjlNi2bC3Rc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741031227; x=1741636027; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tdySKNh+U/MozZaPGFIgSr4OVSnw7VsTVIZmgZPuEMc=; b=NcH4bga/VZ8N12+NEDYCGaUgWVl2E7O564Qo4moagOhR3xd6f62hfUGKmlVgbZnR0K H9h4pBOmlLu/+pxRu5aXqk3Cs/3pnBE5lG/t/3LNXaImMNatGU1xIX4SC+IrU+rWG6t0 S5UWSmNoS/XGYsDvLCYBkgzBtIv9TV3frrUxa9GtODevK1lglhhpssisxDBPw/wrSKJW 40DwEbLr1xZY+l+BHKQkFK6PQoBZnnwI+8fBUfv57e0X59vkgfbmTm52N1bB9kcvwdqr XAjf8qdd6121+nhlU9AaZu0DgnpHnTbRHe5MoJ9za185vkQzePEXQ5ALS1VYq2URZMo6 6lmg== X-Forwarded-Encrypted: i=1; AJvYcCXjgXfuvlWtAwa2b40hBTICexAmbXhlrjMDlzcbCqsGN22W9U57xaX0fp03zKPp6T4f4MHLXxjy6A==@kvack.org X-Gm-Message-State: AOJu0YxMYK3yG50bQciToQKjPunvOYSizwHi83Vw7tsQ79GGU5bHiS2q 9JuzgllAXA8L6Vk/BJKHkNQV2dTsVHUDgxWuuzk2DrBPQoEy4mlDci+1dR7MXPoOEfgqVoGBOsO 5EnwNXDr7X+OOivuchSXhW6+NjfLMSr8wUzmJ X-Gm-Gg: ASbGncvXPyqfRWR4mWM0tpQD2ul4eXadF+/saWmXOoN40RWF4pufqvPHFTf8Pf2y1jy 6Q8V0bqzVWZUd/OaWvvnuClMi9+HnTnOaedlDzknlukt9BYWtL3iPOamADacSq/O1dunieOvpcS XxDewp2Xc//nGXuIs86M5IbqITcmEafvUYtPDNP0BU9gyrMr6ZkMDsMpk= X-Google-Smtp-Source: AGHT+IGbwrwickIpYhittEgOfAoR0qTYv+wYBr9OOEL5Lt2J9vnVmHKzecBtYFj15CPQzeL90HdcX6sf7zDBzcuZ5is= X-Received: by 2002:a05:6808:2020:b0:3f3:ff78:e5ef with SMTP id 5614622812f47-3f55861872emr3349824b6e.8.1741031227387; Mon, 03 Mar 2025 11:47:07 -0800 (PST) MIME-Version: 1.0 References: <20250303050921.3033083-1-jeffxu@google.com> <20250303050921.3033083-8-jeffxu@google.com> <8285bc26-6afe-4141-ad1a-6d8c5d6d76f9@lucifer.local> In-Reply-To: <8285bc26-6afe-4141-ad1a-6d8c5d6d76f9@lucifer.local> From: Jeff Xu Date: Mon, 3 Mar 2025 11:46:55 -0800 X-Gm-Features: AQ5f1JoVzBCcGr-qxUwehoY9N8ED-gXAC-R3kUqB5QFve2eN18_acCDV037aaXM Message-ID: Subject: Re: [PATCH v8 7/7] selftest: test system mappings are sealed. To: Lorenzo Stoakes Cc: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, Liam.Howlett@oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Shuah Khan Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 7D1DA20008 X-Stat-Signature: ek114rzmwfaps9cktd98x7tx5odwxa9g X-Rspam-User: X-Rspamd-Server: rspam05 X-HE-Tag: 1741031228-441703 X-HE-Meta: U2FsdGVkX1+XLsIPEP1MVNv6lkJVta63zeFkNfQVAO3I2LxJD1HK/BQewHXjGZVxPmLw+iFkhs4kdI8ba2dR2qlshN0+qFG+fp7gu1z0bpMvzAvspjYomSI+T/GCfSmv0RYN9AaIMyc++ykSP/SFj5LrTasVMGGS+0SQLyUsfPG6dTxQsInoUM4NrgOD8kSrIWDZfi6ycpakKCs4bkEbe7sSOMY27SB8Fcr8It9xVqws0K5J5Im6yhOyq4ILP/Y/ViNsD9HUlzh/C/lnGZ5AW7I/SKwJ0OiIYRyJLUpjzkFd3uLINN5D6/UrnVbmb3zEgblLYPRLKhtYK1TNi+1wLnzzBjr4f8zpE6W6vMkFppBvyABPRlddhKOaZ0F/jskBCyBVKm3SVDjmiA7KGYDXL0/PAbNWXgyvajD9JjW7XOAHVAWUdpiy93ID79CNw2u6lpRoRsfixgAiVOzlEDAqG3viEGGgkt0hrpy0JYEI9bGg0j2H+mIlrVjlr+2klw2VKgtYYhUkW6XDu5Prk6puUQyCh3VYxwMPg6Mi5lIsbwNNe+8dbJtMjfJcOC5gi3xJY+FtcWa/R7hIw9C/YjxEWPtv1VXjJJT2z3jA5xiboZcWUvOpPTEXVt//g9uNSQK80So8MGDUgagMSRBiS6eU1N8eubt7+VQKZ90Nac6Mgb81ESaeHKTeNpjOp3+F1sqRk41h2tdOxe1Bq0hTisfzgQA6U978Oh4/S/Xvsj25ZGmlxXWssLMHK9CsUogU+dOFqOsnw9YFNFgcXcxfVbwTr7Dfkx4/Dwx4O9n5wWEVhnOQfGd9eDtxCtwjPr5Emb6aY/c9nACSaurwymtrNrxrLZRULHKeoL9GORgFEzIK7UH2Wb+nNJTkr+ye8iGCy7wRD6yKaylcmoeLRRFcC0QFZxmKyiZG2Lf8VXKdBXhXO9lQLtfzZ4ZKLYhD5rw2WlKp8cPWN4a7oVxlvbzShjy achcXWHf Hb+LctpMQYhJHtnZvvh5U+XSrIMPBeYO3lhuYpCRjESIbw8G6ocRKQ0DrpMJJ+onDThpm2E5s2scrSxfisiWTCi23MneMfYtQN1Cd1oEYeB0OzpZ73CeHVbSAxAiY1Xxq22Y4b53FeX0XT4K19LvB2ZOgcRv8q4jJzaGAuagGrwYfWAN1f6WktTX6UykmhTIbwVpRpK7RrNcXN5+1NlZDS7LbSkcoWSggLhLPWhDxLTilwoAiO70DOIkRpaIZft/17iXtZ/GZena/eHj76gCRObBcbFM2ruP2ikIfWLk1yz02dWkv33uKo8sQKjpFJiIVEXiwWzLYR96/DHv/sAtCW5Z6Sg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000011, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Mar 3, 2025 at 8:43=E2=80=AFAM Lorenzo Stoakes wrote: > > On Mon, Mar 03, 2025 at 12:08:49PM +0000, Lorenzo Stoakes wrote: > > > > On Mon, Mar 03, 2025 at 05:09:21AM +0000, jeffxu@chromium.org wrote: > > > From: Jeff Xu > > > > > > Add sysmap_is_sealed.c to test system mappings are sealed. > > > > > > Note: CONFIG_MSEAL_SYSTEM_MAPPINGS must be set, as indicated in > > > config file. > > > > > > Signed-off-by: Jeff Xu > > > > We do need to add this to the general selftests Makefile, but this code= is > > fine, so have a: > > > > Reviewed-by: Lorenzo Stoakes > > > > Congratulations! :) and thanks for addressing the issues that were rais= ed, > > appreciate your efforts on this. > > > > Maybe you could send a fix patch? As it's such a small fix. > > > > Cheers, Lorenzo > > > > > > > --- > > > .../mseal_system_mappings/.gitignore | 2 + > > > .../selftests/mseal_system_mappings/Makefile | 6 + > > > .../selftests/mseal_system_mappings/config | 1 + > > > .../mseal_system_mappings/sysmap_is_sealed.c | 113 ++++++++++++++++= ++ > > > > Can you add this to tools/testing/selftests/Makefile? I _think_ adding: > > > > TARGETS +=3D mm > > > > Should do it. Thanks! > > Obviously I meant to say: > > TARGETS +=3D mseal_system_mappings > > Doh! :) > Yes. I will add that in v9. This new selftest requires linux-kselftest@vger.kernel.org's approval. As previously discussed [1], the KCONFIG: MSEAL_SYSTEM_MAPPINGS is disabled by default. Hopefully, the selftest automation will be able to detect and parse the "config" in the new selftests/mseal_system_mappings/config at runtime. Thanks -Jeff [1] https://lore.kernel.org/all/60f5b979-2969-4cb0-ad3d-262908869c5f@lucife= r.local/ > > > > > 4 files changed, 122 insertions(+) > > > create mode 100644 tools/testing/selftests/mseal_system_mappings/.gi= tignore > > > create mode 100644 tools/testing/selftests/mseal_system_mappings/Mak= efile > > > create mode 100644 tools/testing/selftests/mseal_system_mappings/con= fig > > > create mode 100644 tools/testing/selftests/mseal_system_mappings/sys= map_is_sealed.c > > > > > > diff --git a/tools/testing/selftests/mseal_system_mappings/.gitignore= b/tools/testing/selftests/mseal_system_mappings/.gitignore > > > new file mode 100644 > > > index 000000000000..319c497a595e > > > --- /dev/null > > > +++ b/tools/testing/selftests/mseal_system_mappings/.gitignore > > > @@ -0,0 +1,2 @@ > > > +# SPDX-License-Identifier: GPL-2.0-only > > > +sysmap_is_sealed > > > diff --git a/tools/testing/selftests/mseal_system_mappings/Makefile b= /tools/testing/selftests/mseal_system_mappings/Makefile > > > new file mode 100644 > > > index 000000000000..2b4504e2f52f > > > --- /dev/null > > > +++ b/tools/testing/selftests/mseal_system_mappings/Makefile > > > @@ -0,0 +1,6 @@ > > > +# SPDX-License-Identifier: GPL-2.0-only > > > +CFLAGS +=3D -std=3Dc99 -pthread -Wall $(KHDR_INCLUDES) > > > + > > > +TEST_GEN_PROGS :=3D sysmap_is_sealed > > > + > > > +include ../lib.mk > > > diff --git a/tools/testing/selftests/mseal_system_mappings/config b/t= ools/testing/selftests/mseal_system_mappings/config > > > new file mode 100644 > > > index 000000000000..675cb9f37b86 > > > --- /dev/null > > > +++ b/tools/testing/selftests/mseal_system_mappings/config > > > @@ -0,0 +1 @@ > > > +CONFIG_MSEAL_SYSTEM_MAPPINGS=3Dy > > > diff --git a/tools/testing/selftests/mseal_system_mappings/sysmap_is_= sealed.c b/tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c > > > new file mode 100644 > > > index 000000000000..c1e93794a58b > > > --- /dev/null > > > +++ b/tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.= c > > > @@ -0,0 +1,113 @@ > > > +// SPDX-License-Identifier: GPL-2.0-only > > > +/* > > > + * test system mappings are sealed when > > > + * KCONFIG_MSEAL_SYSTEM_MAPPINGS=3Dy > > > + */ > > > + > > > +#define _GNU_SOURCE > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > + > > > +#include "../kselftest.h" > > > +#include "../kselftest_harness.h" > > > + > > > +#define VDSO_NAME "[vdso]" > > > +#define VVAR_NAME "[vvar]" > > > +#define VVAR_VCLOCK_NAME "[vvar_vclock]" > > > +#define UPROBES_NAME "[uprobes]" > > > +#define SIGPAGE_NAME "[sigpage]" > > > +#define VECTORS_NAME "[vectors]" > > > + > > > +#define VMFLAGS "VmFlags:" > > > +#define MSEAL_FLAGS "sl" > > > +#define MAX_LINE_LEN 512 > > > + > > > +bool has_mapping(char *name, FILE *maps) > > > +{ > > > + char line[MAX_LINE_LEN]; > > > + > > > + while (fgets(line, sizeof(line), maps)) { > > > + if (strstr(line, name)) > > > + return true; > > > + } > > > + > > > + return false; > > > +} > > > + > > > +bool mapping_is_sealed(char *name, FILE *maps) > > > +{ > > > + char line[MAX_LINE_LEN]; > > > + > > > + while (fgets(line, sizeof(line), maps)) { > > > + if (!strncmp(line, VMFLAGS, strlen(VMFLAGS))) { > > > + if (strstr(line, MSEAL_FLAGS)) > > > + return true; > > > + > > > + return false; > > > + } > > > + } > > > + > > > + return false; > > > +} > > > + > > > +FIXTURE(basic) { > > > + FILE *maps; > > > +}; > > > + > > > +FIXTURE_SETUP(basic) > > > +{ > > > + self->maps =3D fopen("/proc/self/smaps", "r"); > > > + if (!self->maps) > > > + SKIP(return, "Could not open /proc/self/smap, errno=3D%d"= , > > > + errno); > > > +}; > > > + > > > +FIXTURE_TEARDOWN(basic) > > > +{ > > > + if (self->maps) > > > + fclose(self->maps); > > > +}; > > > + > > > +FIXTURE_VARIANT(basic) > > > +{ > > > + char *name; > > > +}; > > > + > > > +FIXTURE_VARIANT_ADD(basic, vdso) { > > > + .name =3D VDSO_NAME, > > > +}; > > > + > > > +FIXTURE_VARIANT_ADD(basic, vvar) { > > > + .name =3D VVAR_NAME, > > > +}; > > > + > > > +FIXTURE_VARIANT_ADD(basic, vvar_vclock) { > > > + .name =3D VVAR_VCLOCK_NAME, > > > +}; > > > + > > > +FIXTURE_VARIANT_ADD(basic, sigpage) { > > > + .name =3D SIGPAGE_NAME, > > > +}; > > > + > > > +FIXTURE_VARIANT_ADD(basic, vectors) { > > > + .name =3D VECTORS_NAME, > > > +}; > > > + > > > +FIXTURE_VARIANT_ADD(basic, uprobes) { > > > + .name =3D UPROBES_NAME, > > > +}; > > > + > > > +TEST_F(basic, is_sealed) > > > +{ > > > + if (!has_mapping(variant->name, self->maps)) { > > > + SKIP(return, "could not found the mapping, %s", > > > + variant->name); > > > + } > > > + > > > + EXPECT_TRUE(mapping_is_sealed(variant->name, self->maps)); > > > +}; > > > + > > > +TEST_HARNESS_MAIN > > > -- > > > 2.48.1.711.g2feabab25a-goog > > >