From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5BABC00144 for ; Fri, 29 Jul 2022 22:00:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0DEF46B0071; Fri, 29 Jul 2022 18:00:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0660C8E0001; Fri, 29 Jul 2022 18:00:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DD4E36B0073; Fri, 29 Jul 2022 18:00:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id C8E726B0071 for ; Fri, 29 Jul 2022 18:00:43 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id A460A1C6B6A for ; Fri, 29 Jul 2022 22:00:43 +0000 (UTC) X-FDA: 79741507566.30.5666721 Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by imf29.hostedemail.com (Postfix) with ESMTP id 43D4E1200B6 for ; Fri, 29 Jul 2022 22:00:43 +0000 (UTC) Received: by mail-pl1-f180.google.com with SMTP id x10so5017685plb.3 for ; Fri, 29 Jul 2022 15:00:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=M6h4ohZ2Xp6R3ogVvEX4OuhDaK3xwr7fdihhnTifVFE=; b=Hh3udcBgOmHDHFs4xZ2AYfapyxGTL4aNTTwsw1jabkNYhQWntuDiiyBltZO3ocuI7l jrjikwlBeMC5AycuKMDP7YSkUBVNwQLcxvYcBUeVkRnslx85bVunbpbRuy2yO2fvdKMH v4QnNcNTz6k17yfOndGCQuw8grdwHjt0OoY+WkcJ1aMz39Zx1i+Df8nAM246eWV0CVGu p03qAcs2lL8MD8jaiJhbYb/77yj6XQRfFSMigLUY4LiEoWFhoTGEoJwWvW0B38EFu32K k3if07ulbtee9ALhWPvmywvPN5THinApcIn4BNTryBMfWF3uJyVestLteJjc9TLnN4e7 /iYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=M6h4ohZ2Xp6R3ogVvEX4OuhDaK3xwr7fdihhnTifVFE=; b=lITaDSZIUb+ljxCnCZv8hYWUkVPJiattEIewRmpHPWciktuwkYYgXX0NtyXwqaWUYr X9+zLyLujdLj4BGMiolqHUKnrlLNa2dR2CobSNwAyAYvsSgUdtGedStgKis1VYMxOq/z B0LkLAfGev4C99R0HuxBxqKEKALL7YzYR7rmf+oaxe9k1jAwEfoK6k9V3RUSFszZGpGR Td2unhC9uyLxMcigrgPNAfPSt7GF17iz45ZGIT24vyjSxZ+jt7cEtZQ2YnXLqtMSrjT6 Y5LnvFCp1rzAS64JNWQbWt5iAyUG4PdZ+gIorHmjEzkKwc/KSzpoRlz7b06ZJIDQ616/ TZ4A== X-Gm-Message-State: ACgBeo0nVJ8GOlFUGPfWTivzThnGOFliEeQllNIBYqOgIy3d6wQSKu6c euIZWZaKUpR9xZRawdC6hvaXd3YwuNf2tvwVp6pSIw== X-Google-Smtp-Source: AA6agR4uf8A0oZw69pkPAzRO4OYeL0SdNIJXKU9sGKb8X7Pmvg1arDvaoy1Sp/zSjHB+xpVg1xbkPADDnhGUC95lQGM= X-Received: by 2002:a17:903:228d:b0:16d:4549:1078 with SMTP id b13-20020a170903228d00b0016d45491078mr5703844plh.78.1659132041958; Fri, 29 Jul 2022 15:00:41 -0700 (PDT) MIME-Version: 1.0 References: <6f71a4f3-8f8e-926b-883c-1df630cfc1a0@linuxfoundation.org> <20220729061504.744140-1-jeffxu@google.com> In-Reply-To: <20220729061504.744140-1-jeffxu@google.com> From: Jeff Xu Date: Fri, 29 Jul 2022 15:00:05 -0700 Message-ID: Subject: Re: [PATCH 3/4] selftests/memfd: add tests for F_SEAL_EXEC To: skhan@linuxfoundation.org Cc: akpm@linux-foundation.org, dmitry.torokhov@gmail.com, dverkamp@chromium.org, hughd@google.com, jorgelo@chromium.org, keescook@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, mnissler@chromium.org Content-Type: text/plain; charset="UTF-8" ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=Hh3udcBg; spf=pass (imf29.hostedemail.com: domain of jeffxu@google.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=jeffxu@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1659132043; a=rsa-sha256; cv=none; b=6vymuqFUVa9yo6ml/g6cTloaVmjJVngwQn4O954RK7kul8+4rP2iLdeJuFPyD3G46EAmYT +U4401Eoxs7QnCvRAZ+nHkRQ6CFipRmZswD2+8ux4G8JfM0Ywe3FA1MVmuDsGEL91FKQpv fbnV/iVsK+RzQwr1DYWTT/vqxFLdRrI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1659132043; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=M6h4ohZ2Xp6R3ogVvEX4OuhDaK3xwr7fdihhnTifVFE=; b=JDYamwLrKLEXSvrJu3VPfIjSjzeVOkxsuQV9ZNudHazvWkxnEvWjiuccRdQS3PovPE6WAP X6Z6iL9NRHmZXxuB/6C4RVhGti6ZgGyb8AxCRHpYSu+Uo64fUIklQ2+CVjwSxCvo1gTh6h trK2YPlzTkMhoHdqVOUFzgSVaYh8PpE= Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=Hh3udcBg; spf=pass (imf29.hostedemail.com: domain of jeffxu@google.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=jeffxu@google.com; dmarc=pass (policy=reject) header.from=google.com X-Rspam-User: X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 43D4E1200B6 X-Stat-Signature: 6dxzppuqe4fpkews9ckmm383fuchbddu X-HE-Tag: 1659132043-946234 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi Shuah Khan I will continue Daniel Verkamp's work on this patch. Could you please take a look at the new patch set I sent to see if all your comments are addressed ? Much appreciated. Best Regards, Jeff. On Thu, Jul 28, 2022 at 11:15 PM Jeff Xu wrote: > > From: Daniel Verkamp > > Basic tests to ensure that user/group/other execute bits cannot be > changed after applying F_SEAL_EXEC to a memfd. > > Co-developed-by: Jeff Xu > Signed-off-by: Jeff Xu > Signed-off-by: Daniel Verkamp > --- > tools/testing/selftests/memfd/memfd_test.c | 129 ++++++++++++++++++++- > 1 file changed, 128 insertions(+), 1 deletion(-) > > diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c > index 94df2692e6e4..1d7e7b36bbdd 100644 > --- a/tools/testing/selftests/memfd/memfd_test.c > +++ b/tools/testing/selftests/memfd/memfd_test.c > @@ -28,12 +28,44 @@ > #define MFD_DEF_SIZE 8192 > #define STACK_SIZE 65536 > > +#ifndef F_SEAL_EXEC > +#define F_SEAL_EXEC 0x0020 > +#endif > + > +#ifndef MAX_PATH > +#define MAX_PATH 256 > +#endif > + > /* > * Default is not to test hugetlbfs > */ > static size_t mfd_def_size = MFD_DEF_SIZE; > static const char *memfd_str = MEMFD_STR; > > +static ssize_t fd2name(int fd, char *buf, size_t bufsize) > +{ > + char buf1[MAX_PATH]; > + int size; > + ssize_t nbytes; > + > + size = snprintf(buf1, MAX_PATH, "/proc/self/fd/%d", fd); > + if (size < 0) { > + printf("snprintf(%d) failed on %m\n", fd); > + abort(); > + } > + > + /* > + * reserver one byte for string termination. > + */ > + nbytes = readlink(buf1, buf, bufsize-1); > + if (nbytes == -1) { > + printf("readlink(%s) failed %m\n", buf1); > + abort(); > + } > + buf[nbytes] = '\0'; > + return nbytes; > +} > + > static int mfd_assert_new(const char *name, loff_t sz, unsigned int flags) > { > int r, fd; > @@ -98,11 +130,14 @@ static unsigned int mfd_assert_get_seals(int fd) > > static void mfd_assert_has_seals(int fd, unsigned int seals) > { > + char buf[MAX_PATH]; > + int nbytes; > unsigned int s; > + fd2name(fd, buf, MAX_PATH); > > s = mfd_assert_get_seals(fd); > if (s != seals) { > - printf("%u != %u = GET_SEALS(%d)\n", seals, s, fd); > + printf("%u != %u = GET_SEALS(%s)\n", seals, s, buf); > abort(); > } > } > @@ -594,6 +629,64 @@ static void mfd_fail_grow_write(int fd) > } > } > > +static void mfd_assert_mode(int fd, int mode) > +{ > + struct stat st; > + char buf[MAX_PATH]; > + int nbytes; > + > + fd2name(fd, buf, MAX_PATH); > + > + if (fstat(fd, &st) < 0) { > + printf("fstat(%s) failed: %m\n", buf); > + abort(); > + } > + > + if ((st.st_mode & 07777) != mode) { > + printf("fstat(%s) wrong file mode 0%04o, but expected 0%04o\n", > + buf, (int)st.st_mode & 07777, mode); > + abort(); > + } > +} > + > +static void mfd_assert_chmod(int fd, int mode) > +{ > + char buf[MAX_PATH]; > + int nbytes; > + > + fd2name(fd, buf, MAX_PATH); > + > + if (fchmod(fd, mode) < 0) { > + printf("fchmod(%s, 0%04o) failed: %m\n", buf, mode); > + abort(); > + } > + > + mfd_assert_mode(fd, mode); > +} > + > +static void mfd_fail_chmod(int fd, int mode) > +{ > + struct stat st; > + char buf[MAX_PATH]; > + int nbytes; > + > + fd2name(fd, buf, MAX_PATH); > + > + if (fstat(fd, &st) < 0) { > + printf("fstat(%s) failed: %m\n", buf); > + abort(); > + } > + > + if (fchmod(fd, mode) == 0) { > + printf("fchmod(%s, 0%04o) didn't fail as expected\n", > + buf, mode); > + abort(); > + } > + > + /* verify that file mode bits did not change */ > + mfd_assert_mode(fd, st.st_mode & 07777); > +} > + > static int idle_thread_fn(void *arg) > { > sigset_t set; > @@ -880,6 +973,39 @@ static void test_seal_resize(void) > close(fd); > } > > +/* > + * Test SEAL_EXEC > + * Test that chmod() cannot change x bits after sealing > + */ > +static void test_seal_exec(void) > +{ > + int fd; > + > + printf("%s SEAL-EXEC\n", memfd_str); > + > + fd = mfd_assert_new("kern_memfd_seal_exec", > + mfd_def_size, > + MFD_CLOEXEC | MFD_ALLOW_SEALING); > + > + mfd_assert_mode(fd, 0777); > + > + mfd_assert_chmod(fd, 0644); > + > + mfd_assert_has_seals(fd, 0); > + mfd_assert_add_seals(fd, F_SEAL_EXEC); > + mfd_assert_has_seals(fd, F_SEAL_EXEC); > + > + mfd_assert_chmod(fd, 0600); > + mfd_fail_chmod(fd, 0777); > + mfd_fail_chmod(fd, 0670); > + mfd_fail_chmod(fd, 0605); > + mfd_fail_chmod(fd, 0700); > + mfd_fail_chmod(fd, 0100); > + mfd_assert_chmod(fd, 0666); > + > + close(fd); > +} > + > /* > * Test sharing via dup() > * Test that seals are shared between dupped FDs and they're all equal. > @@ -1059,6 +1185,7 @@ int main(int argc, char **argv) > test_seal_shrink(); > test_seal_grow(); > test_seal_resize(); > + test_seal_exec(); > > test_share_dup("SHARE-DUP", ""); > test_share_mmap("SHARE-MMAP", ""); > -- > 2.37.1.455.g008518b4e5-goog >