1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0
2*4882a593Smuzhiyun #define _GNU_SOURCE
3*4882a593Smuzhiyun #define __EXPORTED_HEADERS__
4*4882a593Smuzhiyun
5*4882a593Smuzhiyun #include <errno.h>
6*4882a593Smuzhiyun #include <inttypes.h>
7*4882a593Smuzhiyun #include <limits.h>
8*4882a593Smuzhiyun #include <linux/falloc.h>
9*4882a593Smuzhiyun #include <linux/fcntl.h>
10*4882a593Smuzhiyun #include <linux/memfd.h>
11*4882a593Smuzhiyun #include <sched.h>
12*4882a593Smuzhiyun #include <stdio.h>
13*4882a593Smuzhiyun #include <stdlib.h>
14*4882a593Smuzhiyun #include <signal.h>
15*4882a593Smuzhiyun #include <string.h>
16*4882a593Smuzhiyun #include <sys/mman.h>
17*4882a593Smuzhiyun #include <sys/stat.h>
18*4882a593Smuzhiyun #include <sys/syscall.h>
19*4882a593Smuzhiyun #include <sys/wait.h>
20*4882a593Smuzhiyun #include <unistd.h>
21*4882a593Smuzhiyun
22*4882a593Smuzhiyun #include "common.h"
23*4882a593Smuzhiyun
24*4882a593Smuzhiyun #define MEMFD_STR "memfd:"
25*4882a593Smuzhiyun #define MEMFD_HUGE_STR "memfd-hugetlb:"
26*4882a593Smuzhiyun #define SHARED_FT_STR "(shared file-table)"
27*4882a593Smuzhiyun
28*4882a593Smuzhiyun #define MFD_DEF_SIZE 8192
29*4882a593Smuzhiyun #define STACK_SIZE 65536
30*4882a593Smuzhiyun
31*4882a593Smuzhiyun /*
32*4882a593Smuzhiyun * Default is not to test hugetlbfs
33*4882a593Smuzhiyun */
34*4882a593Smuzhiyun static size_t mfd_def_size = MFD_DEF_SIZE;
35*4882a593Smuzhiyun static const char *memfd_str = MEMFD_STR;
36*4882a593Smuzhiyun
mfd_assert_new(const char * name,loff_t sz,unsigned int flags)37*4882a593Smuzhiyun static int mfd_assert_new(const char *name, loff_t sz, unsigned int flags)
38*4882a593Smuzhiyun {
39*4882a593Smuzhiyun int r, fd;
40*4882a593Smuzhiyun
41*4882a593Smuzhiyun fd = sys_memfd_create(name, flags);
42*4882a593Smuzhiyun if (fd < 0) {
43*4882a593Smuzhiyun printf("memfd_create(\"%s\", %u) failed: %m\n",
44*4882a593Smuzhiyun name, flags);
45*4882a593Smuzhiyun abort();
46*4882a593Smuzhiyun }
47*4882a593Smuzhiyun
48*4882a593Smuzhiyun r = ftruncate(fd, sz);
49*4882a593Smuzhiyun if (r < 0) {
50*4882a593Smuzhiyun printf("ftruncate(%llu) failed: %m\n", (unsigned long long)sz);
51*4882a593Smuzhiyun abort();
52*4882a593Smuzhiyun }
53*4882a593Smuzhiyun
54*4882a593Smuzhiyun return fd;
55*4882a593Smuzhiyun }
56*4882a593Smuzhiyun
mfd_assert_reopen_fd(int fd_in)57*4882a593Smuzhiyun static int mfd_assert_reopen_fd(int fd_in)
58*4882a593Smuzhiyun {
59*4882a593Smuzhiyun int r, fd;
60*4882a593Smuzhiyun char path[100];
61*4882a593Smuzhiyun
62*4882a593Smuzhiyun sprintf(path, "/proc/self/fd/%d", fd_in);
63*4882a593Smuzhiyun
64*4882a593Smuzhiyun fd = open(path, O_RDWR);
65*4882a593Smuzhiyun if (fd < 0) {
66*4882a593Smuzhiyun printf("re-open of existing fd %d failed\n", fd_in);
67*4882a593Smuzhiyun abort();
68*4882a593Smuzhiyun }
69*4882a593Smuzhiyun
70*4882a593Smuzhiyun return fd;
71*4882a593Smuzhiyun }
72*4882a593Smuzhiyun
mfd_fail_new(const char * name,unsigned int flags)73*4882a593Smuzhiyun static void mfd_fail_new(const char *name, unsigned int flags)
74*4882a593Smuzhiyun {
75*4882a593Smuzhiyun int r;
76*4882a593Smuzhiyun
77*4882a593Smuzhiyun r = sys_memfd_create(name, flags);
78*4882a593Smuzhiyun if (r >= 0) {
79*4882a593Smuzhiyun printf("memfd_create(\"%s\", %u) succeeded, but failure expected\n",
80*4882a593Smuzhiyun name, flags);
81*4882a593Smuzhiyun close(r);
82*4882a593Smuzhiyun abort();
83*4882a593Smuzhiyun }
84*4882a593Smuzhiyun }
85*4882a593Smuzhiyun
mfd_assert_get_seals(int fd)86*4882a593Smuzhiyun static unsigned int mfd_assert_get_seals(int fd)
87*4882a593Smuzhiyun {
88*4882a593Smuzhiyun int r;
89*4882a593Smuzhiyun
90*4882a593Smuzhiyun r = fcntl(fd, F_GET_SEALS);
91*4882a593Smuzhiyun if (r < 0) {
92*4882a593Smuzhiyun printf("GET_SEALS(%d) failed: %m\n", fd);
93*4882a593Smuzhiyun abort();
94*4882a593Smuzhiyun }
95*4882a593Smuzhiyun
96*4882a593Smuzhiyun return (unsigned int)r;
97*4882a593Smuzhiyun }
98*4882a593Smuzhiyun
mfd_assert_has_seals(int fd,unsigned int seals)99*4882a593Smuzhiyun static void mfd_assert_has_seals(int fd, unsigned int seals)
100*4882a593Smuzhiyun {
101*4882a593Smuzhiyun unsigned int s;
102*4882a593Smuzhiyun
103*4882a593Smuzhiyun s = mfd_assert_get_seals(fd);
104*4882a593Smuzhiyun if (s != seals) {
105*4882a593Smuzhiyun printf("%u != %u = GET_SEALS(%d)\n", seals, s, fd);
106*4882a593Smuzhiyun abort();
107*4882a593Smuzhiyun }
108*4882a593Smuzhiyun }
109*4882a593Smuzhiyun
mfd_assert_add_seals(int fd,unsigned int seals)110*4882a593Smuzhiyun static void mfd_assert_add_seals(int fd, unsigned int seals)
111*4882a593Smuzhiyun {
112*4882a593Smuzhiyun int r;
113*4882a593Smuzhiyun unsigned int s;
114*4882a593Smuzhiyun
115*4882a593Smuzhiyun s = mfd_assert_get_seals(fd);
116*4882a593Smuzhiyun r = fcntl(fd, F_ADD_SEALS, seals);
117*4882a593Smuzhiyun if (r < 0) {
118*4882a593Smuzhiyun printf("ADD_SEALS(%d, %u -> %u) failed: %m\n", fd, s, seals);
119*4882a593Smuzhiyun abort();
120*4882a593Smuzhiyun }
121*4882a593Smuzhiyun }
122*4882a593Smuzhiyun
mfd_fail_add_seals(int fd,unsigned int seals)123*4882a593Smuzhiyun static void mfd_fail_add_seals(int fd, unsigned int seals)
124*4882a593Smuzhiyun {
125*4882a593Smuzhiyun int r;
126*4882a593Smuzhiyun unsigned int s;
127*4882a593Smuzhiyun
128*4882a593Smuzhiyun r = fcntl(fd, F_GET_SEALS);
129*4882a593Smuzhiyun if (r < 0)
130*4882a593Smuzhiyun s = 0;
131*4882a593Smuzhiyun else
132*4882a593Smuzhiyun s = (unsigned int)r;
133*4882a593Smuzhiyun
134*4882a593Smuzhiyun r = fcntl(fd, F_ADD_SEALS, seals);
135*4882a593Smuzhiyun if (r >= 0) {
136*4882a593Smuzhiyun printf("ADD_SEALS(%d, %u -> %u) didn't fail as expected\n",
137*4882a593Smuzhiyun fd, s, seals);
138*4882a593Smuzhiyun abort();
139*4882a593Smuzhiyun }
140*4882a593Smuzhiyun }
141*4882a593Smuzhiyun
mfd_assert_size(int fd,size_t size)142*4882a593Smuzhiyun static void mfd_assert_size(int fd, size_t size)
143*4882a593Smuzhiyun {
144*4882a593Smuzhiyun struct stat st;
145*4882a593Smuzhiyun int r;
146*4882a593Smuzhiyun
147*4882a593Smuzhiyun r = fstat(fd, &st);
148*4882a593Smuzhiyun if (r < 0) {
149*4882a593Smuzhiyun printf("fstat(%d) failed: %m\n", fd);
150*4882a593Smuzhiyun abort();
151*4882a593Smuzhiyun } else if (st.st_size != size) {
152*4882a593Smuzhiyun printf("wrong file size %lld, but expected %lld\n",
153*4882a593Smuzhiyun (long long)st.st_size, (long long)size);
154*4882a593Smuzhiyun abort();
155*4882a593Smuzhiyun }
156*4882a593Smuzhiyun }
157*4882a593Smuzhiyun
mfd_assert_dup(int fd)158*4882a593Smuzhiyun static int mfd_assert_dup(int fd)
159*4882a593Smuzhiyun {
160*4882a593Smuzhiyun int r;
161*4882a593Smuzhiyun
162*4882a593Smuzhiyun r = dup(fd);
163*4882a593Smuzhiyun if (r < 0) {
164*4882a593Smuzhiyun printf("dup(%d) failed: %m\n", fd);
165*4882a593Smuzhiyun abort();
166*4882a593Smuzhiyun }
167*4882a593Smuzhiyun
168*4882a593Smuzhiyun return r;
169*4882a593Smuzhiyun }
170*4882a593Smuzhiyun
mfd_assert_mmap_shared(int fd)171*4882a593Smuzhiyun static void *mfd_assert_mmap_shared(int fd)
172*4882a593Smuzhiyun {
173*4882a593Smuzhiyun void *p;
174*4882a593Smuzhiyun
175*4882a593Smuzhiyun p = mmap(NULL,
176*4882a593Smuzhiyun mfd_def_size,
177*4882a593Smuzhiyun PROT_READ | PROT_WRITE,
178*4882a593Smuzhiyun MAP_SHARED,
179*4882a593Smuzhiyun fd,
180*4882a593Smuzhiyun 0);
181*4882a593Smuzhiyun if (p == MAP_FAILED) {
182*4882a593Smuzhiyun printf("mmap() failed: %m\n");
183*4882a593Smuzhiyun abort();
184*4882a593Smuzhiyun }
185*4882a593Smuzhiyun
186*4882a593Smuzhiyun return p;
187*4882a593Smuzhiyun }
188*4882a593Smuzhiyun
mfd_assert_mmap_private(int fd)189*4882a593Smuzhiyun static void *mfd_assert_mmap_private(int fd)
190*4882a593Smuzhiyun {
191*4882a593Smuzhiyun void *p;
192*4882a593Smuzhiyun
193*4882a593Smuzhiyun p = mmap(NULL,
194*4882a593Smuzhiyun mfd_def_size,
195*4882a593Smuzhiyun PROT_READ,
196*4882a593Smuzhiyun MAP_PRIVATE,
197*4882a593Smuzhiyun fd,
198*4882a593Smuzhiyun 0);
199*4882a593Smuzhiyun if (p == MAP_FAILED) {
200*4882a593Smuzhiyun printf("mmap() failed: %m\n");
201*4882a593Smuzhiyun abort();
202*4882a593Smuzhiyun }
203*4882a593Smuzhiyun
204*4882a593Smuzhiyun return p;
205*4882a593Smuzhiyun }
206*4882a593Smuzhiyun
mfd_assert_open(int fd,int flags,mode_t mode)207*4882a593Smuzhiyun static int mfd_assert_open(int fd, int flags, mode_t mode)
208*4882a593Smuzhiyun {
209*4882a593Smuzhiyun char buf[512];
210*4882a593Smuzhiyun int r;
211*4882a593Smuzhiyun
212*4882a593Smuzhiyun sprintf(buf, "/proc/self/fd/%d", fd);
213*4882a593Smuzhiyun r = open(buf, flags, mode);
214*4882a593Smuzhiyun if (r < 0) {
215*4882a593Smuzhiyun printf("open(%s) failed: %m\n", buf);
216*4882a593Smuzhiyun abort();
217*4882a593Smuzhiyun }
218*4882a593Smuzhiyun
219*4882a593Smuzhiyun return r;
220*4882a593Smuzhiyun }
221*4882a593Smuzhiyun
mfd_fail_open(int fd,int flags,mode_t mode)222*4882a593Smuzhiyun static void mfd_fail_open(int fd, int flags, mode_t mode)
223*4882a593Smuzhiyun {
224*4882a593Smuzhiyun char buf[512];
225*4882a593Smuzhiyun int r;
226*4882a593Smuzhiyun
227*4882a593Smuzhiyun sprintf(buf, "/proc/self/fd/%d", fd);
228*4882a593Smuzhiyun r = open(buf, flags, mode);
229*4882a593Smuzhiyun if (r >= 0) {
230*4882a593Smuzhiyun printf("open(%s) didn't fail as expected\n", buf);
231*4882a593Smuzhiyun abort();
232*4882a593Smuzhiyun }
233*4882a593Smuzhiyun }
234*4882a593Smuzhiyun
mfd_assert_read(int fd)235*4882a593Smuzhiyun static void mfd_assert_read(int fd)
236*4882a593Smuzhiyun {
237*4882a593Smuzhiyun char buf[16];
238*4882a593Smuzhiyun void *p;
239*4882a593Smuzhiyun ssize_t l;
240*4882a593Smuzhiyun
241*4882a593Smuzhiyun l = read(fd, buf, sizeof(buf));
242*4882a593Smuzhiyun if (l != sizeof(buf)) {
243*4882a593Smuzhiyun printf("read() failed: %m\n");
244*4882a593Smuzhiyun abort();
245*4882a593Smuzhiyun }
246*4882a593Smuzhiyun
247*4882a593Smuzhiyun /* verify PROT_READ *is* allowed */
248*4882a593Smuzhiyun p = mmap(NULL,
249*4882a593Smuzhiyun mfd_def_size,
250*4882a593Smuzhiyun PROT_READ,
251*4882a593Smuzhiyun MAP_PRIVATE,
252*4882a593Smuzhiyun fd,
253*4882a593Smuzhiyun 0);
254*4882a593Smuzhiyun if (p == MAP_FAILED) {
255*4882a593Smuzhiyun printf("mmap() failed: %m\n");
256*4882a593Smuzhiyun abort();
257*4882a593Smuzhiyun }
258*4882a593Smuzhiyun munmap(p, mfd_def_size);
259*4882a593Smuzhiyun
260*4882a593Smuzhiyun /* verify MAP_PRIVATE is *always* allowed (even writable) */
261*4882a593Smuzhiyun p = mmap(NULL,
262*4882a593Smuzhiyun mfd_def_size,
263*4882a593Smuzhiyun PROT_READ | PROT_WRITE,
264*4882a593Smuzhiyun MAP_PRIVATE,
265*4882a593Smuzhiyun fd,
266*4882a593Smuzhiyun 0);
267*4882a593Smuzhiyun if (p == MAP_FAILED) {
268*4882a593Smuzhiyun printf("mmap() failed: %m\n");
269*4882a593Smuzhiyun abort();
270*4882a593Smuzhiyun }
271*4882a593Smuzhiyun munmap(p, mfd_def_size);
272*4882a593Smuzhiyun }
273*4882a593Smuzhiyun
274*4882a593Smuzhiyun /* Test that PROT_READ + MAP_SHARED mappings work. */
mfd_assert_read_shared(int fd)275*4882a593Smuzhiyun static void mfd_assert_read_shared(int fd)
276*4882a593Smuzhiyun {
277*4882a593Smuzhiyun void *p;
278*4882a593Smuzhiyun
279*4882a593Smuzhiyun /* verify PROT_READ and MAP_SHARED *is* allowed */
280*4882a593Smuzhiyun p = mmap(NULL,
281*4882a593Smuzhiyun mfd_def_size,
282*4882a593Smuzhiyun PROT_READ,
283*4882a593Smuzhiyun MAP_SHARED,
284*4882a593Smuzhiyun fd,
285*4882a593Smuzhiyun 0);
286*4882a593Smuzhiyun if (p == MAP_FAILED) {
287*4882a593Smuzhiyun printf("mmap() failed: %m\n");
288*4882a593Smuzhiyun abort();
289*4882a593Smuzhiyun }
290*4882a593Smuzhiyun munmap(p, mfd_def_size);
291*4882a593Smuzhiyun }
292*4882a593Smuzhiyun
mfd_assert_fork_private_write(int fd)293*4882a593Smuzhiyun static void mfd_assert_fork_private_write(int fd)
294*4882a593Smuzhiyun {
295*4882a593Smuzhiyun int *p;
296*4882a593Smuzhiyun pid_t pid;
297*4882a593Smuzhiyun
298*4882a593Smuzhiyun p = mmap(NULL,
299*4882a593Smuzhiyun mfd_def_size,
300*4882a593Smuzhiyun PROT_READ | PROT_WRITE,
301*4882a593Smuzhiyun MAP_PRIVATE,
302*4882a593Smuzhiyun fd,
303*4882a593Smuzhiyun 0);
304*4882a593Smuzhiyun if (p == MAP_FAILED) {
305*4882a593Smuzhiyun printf("mmap() failed: %m\n");
306*4882a593Smuzhiyun abort();
307*4882a593Smuzhiyun }
308*4882a593Smuzhiyun
309*4882a593Smuzhiyun p[0] = 22;
310*4882a593Smuzhiyun
311*4882a593Smuzhiyun pid = fork();
312*4882a593Smuzhiyun if (pid == 0) {
313*4882a593Smuzhiyun p[0] = 33;
314*4882a593Smuzhiyun exit(0);
315*4882a593Smuzhiyun } else {
316*4882a593Smuzhiyun waitpid(pid, NULL, 0);
317*4882a593Smuzhiyun
318*4882a593Smuzhiyun if (p[0] != 22) {
319*4882a593Smuzhiyun printf("MAP_PRIVATE copy-on-write failed: %m\n");
320*4882a593Smuzhiyun abort();
321*4882a593Smuzhiyun }
322*4882a593Smuzhiyun }
323*4882a593Smuzhiyun
324*4882a593Smuzhiyun munmap(p, mfd_def_size);
325*4882a593Smuzhiyun }
326*4882a593Smuzhiyun
mfd_assert_write(int fd)327*4882a593Smuzhiyun static void mfd_assert_write(int fd)
328*4882a593Smuzhiyun {
329*4882a593Smuzhiyun ssize_t l;
330*4882a593Smuzhiyun void *p;
331*4882a593Smuzhiyun int r;
332*4882a593Smuzhiyun
333*4882a593Smuzhiyun /*
334*4882a593Smuzhiyun * huegtlbfs does not support write, but we want to
335*4882a593Smuzhiyun * verify everything else here.
336*4882a593Smuzhiyun */
337*4882a593Smuzhiyun if (!hugetlbfs_test) {
338*4882a593Smuzhiyun /* verify write() succeeds */
339*4882a593Smuzhiyun l = write(fd, "\0\0\0\0", 4);
340*4882a593Smuzhiyun if (l != 4) {
341*4882a593Smuzhiyun printf("write() failed: %m\n");
342*4882a593Smuzhiyun abort();
343*4882a593Smuzhiyun }
344*4882a593Smuzhiyun }
345*4882a593Smuzhiyun
346*4882a593Smuzhiyun /* verify PROT_READ | PROT_WRITE is allowed */
347*4882a593Smuzhiyun p = mmap(NULL,
348*4882a593Smuzhiyun mfd_def_size,
349*4882a593Smuzhiyun PROT_READ | PROT_WRITE,
350*4882a593Smuzhiyun MAP_SHARED,
351*4882a593Smuzhiyun fd,
352*4882a593Smuzhiyun 0);
353*4882a593Smuzhiyun if (p == MAP_FAILED) {
354*4882a593Smuzhiyun printf("mmap() failed: %m\n");
355*4882a593Smuzhiyun abort();
356*4882a593Smuzhiyun }
357*4882a593Smuzhiyun *(char *)p = 0;
358*4882a593Smuzhiyun munmap(p, mfd_def_size);
359*4882a593Smuzhiyun
360*4882a593Smuzhiyun /* verify PROT_WRITE is allowed */
361*4882a593Smuzhiyun p = mmap(NULL,
362*4882a593Smuzhiyun mfd_def_size,
363*4882a593Smuzhiyun PROT_WRITE,
364*4882a593Smuzhiyun MAP_SHARED,
365*4882a593Smuzhiyun fd,
366*4882a593Smuzhiyun 0);
367*4882a593Smuzhiyun if (p == MAP_FAILED) {
368*4882a593Smuzhiyun printf("mmap() failed: %m\n");
369*4882a593Smuzhiyun abort();
370*4882a593Smuzhiyun }
371*4882a593Smuzhiyun *(char *)p = 0;
372*4882a593Smuzhiyun munmap(p, mfd_def_size);
373*4882a593Smuzhiyun
374*4882a593Smuzhiyun /* verify PROT_READ with MAP_SHARED is allowed and a following
375*4882a593Smuzhiyun * mprotect(PROT_WRITE) allows writing */
376*4882a593Smuzhiyun p = mmap(NULL,
377*4882a593Smuzhiyun mfd_def_size,
378*4882a593Smuzhiyun PROT_READ,
379*4882a593Smuzhiyun MAP_SHARED,
380*4882a593Smuzhiyun fd,
381*4882a593Smuzhiyun 0);
382*4882a593Smuzhiyun if (p == MAP_FAILED) {
383*4882a593Smuzhiyun printf("mmap() failed: %m\n");
384*4882a593Smuzhiyun abort();
385*4882a593Smuzhiyun }
386*4882a593Smuzhiyun
387*4882a593Smuzhiyun r = mprotect(p, mfd_def_size, PROT_READ | PROT_WRITE);
388*4882a593Smuzhiyun if (r < 0) {
389*4882a593Smuzhiyun printf("mprotect() failed: %m\n");
390*4882a593Smuzhiyun abort();
391*4882a593Smuzhiyun }
392*4882a593Smuzhiyun
393*4882a593Smuzhiyun *(char *)p = 0;
394*4882a593Smuzhiyun munmap(p, mfd_def_size);
395*4882a593Smuzhiyun
396*4882a593Smuzhiyun /* verify PUNCH_HOLE works */
397*4882a593Smuzhiyun r = fallocate(fd,
398*4882a593Smuzhiyun FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
399*4882a593Smuzhiyun 0,
400*4882a593Smuzhiyun mfd_def_size);
401*4882a593Smuzhiyun if (r < 0) {
402*4882a593Smuzhiyun printf("fallocate(PUNCH_HOLE) failed: %m\n");
403*4882a593Smuzhiyun abort();
404*4882a593Smuzhiyun }
405*4882a593Smuzhiyun }
406*4882a593Smuzhiyun
mfd_fail_write(int fd)407*4882a593Smuzhiyun static void mfd_fail_write(int fd)
408*4882a593Smuzhiyun {
409*4882a593Smuzhiyun ssize_t l;
410*4882a593Smuzhiyun void *p;
411*4882a593Smuzhiyun int r;
412*4882a593Smuzhiyun
413*4882a593Smuzhiyun /* verify write() fails */
414*4882a593Smuzhiyun l = write(fd, "data", 4);
415*4882a593Smuzhiyun if (l != -EPERM) {
416*4882a593Smuzhiyun printf("expected EPERM on write(), but got %d: %m\n", (int)l);
417*4882a593Smuzhiyun abort();
418*4882a593Smuzhiyun }
419*4882a593Smuzhiyun
420*4882a593Smuzhiyun /* verify PROT_READ | PROT_WRITE is not allowed */
421*4882a593Smuzhiyun p = mmap(NULL,
422*4882a593Smuzhiyun mfd_def_size,
423*4882a593Smuzhiyun PROT_READ | PROT_WRITE,
424*4882a593Smuzhiyun MAP_SHARED,
425*4882a593Smuzhiyun fd,
426*4882a593Smuzhiyun 0);
427*4882a593Smuzhiyun if (p != MAP_FAILED) {
428*4882a593Smuzhiyun printf("mmap() didn't fail as expected\n");
429*4882a593Smuzhiyun abort();
430*4882a593Smuzhiyun }
431*4882a593Smuzhiyun
432*4882a593Smuzhiyun /* verify PROT_WRITE is not allowed */
433*4882a593Smuzhiyun p = mmap(NULL,
434*4882a593Smuzhiyun mfd_def_size,
435*4882a593Smuzhiyun PROT_WRITE,
436*4882a593Smuzhiyun MAP_SHARED,
437*4882a593Smuzhiyun fd,
438*4882a593Smuzhiyun 0);
439*4882a593Smuzhiyun if (p != MAP_FAILED) {
440*4882a593Smuzhiyun printf("mmap() didn't fail as expected\n");
441*4882a593Smuzhiyun abort();
442*4882a593Smuzhiyun }
443*4882a593Smuzhiyun
444*4882a593Smuzhiyun /* Verify PROT_READ with MAP_SHARED with a following mprotect is not
445*4882a593Smuzhiyun * allowed. Note that for r/w the kernel already prevents the mmap. */
446*4882a593Smuzhiyun p = mmap(NULL,
447*4882a593Smuzhiyun mfd_def_size,
448*4882a593Smuzhiyun PROT_READ,
449*4882a593Smuzhiyun MAP_SHARED,
450*4882a593Smuzhiyun fd,
451*4882a593Smuzhiyun 0);
452*4882a593Smuzhiyun if (p != MAP_FAILED) {
453*4882a593Smuzhiyun r = mprotect(p, mfd_def_size, PROT_READ | PROT_WRITE);
454*4882a593Smuzhiyun if (r >= 0) {
455*4882a593Smuzhiyun printf("mmap()+mprotect() didn't fail as expected\n");
456*4882a593Smuzhiyun abort();
457*4882a593Smuzhiyun }
458*4882a593Smuzhiyun munmap(p, mfd_def_size);
459*4882a593Smuzhiyun }
460*4882a593Smuzhiyun
461*4882a593Smuzhiyun /* verify PUNCH_HOLE fails */
462*4882a593Smuzhiyun r = fallocate(fd,
463*4882a593Smuzhiyun FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
464*4882a593Smuzhiyun 0,
465*4882a593Smuzhiyun mfd_def_size);
466*4882a593Smuzhiyun if (r >= 0) {
467*4882a593Smuzhiyun printf("fallocate(PUNCH_HOLE) didn't fail as expected\n");
468*4882a593Smuzhiyun abort();
469*4882a593Smuzhiyun }
470*4882a593Smuzhiyun }
471*4882a593Smuzhiyun
mfd_assert_shrink(int fd)472*4882a593Smuzhiyun static void mfd_assert_shrink(int fd)
473*4882a593Smuzhiyun {
474*4882a593Smuzhiyun int r, fd2;
475*4882a593Smuzhiyun
476*4882a593Smuzhiyun r = ftruncate(fd, mfd_def_size / 2);
477*4882a593Smuzhiyun if (r < 0) {
478*4882a593Smuzhiyun printf("ftruncate(SHRINK) failed: %m\n");
479*4882a593Smuzhiyun abort();
480*4882a593Smuzhiyun }
481*4882a593Smuzhiyun
482*4882a593Smuzhiyun mfd_assert_size(fd, mfd_def_size / 2);
483*4882a593Smuzhiyun
484*4882a593Smuzhiyun fd2 = mfd_assert_open(fd,
485*4882a593Smuzhiyun O_RDWR | O_CREAT | O_TRUNC,
486*4882a593Smuzhiyun S_IRUSR | S_IWUSR);
487*4882a593Smuzhiyun close(fd2);
488*4882a593Smuzhiyun
489*4882a593Smuzhiyun mfd_assert_size(fd, 0);
490*4882a593Smuzhiyun }
491*4882a593Smuzhiyun
mfd_fail_shrink(int fd)492*4882a593Smuzhiyun static void mfd_fail_shrink(int fd)
493*4882a593Smuzhiyun {
494*4882a593Smuzhiyun int r;
495*4882a593Smuzhiyun
496*4882a593Smuzhiyun r = ftruncate(fd, mfd_def_size / 2);
497*4882a593Smuzhiyun if (r >= 0) {
498*4882a593Smuzhiyun printf("ftruncate(SHRINK) didn't fail as expected\n");
499*4882a593Smuzhiyun abort();
500*4882a593Smuzhiyun }
501*4882a593Smuzhiyun
502*4882a593Smuzhiyun mfd_fail_open(fd,
503*4882a593Smuzhiyun O_RDWR | O_CREAT | O_TRUNC,
504*4882a593Smuzhiyun S_IRUSR | S_IWUSR);
505*4882a593Smuzhiyun }
506*4882a593Smuzhiyun
mfd_assert_grow(int fd)507*4882a593Smuzhiyun static void mfd_assert_grow(int fd)
508*4882a593Smuzhiyun {
509*4882a593Smuzhiyun int r;
510*4882a593Smuzhiyun
511*4882a593Smuzhiyun r = ftruncate(fd, mfd_def_size * 2);
512*4882a593Smuzhiyun if (r < 0) {
513*4882a593Smuzhiyun printf("ftruncate(GROW) failed: %m\n");
514*4882a593Smuzhiyun abort();
515*4882a593Smuzhiyun }
516*4882a593Smuzhiyun
517*4882a593Smuzhiyun mfd_assert_size(fd, mfd_def_size * 2);
518*4882a593Smuzhiyun
519*4882a593Smuzhiyun r = fallocate(fd,
520*4882a593Smuzhiyun 0,
521*4882a593Smuzhiyun 0,
522*4882a593Smuzhiyun mfd_def_size * 4);
523*4882a593Smuzhiyun if (r < 0) {
524*4882a593Smuzhiyun printf("fallocate(ALLOC) failed: %m\n");
525*4882a593Smuzhiyun abort();
526*4882a593Smuzhiyun }
527*4882a593Smuzhiyun
528*4882a593Smuzhiyun mfd_assert_size(fd, mfd_def_size * 4);
529*4882a593Smuzhiyun }
530*4882a593Smuzhiyun
mfd_fail_grow(int fd)531*4882a593Smuzhiyun static void mfd_fail_grow(int fd)
532*4882a593Smuzhiyun {
533*4882a593Smuzhiyun int r;
534*4882a593Smuzhiyun
535*4882a593Smuzhiyun r = ftruncate(fd, mfd_def_size * 2);
536*4882a593Smuzhiyun if (r >= 0) {
537*4882a593Smuzhiyun printf("ftruncate(GROW) didn't fail as expected\n");
538*4882a593Smuzhiyun abort();
539*4882a593Smuzhiyun }
540*4882a593Smuzhiyun
541*4882a593Smuzhiyun r = fallocate(fd,
542*4882a593Smuzhiyun 0,
543*4882a593Smuzhiyun 0,
544*4882a593Smuzhiyun mfd_def_size * 4);
545*4882a593Smuzhiyun if (r >= 0) {
546*4882a593Smuzhiyun printf("fallocate(ALLOC) didn't fail as expected\n");
547*4882a593Smuzhiyun abort();
548*4882a593Smuzhiyun }
549*4882a593Smuzhiyun }
550*4882a593Smuzhiyun
mfd_assert_grow_write(int fd)551*4882a593Smuzhiyun static void mfd_assert_grow_write(int fd)
552*4882a593Smuzhiyun {
553*4882a593Smuzhiyun static char *buf;
554*4882a593Smuzhiyun ssize_t l;
555*4882a593Smuzhiyun
556*4882a593Smuzhiyun /* hugetlbfs does not support write */
557*4882a593Smuzhiyun if (hugetlbfs_test)
558*4882a593Smuzhiyun return;
559*4882a593Smuzhiyun
560*4882a593Smuzhiyun buf = malloc(mfd_def_size * 8);
561*4882a593Smuzhiyun if (!buf) {
562*4882a593Smuzhiyun printf("malloc(%zu) failed: %m\n", mfd_def_size * 8);
563*4882a593Smuzhiyun abort();
564*4882a593Smuzhiyun }
565*4882a593Smuzhiyun
566*4882a593Smuzhiyun l = pwrite(fd, buf, mfd_def_size * 8, 0);
567*4882a593Smuzhiyun if (l != (mfd_def_size * 8)) {
568*4882a593Smuzhiyun printf("pwrite() failed: %m\n");
569*4882a593Smuzhiyun abort();
570*4882a593Smuzhiyun }
571*4882a593Smuzhiyun
572*4882a593Smuzhiyun mfd_assert_size(fd, mfd_def_size * 8);
573*4882a593Smuzhiyun }
574*4882a593Smuzhiyun
mfd_fail_grow_write(int fd)575*4882a593Smuzhiyun static void mfd_fail_grow_write(int fd)
576*4882a593Smuzhiyun {
577*4882a593Smuzhiyun static char *buf;
578*4882a593Smuzhiyun ssize_t l;
579*4882a593Smuzhiyun
580*4882a593Smuzhiyun /* hugetlbfs does not support write */
581*4882a593Smuzhiyun if (hugetlbfs_test)
582*4882a593Smuzhiyun return;
583*4882a593Smuzhiyun
584*4882a593Smuzhiyun buf = malloc(mfd_def_size * 8);
585*4882a593Smuzhiyun if (!buf) {
586*4882a593Smuzhiyun printf("malloc(%zu) failed: %m\n", mfd_def_size * 8);
587*4882a593Smuzhiyun abort();
588*4882a593Smuzhiyun }
589*4882a593Smuzhiyun
590*4882a593Smuzhiyun l = pwrite(fd, buf, mfd_def_size * 8, 0);
591*4882a593Smuzhiyun if (l == (mfd_def_size * 8)) {
592*4882a593Smuzhiyun printf("pwrite() didn't fail as expected\n");
593*4882a593Smuzhiyun abort();
594*4882a593Smuzhiyun }
595*4882a593Smuzhiyun }
596*4882a593Smuzhiyun
idle_thread_fn(void * arg)597*4882a593Smuzhiyun static int idle_thread_fn(void *arg)
598*4882a593Smuzhiyun {
599*4882a593Smuzhiyun sigset_t set;
600*4882a593Smuzhiyun int sig;
601*4882a593Smuzhiyun
602*4882a593Smuzhiyun /* dummy waiter; SIGTERM terminates us anyway */
603*4882a593Smuzhiyun sigemptyset(&set);
604*4882a593Smuzhiyun sigaddset(&set, SIGTERM);
605*4882a593Smuzhiyun sigwait(&set, &sig);
606*4882a593Smuzhiyun
607*4882a593Smuzhiyun return 0;
608*4882a593Smuzhiyun }
609*4882a593Smuzhiyun
spawn_idle_thread(unsigned int flags)610*4882a593Smuzhiyun static pid_t spawn_idle_thread(unsigned int flags)
611*4882a593Smuzhiyun {
612*4882a593Smuzhiyun uint8_t *stack;
613*4882a593Smuzhiyun pid_t pid;
614*4882a593Smuzhiyun
615*4882a593Smuzhiyun stack = malloc(STACK_SIZE);
616*4882a593Smuzhiyun if (!stack) {
617*4882a593Smuzhiyun printf("malloc(STACK_SIZE) failed: %m\n");
618*4882a593Smuzhiyun abort();
619*4882a593Smuzhiyun }
620*4882a593Smuzhiyun
621*4882a593Smuzhiyun pid = clone(idle_thread_fn,
622*4882a593Smuzhiyun stack + STACK_SIZE,
623*4882a593Smuzhiyun SIGCHLD | flags,
624*4882a593Smuzhiyun NULL);
625*4882a593Smuzhiyun if (pid < 0) {
626*4882a593Smuzhiyun printf("clone() failed: %m\n");
627*4882a593Smuzhiyun abort();
628*4882a593Smuzhiyun }
629*4882a593Smuzhiyun
630*4882a593Smuzhiyun return pid;
631*4882a593Smuzhiyun }
632*4882a593Smuzhiyun
join_idle_thread(pid_t pid)633*4882a593Smuzhiyun static void join_idle_thread(pid_t pid)
634*4882a593Smuzhiyun {
635*4882a593Smuzhiyun kill(pid, SIGTERM);
636*4882a593Smuzhiyun waitpid(pid, NULL, 0);
637*4882a593Smuzhiyun }
638*4882a593Smuzhiyun
639*4882a593Smuzhiyun /*
640*4882a593Smuzhiyun * Test memfd_create() syscall
641*4882a593Smuzhiyun * Verify syscall-argument validation, including name checks, flag validation
642*4882a593Smuzhiyun * and more.
643*4882a593Smuzhiyun */
test_create(void)644*4882a593Smuzhiyun static void test_create(void)
645*4882a593Smuzhiyun {
646*4882a593Smuzhiyun char buf[2048];
647*4882a593Smuzhiyun int fd;
648*4882a593Smuzhiyun
649*4882a593Smuzhiyun printf("%s CREATE\n", memfd_str);
650*4882a593Smuzhiyun
651*4882a593Smuzhiyun /* test NULL name */
652*4882a593Smuzhiyun mfd_fail_new(NULL, 0);
653*4882a593Smuzhiyun
654*4882a593Smuzhiyun /* test over-long name (not zero-terminated) */
655*4882a593Smuzhiyun memset(buf, 0xff, sizeof(buf));
656*4882a593Smuzhiyun mfd_fail_new(buf, 0);
657*4882a593Smuzhiyun
658*4882a593Smuzhiyun /* test over-long zero-terminated name */
659*4882a593Smuzhiyun memset(buf, 0xff, sizeof(buf));
660*4882a593Smuzhiyun buf[sizeof(buf) - 1] = 0;
661*4882a593Smuzhiyun mfd_fail_new(buf, 0);
662*4882a593Smuzhiyun
663*4882a593Smuzhiyun /* verify "" is a valid name */
664*4882a593Smuzhiyun fd = mfd_assert_new("", 0, 0);
665*4882a593Smuzhiyun close(fd);
666*4882a593Smuzhiyun
667*4882a593Smuzhiyun /* verify invalid O_* open flags */
668*4882a593Smuzhiyun mfd_fail_new("", 0x0100);
669*4882a593Smuzhiyun mfd_fail_new("", ~MFD_CLOEXEC);
670*4882a593Smuzhiyun mfd_fail_new("", ~MFD_ALLOW_SEALING);
671*4882a593Smuzhiyun mfd_fail_new("", ~0);
672*4882a593Smuzhiyun mfd_fail_new("", 0x80000000U);
673*4882a593Smuzhiyun
674*4882a593Smuzhiyun /* verify MFD_CLOEXEC is allowed */
675*4882a593Smuzhiyun fd = mfd_assert_new("", 0, MFD_CLOEXEC);
676*4882a593Smuzhiyun close(fd);
677*4882a593Smuzhiyun
678*4882a593Smuzhiyun /* verify MFD_ALLOW_SEALING is allowed */
679*4882a593Smuzhiyun fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING);
680*4882a593Smuzhiyun close(fd);
681*4882a593Smuzhiyun
682*4882a593Smuzhiyun /* verify MFD_ALLOW_SEALING | MFD_CLOEXEC is allowed */
683*4882a593Smuzhiyun fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING | MFD_CLOEXEC);
684*4882a593Smuzhiyun close(fd);
685*4882a593Smuzhiyun }
686*4882a593Smuzhiyun
687*4882a593Smuzhiyun /*
688*4882a593Smuzhiyun * Test basic sealing
689*4882a593Smuzhiyun * A very basic sealing test to see whether setting/retrieving seals works.
690*4882a593Smuzhiyun */
test_basic(void)691*4882a593Smuzhiyun static void test_basic(void)
692*4882a593Smuzhiyun {
693*4882a593Smuzhiyun int fd;
694*4882a593Smuzhiyun
695*4882a593Smuzhiyun printf("%s BASIC\n", memfd_str);
696*4882a593Smuzhiyun
697*4882a593Smuzhiyun fd = mfd_assert_new("kern_memfd_basic",
698*4882a593Smuzhiyun mfd_def_size,
699*4882a593Smuzhiyun MFD_CLOEXEC | MFD_ALLOW_SEALING);
700*4882a593Smuzhiyun
701*4882a593Smuzhiyun /* add basic seals */
702*4882a593Smuzhiyun mfd_assert_has_seals(fd, 0);
703*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_SHRINK |
704*4882a593Smuzhiyun F_SEAL_WRITE);
705*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_SHRINK |
706*4882a593Smuzhiyun F_SEAL_WRITE);
707*4882a593Smuzhiyun
708*4882a593Smuzhiyun /* add them again */
709*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_SHRINK |
710*4882a593Smuzhiyun F_SEAL_WRITE);
711*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_SHRINK |
712*4882a593Smuzhiyun F_SEAL_WRITE);
713*4882a593Smuzhiyun
714*4882a593Smuzhiyun /* add more seals and seal against sealing */
715*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_GROW | F_SEAL_SEAL);
716*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_SHRINK |
717*4882a593Smuzhiyun F_SEAL_GROW |
718*4882a593Smuzhiyun F_SEAL_WRITE |
719*4882a593Smuzhiyun F_SEAL_SEAL);
720*4882a593Smuzhiyun
721*4882a593Smuzhiyun /* verify that sealing no longer works */
722*4882a593Smuzhiyun mfd_fail_add_seals(fd, F_SEAL_GROW);
723*4882a593Smuzhiyun mfd_fail_add_seals(fd, 0);
724*4882a593Smuzhiyun
725*4882a593Smuzhiyun close(fd);
726*4882a593Smuzhiyun
727*4882a593Smuzhiyun /* verify sealing does not work without MFD_ALLOW_SEALING */
728*4882a593Smuzhiyun fd = mfd_assert_new("kern_memfd_basic",
729*4882a593Smuzhiyun mfd_def_size,
730*4882a593Smuzhiyun MFD_CLOEXEC);
731*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_SEAL);
732*4882a593Smuzhiyun mfd_fail_add_seals(fd, F_SEAL_SHRINK |
733*4882a593Smuzhiyun F_SEAL_GROW |
734*4882a593Smuzhiyun F_SEAL_WRITE);
735*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_SEAL);
736*4882a593Smuzhiyun close(fd);
737*4882a593Smuzhiyun }
738*4882a593Smuzhiyun
739*4882a593Smuzhiyun /*
740*4882a593Smuzhiyun * Test SEAL_WRITE
741*4882a593Smuzhiyun * Test whether SEAL_WRITE actually prevents modifications.
742*4882a593Smuzhiyun */
test_seal_write(void)743*4882a593Smuzhiyun static void test_seal_write(void)
744*4882a593Smuzhiyun {
745*4882a593Smuzhiyun int fd;
746*4882a593Smuzhiyun
747*4882a593Smuzhiyun printf("%s SEAL-WRITE\n", memfd_str);
748*4882a593Smuzhiyun
749*4882a593Smuzhiyun fd = mfd_assert_new("kern_memfd_seal_write",
750*4882a593Smuzhiyun mfd_def_size,
751*4882a593Smuzhiyun MFD_CLOEXEC | MFD_ALLOW_SEALING);
752*4882a593Smuzhiyun mfd_assert_has_seals(fd, 0);
753*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_WRITE);
754*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_WRITE);
755*4882a593Smuzhiyun
756*4882a593Smuzhiyun mfd_assert_read(fd);
757*4882a593Smuzhiyun mfd_fail_write(fd);
758*4882a593Smuzhiyun mfd_assert_shrink(fd);
759*4882a593Smuzhiyun mfd_assert_grow(fd);
760*4882a593Smuzhiyun mfd_fail_grow_write(fd);
761*4882a593Smuzhiyun
762*4882a593Smuzhiyun close(fd);
763*4882a593Smuzhiyun }
764*4882a593Smuzhiyun
765*4882a593Smuzhiyun /*
766*4882a593Smuzhiyun * Test SEAL_FUTURE_WRITE
767*4882a593Smuzhiyun * Test whether SEAL_FUTURE_WRITE actually prevents modifications.
768*4882a593Smuzhiyun */
test_seal_future_write(void)769*4882a593Smuzhiyun static void test_seal_future_write(void)
770*4882a593Smuzhiyun {
771*4882a593Smuzhiyun int fd, fd2;
772*4882a593Smuzhiyun void *p;
773*4882a593Smuzhiyun
774*4882a593Smuzhiyun printf("%s SEAL-FUTURE-WRITE\n", memfd_str);
775*4882a593Smuzhiyun
776*4882a593Smuzhiyun fd = mfd_assert_new("kern_memfd_seal_future_write",
777*4882a593Smuzhiyun mfd_def_size,
778*4882a593Smuzhiyun MFD_CLOEXEC | MFD_ALLOW_SEALING);
779*4882a593Smuzhiyun
780*4882a593Smuzhiyun p = mfd_assert_mmap_shared(fd);
781*4882a593Smuzhiyun
782*4882a593Smuzhiyun mfd_assert_has_seals(fd, 0);
783*4882a593Smuzhiyun
784*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_FUTURE_WRITE);
785*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_FUTURE_WRITE);
786*4882a593Smuzhiyun
787*4882a593Smuzhiyun /* read should pass, writes should fail */
788*4882a593Smuzhiyun mfd_assert_read(fd);
789*4882a593Smuzhiyun mfd_assert_read_shared(fd);
790*4882a593Smuzhiyun mfd_fail_write(fd);
791*4882a593Smuzhiyun
792*4882a593Smuzhiyun fd2 = mfd_assert_reopen_fd(fd);
793*4882a593Smuzhiyun /* read should pass, writes should still fail */
794*4882a593Smuzhiyun mfd_assert_read(fd2);
795*4882a593Smuzhiyun mfd_assert_read_shared(fd2);
796*4882a593Smuzhiyun mfd_fail_write(fd2);
797*4882a593Smuzhiyun
798*4882a593Smuzhiyun mfd_assert_fork_private_write(fd);
799*4882a593Smuzhiyun
800*4882a593Smuzhiyun munmap(p, mfd_def_size);
801*4882a593Smuzhiyun close(fd2);
802*4882a593Smuzhiyun close(fd);
803*4882a593Smuzhiyun }
804*4882a593Smuzhiyun
805*4882a593Smuzhiyun /*
806*4882a593Smuzhiyun * Test SEAL_SHRINK
807*4882a593Smuzhiyun * Test whether SEAL_SHRINK actually prevents shrinking
808*4882a593Smuzhiyun */
test_seal_shrink(void)809*4882a593Smuzhiyun static void test_seal_shrink(void)
810*4882a593Smuzhiyun {
811*4882a593Smuzhiyun int fd;
812*4882a593Smuzhiyun
813*4882a593Smuzhiyun printf("%s SEAL-SHRINK\n", memfd_str);
814*4882a593Smuzhiyun
815*4882a593Smuzhiyun fd = mfd_assert_new("kern_memfd_seal_shrink",
816*4882a593Smuzhiyun mfd_def_size,
817*4882a593Smuzhiyun MFD_CLOEXEC | MFD_ALLOW_SEALING);
818*4882a593Smuzhiyun mfd_assert_has_seals(fd, 0);
819*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_SHRINK);
820*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_SHRINK);
821*4882a593Smuzhiyun
822*4882a593Smuzhiyun mfd_assert_read(fd);
823*4882a593Smuzhiyun mfd_assert_write(fd);
824*4882a593Smuzhiyun mfd_fail_shrink(fd);
825*4882a593Smuzhiyun mfd_assert_grow(fd);
826*4882a593Smuzhiyun mfd_assert_grow_write(fd);
827*4882a593Smuzhiyun
828*4882a593Smuzhiyun close(fd);
829*4882a593Smuzhiyun }
830*4882a593Smuzhiyun
831*4882a593Smuzhiyun /*
832*4882a593Smuzhiyun * Test SEAL_GROW
833*4882a593Smuzhiyun * Test whether SEAL_GROW actually prevents growing
834*4882a593Smuzhiyun */
test_seal_grow(void)835*4882a593Smuzhiyun static void test_seal_grow(void)
836*4882a593Smuzhiyun {
837*4882a593Smuzhiyun int fd;
838*4882a593Smuzhiyun
839*4882a593Smuzhiyun printf("%s SEAL-GROW\n", memfd_str);
840*4882a593Smuzhiyun
841*4882a593Smuzhiyun fd = mfd_assert_new("kern_memfd_seal_grow",
842*4882a593Smuzhiyun mfd_def_size,
843*4882a593Smuzhiyun MFD_CLOEXEC | MFD_ALLOW_SEALING);
844*4882a593Smuzhiyun mfd_assert_has_seals(fd, 0);
845*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_GROW);
846*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_GROW);
847*4882a593Smuzhiyun
848*4882a593Smuzhiyun mfd_assert_read(fd);
849*4882a593Smuzhiyun mfd_assert_write(fd);
850*4882a593Smuzhiyun mfd_assert_shrink(fd);
851*4882a593Smuzhiyun mfd_fail_grow(fd);
852*4882a593Smuzhiyun mfd_fail_grow_write(fd);
853*4882a593Smuzhiyun
854*4882a593Smuzhiyun close(fd);
855*4882a593Smuzhiyun }
856*4882a593Smuzhiyun
857*4882a593Smuzhiyun /*
858*4882a593Smuzhiyun * Test SEAL_SHRINK | SEAL_GROW
859*4882a593Smuzhiyun * Test whether SEAL_SHRINK | SEAL_GROW actually prevents resizing
860*4882a593Smuzhiyun */
test_seal_resize(void)861*4882a593Smuzhiyun static void test_seal_resize(void)
862*4882a593Smuzhiyun {
863*4882a593Smuzhiyun int fd;
864*4882a593Smuzhiyun
865*4882a593Smuzhiyun printf("%s SEAL-RESIZE\n", memfd_str);
866*4882a593Smuzhiyun
867*4882a593Smuzhiyun fd = mfd_assert_new("kern_memfd_seal_resize",
868*4882a593Smuzhiyun mfd_def_size,
869*4882a593Smuzhiyun MFD_CLOEXEC | MFD_ALLOW_SEALING);
870*4882a593Smuzhiyun mfd_assert_has_seals(fd, 0);
871*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_SHRINK | F_SEAL_GROW);
872*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_SHRINK | F_SEAL_GROW);
873*4882a593Smuzhiyun
874*4882a593Smuzhiyun mfd_assert_read(fd);
875*4882a593Smuzhiyun mfd_assert_write(fd);
876*4882a593Smuzhiyun mfd_fail_shrink(fd);
877*4882a593Smuzhiyun mfd_fail_grow(fd);
878*4882a593Smuzhiyun mfd_fail_grow_write(fd);
879*4882a593Smuzhiyun
880*4882a593Smuzhiyun close(fd);
881*4882a593Smuzhiyun }
882*4882a593Smuzhiyun
883*4882a593Smuzhiyun /*
884*4882a593Smuzhiyun * Test sharing via dup()
885*4882a593Smuzhiyun * Test that seals are shared between dupped FDs and they're all equal.
886*4882a593Smuzhiyun */
test_share_dup(char * banner,char * b_suffix)887*4882a593Smuzhiyun static void test_share_dup(char *banner, char *b_suffix)
888*4882a593Smuzhiyun {
889*4882a593Smuzhiyun int fd, fd2;
890*4882a593Smuzhiyun
891*4882a593Smuzhiyun printf("%s %s %s\n", memfd_str, banner, b_suffix);
892*4882a593Smuzhiyun
893*4882a593Smuzhiyun fd = mfd_assert_new("kern_memfd_share_dup",
894*4882a593Smuzhiyun mfd_def_size,
895*4882a593Smuzhiyun MFD_CLOEXEC | MFD_ALLOW_SEALING);
896*4882a593Smuzhiyun mfd_assert_has_seals(fd, 0);
897*4882a593Smuzhiyun
898*4882a593Smuzhiyun fd2 = mfd_assert_dup(fd);
899*4882a593Smuzhiyun mfd_assert_has_seals(fd2, 0);
900*4882a593Smuzhiyun
901*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_WRITE);
902*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_WRITE);
903*4882a593Smuzhiyun mfd_assert_has_seals(fd2, F_SEAL_WRITE);
904*4882a593Smuzhiyun
905*4882a593Smuzhiyun mfd_assert_add_seals(fd2, F_SEAL_SHRINK);
906*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
907*4882a593Smuzhiyun mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
908*4882a593Smuzhiyun
909*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_SEAL);
910*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
911*4882a593Smuzhiyun mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
912*4882a593Smuzhiyun
913*4882a593Smuzhiyun mfd_fail_add_seals(fd, F_SEAL_GROW);
914*4882a593Smuzhiyun mfd_fail_add_seals(fd2, F_SEAL_GROW);
915*4882a593Smuzhiyun mfd_fail_add_seals(fd, F_SEAL_SEAL);
916*4882a593Smuzhiyun mfd_fail_add_seals(fd2, F_SEAL_SEAL);
917*4882a593Smuzhiyun
918*4882a593Smuzhiyun close(fd2);
919*4882a593Smuzhiyun
920*4882a593Smuzhiyun mfd_fail_add_seals(fd, F_SEAL_GROW);
921*4882a593Smuzhiyun close(fd);
922*4882a593Smuzhiyun }
923*4882a593Smuzhiyun
924*4882a593Smuzhiyun /*
925*4882a593Smuzhiyun * Test sealing with active mmap()s
926*4882a593Smuzhiyun * Modifying seals is only allowed if no other mmap() refs exist.
927*4882a593Smuzhiyun */
test_share_mmap(char * banner,char * b_suffix)928*4882a593Smuzhiyun static void test_share_mmap(char *banner, char *b_suffix)
929*4882a593Smuzhiyun {
930*4882a593Smuzhiyun int fd;
931*4882a593Smuzhiyun void *p;
932*4882a593Smuzhiyun
933*4882a593Smuzhiyun printf("%s %s %s\n", memfd_str, banner, b_suffix);
934*4882a593Smuzhiyun
935*4882a593Smuzhiyun fd = mfd_assert_new("kern_memfd_share_mmap",
936*4882a593Smuzhiyun mfd_def_size,
937*4882a593Smuzhiyun MFD_CLOEXEC | MFD_ALLOW_SEALING);
938*4882a593Smuzhiyun mfd_assert_has_seals(fd, 0);
939*4882a593Smuzhiyun
940*4882a593Smuzhiyun /* shared/writable ref prevents sealing WRITE, but allows others */
941*4882a593Smuzhiyun p = mfd_assert_mmap_shared(fd);
942*4882a593Smuzhiyun mfd_fail_add_seals(fd, F_SEAL_WRITE);
943*4882a593Smuzhiyun mfd_assert_has_seals(fd, 0);
944*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_SHRINK);
945*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_SHRINK);
946*4882a593Smuzhiyun munmap(p, mfd_def_size);
947*4882a593Smuzhiyun
948*4882a593Smuzhiyun /* readable ref allows sealing */
949*4882a593Smuzhiyun p = mfd_assert_mmap_private(fd);
950*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_WRITE);
951*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
952*4882a593Smuzhiyun munmap(p, mfd_def_size);
953*4882a593Smuzhiyun
954*4882a593Smuzhiyun close(fd);
955*4882a593Smuzhiyun }
956*4882a593Smuzhiyun
957*4882a593Smuzhiyun /*
958*4882a593Smuzhiyun * Test sealing with open(/proc/self/fd/%d)
959*4882a593Smuzhiyun * Via /proc we can get access to a separate file-context for the same memfd.
960*4882a593Smuzhiyun * This is *not* like dup(), but like a real separate open(). Make sure the
961*4882a593Smuzhiyun * semantics are as expected and we correctly check for RDONLY / WRONLY / RDWR.
962*4882a593Smuzhiyun */
test_share_open(char * banner,char * b_suffix)963*4882a593Smuzhiyun static void test_share_open(char *banner, char *b_suffix)
964*4882a593Smuzhiyun {
965*4882a593Smuzhiyun int fd, fd2;
966*4882a593Smuzhiyun
967*4882a593Smuzhiyun printf("%s %s %s\n", memfd_str, banner, b_suffix);
968*4882a593Smuzhiyun
969*4882a593Smuzhiyun fd = mfd_assert_new("kern_memfd_share_open",
970*4882a593Smuzhiyun mfd_def_size,
971*4882a593Smuzhiyun MFD_CLOEXEC | MFD_ALLOW_SEALING);
972*4882a593Smuzhiyun mfd_assert_has_seals(fd, 0);
973*4882a593Smuzhiyun
974*4882a593Smuzhiyun fd2 = mfd_assert_open(fd, O_RDWR, 0);
975*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_WRITE);
976*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_WRITE);
977*4882a593Smuzhiyun mfd_assert_has_seals(fd2, F_SEAL_WRITE);
978*4882a593Smuzhiyun
979*4882a593Smuzhiyun mfd_assert_add_seals(fd2, F_SEAL_SHRINK);
980*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
981*4882a593Smuzhiyun mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
982*4882a593Smuzhiyun
983*4882a593Smuzhiyun close(fd);
984*4882a593Smuzhiyun fd = mfd_assert_open(fd2, O_RDONLY, 0);
985*4882a593Smuzhiyun
986*4882a593Smuzhiyun mfd_fail_add_seals(fd, F_SEAL_SEAL);
987*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
988*4882a593Smuzhiyun mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
989*4882a593Smuzhiyun
990*4882a593Smuzhiyun close(fd2);
991*4882a593Smuzhiyun fd2 = mfd_assert_open(fd, O_RDWR, 0);
992*4882a593Smuzhiyun
993*4882a593Smuzhiyun mfd_assert_add_seals(fd2, F_SEAL_SEAL);
994*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
995*4882a593Smuzhiyun mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
996*4882a593Smuzhiyun
997*4882a593Smuzhiyun close(fd2);
998*4882a593Smuzhiyun close(fd);
999*4882a593Smuzhiyun }
1000*4882a593Smuzhiyun
1001*4882a593Smuzhiyun /*
1002*4882a593Smuzhiyun * Test sharing via fork()
1003*4882a593Smuzhiyun * Test whether seal-modifications work as expected with forked childs.
1004*4882a593Smuzhiyun */
test_share_fork(char * banner,char * b_suffix)1005*4882a593Smuzhiyun static void test_share_fork(char *banner, char *b_suffix)
1006*4882a593Smuzhiyun {
1007*4882a593Smuzhiyun int fd;
1008*4882a593Smuzhiyun pid_t pid;
1009*4882a593Smuzhiyun
1010*4882a593Smuzhiyun printf("%s %s %s\n", memfd_str, banner, b_suffix);
1011*4882a593Smuzhiyun
1012*4882a593Smuzhiyun fd = mfd_assert_new("kern_memfd_share_fork",
1013*4882a593Smuzhiyun mfd_def_size,
1014*4882a593Smuzhiyun MFD_CLOEXEC | MFD_ALLOW_SEALING);
1015*4882a593Smuzhiyun mfd_assert_has_seals(fd, 0);
1016*4882a593Smuzhiyun
1017*4882a593Smuzhiyun pid = spawn_idle_thread(0);
1018*4882a593Smuzhiyun mfd_assert_add_seals(fd, F_SEAL_SEAL);
1019*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_SEAL);
1020*4882a593Smuzhiyun
1021*4882a593Smuzhiyun mfd_fail_add_seals(fd, F_SEAL_WRITE);
1022*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_SEAL);
1023*4882a593Smuzhiyun
1024*4882a593Smuzhiyun join_idle_thread(pid);
1025*4882a593Smuzhiyun
1026*4882a593Smuzhiyun mfd_fail_add_seals(fd, F_SEAL_WRITE);
1027*4882a593Smuzhiyun mfd_assert_has_seals(fd, F_SEAL_SEAL);
1028*4882a593Smuzhiyun
1029*4882a593Smuzhiyun close(fd);
1030*4882a593Smuzhiyun }
1031*4882a593Smuzhiyun
main(int argc,char ** argv)1032*4882a593Smuzhiyun int main(int argc, char **argv)
1033*4882a593Smuzhiyun {
1034*4882a593Smuzhiyun pid_t pid;
1035*4882a593Smuzhiyun
1036*4882a593Smuzhiyun if (argc == 2) {
1037*4882a593Smuzhiyun if (!strcmp(argv[1], "hugetlbfs")) {
1038*4882a593Smuzhiyun unsigned long hpage_size = default_huge_page_size();
1039*4882a593Smuzhiyun
1040*4882a593Smuzhiyun if (!hpage_size) {
1041*4882a593Smuzhiyun printf("Unable to determine huge page size\n");
1042*4882a593Smuzhiyun abort();
1043*4882a593Smuzhiyun }
1044*4882a593Smuzhiyun
1045*4882a593Smuzhiyun hugetlbfs_test = 1;
1046*4882a593Smuzhiyun memfd_str = MEMFD_HUGE_STR;
1047*4882a593Smuzhiyun mfd_def_size = hpage_size * 2;
1048*4882a593Smuzhiyun } else {
1049*4882a593Smuzhiyun printf("Unknown option: %s\n", argv[1]);
1050*4882a593Smuzhiyun abort();
1051*4882a593Smuzhiyun }
1052*4882a593Smuzhiyun }
1053*4882a593Smuzhiyun
1054*4882a593Smuzhiyun test_create();
1055*4882a593Smuzhiyun test_basic();
1056*4882a593Smuzhiyun
1057*4882a593Smuzhiyun test_seal_write();
1058*4882a593Smuzhiyun test_seal_future_write();
1059*4882a593Smuzhiyun test_seal_shrink();
1060*4882a593Smuzhiyun test_seal_grow();
1061*4882a593Smuzhiyun test_seal_resize();
1062*4882a593Smuzhiyun
1063*4882a593Smuzhiyun test_share_dup("SHARE-DUP", "");
1064*4882a593Smuzhiyun test_share_mmap("SHARE-MMAP", "");
1065*4882a593Smuzhiyun test_share_open("SHARE-OPEN", "");
1066*4882a593Smuzhiyun test_share_fork("SHARE-FORK", "");
1067*4882a593Smuzhiyun
1068*4882a593Smuzhiyun /* Run test-suite in a multi-threaded environment with a shared
1069*4882a593Smuzhiyun * file-table. */
1070*4882a593Smuzhiyun pid = spawn_idle_thread(CLONE_FILES | CLONE_FS | CLONE_VM);
1071*4882a593Smuzhiyun test_share_dup("SHARE-DUP", SHARED_FT_STR);
1072*4882a593Smuzhiyun test_share_mmap("SHARE-MMAP", SHARED_FT_STR);
1073*4882a593Smuzhiyun test_share_open("SHARE-OPEN", SHARED_FT_STR);
1074*4882a593Smuzhiyun test_share_fork("SHARE-FORK", SHARED_FT_STR);
1075*4882a593Smuzhiyun join_idle_thread(pid);
1076*4882a593Smuzhiyun
1077*4882a593Smuzhiyun printf("memfd: DONE\n");
1078*4882a593Smuzhiyun
1079*4882a593Smuzhiyun return 0;
1080*4882a593Smuzhiyun }
1081