Message ID | 20220401220834.307660-5-dverkamp@chromium.org |
---|---|
State | New |
Headers | show |
Series | mm/memfd: MFD_NOEXEC for memfd_create | expand |
On 4/1/22 4:08 PM, Daniel Verkamp wrote: > Tests that ensure MFD_NOEXEC memfds have the appropriate mode bits and > cannot be chmod-ed into being executable. > > Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> > --- > tools/testing/selftests/memfd/memfd_test.c | 34 ++++++++++++++++++++++ > 1 file changed, 34 insertions(+) > > diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c > index fdb0e46e9df9..a79567161cdf 100644 > --- a/tools/testing/selftests/memfd/memfd_test.c > +++ b/tools/testing/selftests/memfd/memfd_test.c > @@ -32,6 +32,10 @@ > #define F_SEAL_EXEC 0x0020 > #endif > > +#ifndef MFD_NOEXEC > +#define MFD_NOEXEC 0x0008U > +#endif > + > /* > * Default is not to test hugetlbfs > */ > @@ -959,6 +963,35 @@ static void test_seal_exec(void) > close(fd); > } > > +/* > + * Test memfd_create with MFD_NOEXEC flag > + * Test that MFD_NOEXEC applies F_SEAL_EXEC and prevents change of exec bits > + */ > +static void test_noexec(void) > +{ > + int fd; > + > + printf("%s NOEXEC\n", memfd_str); > + > + /* Create with NOEXEC and ALLOW_SEALING */ > + fd = mfd_assert_new("kern_memfd_noexec", > + mfd_def_size, > + MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_NOEXEC); Don't we need to check fd here? > + mfd_assert_mode(fd, 0666); > + mfd_assert_has_seals(fd, F_SEAL_EXEC); > + mfd_fail_chmod(fd, 0777); > + close(fd); > + > + /* Create with NOEXEC but without ALLOW_SEALING */ > + fd = mfd_assert_new("kern_memfd_noexec", > + mfd_def_size, > + MFD_CLOEXEC | MFD_NOEXEC); What happens when mfd_assert_new() fails - don't we need to check fd? > + mfd_assert_mode(fd, 0666); > + mfd_assert_has_seals(fd, F_SEAL_EXEC | F_SEAL_SEAL); > + mfd_fail_chmod(fd, 0777); > + close(fd); > +} > + > /* > * Test sharing via dup() > * Test that seals are shared between dupped FDs and they're all equal. > @@ -1132,6 +1165,7 @@ int main(int argc, char **argv) > > test_create(); > test_basic(); > + test_noexec(); > > test_seal_write(); > test_seal_future_write(); > fd isn't checked in the other test F_SEAL_EXEC in the 3/4 patch. thanks, -- Shuah
diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c index fdb0e46e9df9..a79567161cdf 100644 --- a/tools/testing/selftests/memfd/memfd_test.c +++ b/tools/testing/selftests/memfd/memfd_test.c @@ -32,6 +32,10 @@ #define F_SEAL_EXEC 0x0020 #endif +#ifndef MFD_NOEXEC +#define MFD_NOEXEC 0x0008U +#endif + /* * Default is not to test hugetlbfs */ @@ -959,6 +963,35 @@ static void test_seal_exec(void) close(fd); } +/* + * Test memfd_create with MFD_NOEXEC flag + * Test that MFD_NOEXEC applies F_SEAL_EXEC and prevents change of exec bits + */ +static void test_noexec(void) +{ + int fd; + + printf("%s NOEXEC\n", memfd_str); + + /* Create with NOEXEC and ALLOW_SEALING */ + fd = mfd_assert_new("kern_memfd_noexec", + mfd_def_size, + MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_NOEXEC); + mfd_assert_mode(fd, 0666); + mfd_assert_has_seals(fd, F_SEAL_EXEC); + mfd_fail_chmod(fd, 0777); + close(fd); + + /* Create with NOEXEC but without ALLOW_SEALING */ + fd = mfd_assert_new("kern_memfd_noexec", + mfd_def_size, + MFD_CLOEXEC | MFD_NOEXEC); + mfd_assert_mode(fd, 0666); + mfd_assert_has_seals(fd, F_SEAL_EXEC | F_SEAL_SEAL); + mfd_fail_chmod(fd, 0777); + close(fd); +} + /* * Test sharing via dup() * Test that seals are shared between dupped FDs and they're all equal. @@ -1132,6 +1165,7 @@ int main(int argc, char **argv) test_create(); test_basic(); + test_noexec(); test_seal_write(); test_seal_future_write();
Tests that ensure MFD_NOEXEC memfds have the appropriate mode bits and cannot be chmod-ed into being executable. Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> --- tools/testing/selftests/memfd/memfd_test.c | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+)