memfd_secret.c source code [linux/tools/testing/selftests/mm/memfd_secret.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* Copyright IBM Corporation, 2021
4	*
5	* Author: Mike Rapoport <rppt@linux.ibm.com>
6	*/
7
8	#define _GNU_SOURCE
9	#include <sys/uio.h>
10	#include <sys/mman.h>
11	#include <sys/wait.h>
12	#include <sys/types.h>
13	#include <sys/ptrace.h>
14	#include <sys/syscall.h>
15	#include <sys/resource.h>
16	#include <sys/capability.h>
17
18	#include <stdlib.h>
19	#include <string.h>
20	#include <unistd.h>
21	#include <errno.h>
22	#include <stdio.h>
23
24	#include "../kselftest.h"
25
26	#define fail(fmt, ...) ksft_test_result_fail(fmt, ##__VA_ARGS__)
27	#define pass(fmt, ...) ksft_test_result_pass(fmt, ##__VA_ARGS__)
28	#define skip(fmt, ...) ksft_test_result_skip(fmt, ##__VA_ARGS__)
29
30	#ifdef __NR_memfd_secret
31
32	#define PATTERN 0x55
33
34	static const int prot = PROT_READ \| PROT_WRITE;
35	static const int mode = MAP_SHARED;
36
37	static unsigned long page_size;
38	static unsigned long mlock_limit_cur;
39	static unsigned long mlock_limit_max;
40
41	static int memfd_secret(unsigned int flags)
42	{
43	return syscall(__NR_memfd_secret, flags);
44	}
45
46	static void test_file_apis(int fd)
47	{
48	char buf[`64`];
49
50	if ((read(fd, buf, sizeof(buf)) >= `0`) \|\|
51	(write(fd, buf, sizeof(buf)) >= `0`) \|\|
52	(pread(fd, buf, sizeof(buf), `0`) >= `0`) \|\|
53	(pwrite(fd, buf, sizeof(buf), `0`) >= `0`))
54	fail("unexpected file IO\n");
55	else
56	pass("file IO is blocked as expected\n");
57	}
58
59	static void test_mlock_limit(int fd)
60	{
61	size_t len;
62	char *mem;
63
64	len = mlock_limit_cur;
65	if (len % page_size != `0`)
66	len = (len/page_size) * page_size;
67
68	mem = mmap(NULL, len, prot, mode, fd, `0`);
69	if (mem == MAP_FAILED) {
70	fail("unable to mmap secret memory\n");
71	return;
72	}
73	munmap(mem, len);
74
75	len = mlock_limit_max * `2`;
76	mem = mmap(NULL, len, prot, mode, fd, `0`);
77	if (mem != MAP_FAILED) {
78	fail("unexpected mlock limit violation\n");
79	munmap(mem, len);
80	return;
81	}
82
83	pass("mlock limit is respected\n");
84	}
85
86	static void try_process_vm_read(int fd, int pipefd[`2`])
87	{
88	struct iovec liov, riov;
89	char buf[`64`];
90	char *mem;
91
92	if (read(pipefd[`0`], &mem, sizeof(mem)) < `0`) {
93	fail("pipe write: %s\n", strerror(errno));
94	exit(KSFT_FAIL);
95	}
96
97	liov.iov_len = riov.iov_len = sizeof(buf);
98	liov.iov_base = buf;
99	riov.iov_base = mem;
100
101	if (process_vm_readv(getppid(), &liov, `1`, &riov, `1`, `0`) < `0`) {
102	if (errno == ENOSYS)
103	exit(KSFT_SKIP);
104	exit(KSFT_PASS);
105	}
106
107	exit(KSFT_FAIL);
108	}
109
110	static void try_ptrace(int fd, int pipefd[`2`])
111	{
112	pid_t ppid = getppid();
113	int status;
114	char *mem;
115	long ret;
116
117	if (read(pipefd[`0`], &mem, sizeof(mem)) < `0`) {
118	perror("pipe write");
119	exit(KSFT_FAIL);
120	}
121
122	ret = ptrace(PTRACE_ATTACH, ppid, `0`, `0`);
123	if (ret) {
124	perror("ptrace_attach");
125	exit(KSFT_FAIL);
126	}
127
128	ret = waitpid(ppid, &status, WUNTRACED);
129	if ((ret != ppid) \|\| !(WIFSTOPPED(status))) {
130	fprintf(stderr, "weird waitppid result %ld stat %x\n",
131	ret, status);
132	exit(KSFT_FAIL);
133	}
134
135	if (ptrace(PTRACE_PEEKDATA, ppid, mem, `0`))
136	exit(KSFT_PASS);
137
138	exit(KSFT_FAIL);
139	}
140
141	static void check_child_status(pid_t pid, const char *name)
142	{
143	int status;
144
145	waitpid(pid, &status, `0`);
146
147	if (WIFEXITED(status) && WEXITSTATUS(status) == KSFT_SKIP) {
148	skip("%s is not supported\n", name);
149	return;
150	}
151
152	if ((WIFEXITED(status) && WEXITSTATUS(status) == KSFT_PASS) \|\|
153	WIFSIGNALED(status)) {
154	pass("%s is blocked as expected\n", name);
155	return;
156	}
157
158	fail("%s: unexpected memory access\n", name);
159	}
160
161	static void test_remote_access(int fd, const char *name,
162	void (func)(int* fd, int pipefd[`2`]))
163	{
164	int pipefd[`2`];
165	pid_t pid;
166	char *mem;
167
168	if (pipe(pipefd)) {
169	fail("pipe failed: %s\n", strerror(errno));
170	return;
171	}
172
173	pid = fork();
174	if (pid < `0`) {
175	fail("fork failed: %s\n", strerror(errno));
176	return;
177	}
178
179	if (pid == `0`) {
180	func(fd, pipefd);
181	return;
182	}
183
184	mem = mmap(NULL, page_size, prot, mode, fd, `0`);
185	if (mem == MAP_FAILED) {
186	fail("Unable to mmap secret memory\n");
187	return;
188	}
189
190	ftruncate(fd, page_size);
191	memset(mem, PATTERN, page_size);
192
193	if (write(pipefd[`1`], &mem, sizeof(mem)) < `0`) {
194	fail("pipe write: %s\n", strerror(errno));
195	return;
196	}
197
198	check_child_status(pid, name);
199	}
200
201	static void test_process_vm_read(int fd)
202	{
203	test_remote_access(fd, "process_vm_read", try_process_vm_read);
204	}
205
206	static void test_ptrace(int fd)
207	{
208	test_remote_access(fd, "ptrace", try_ptrace);
209	}
210
211	static int set_cap_limits(rlim_t max)
212	{
213	struct rlimit new;
214	cap_t cap = cap_init();
215
216	new.rlim_cur = max;
217	new.rlim_max = max;
218	if (setrlimit(RLIMIT_MEMLOCK, &new)) {
219	perror("setrlimit() returns error");
220	return -`1`;
221	}
222
223	/ drop capabilities including CAP_IPC_LOCK /
224	if (cap_set_proc(cap)) {
225	perror("cap_set_proc() returns error");
226	return -`2`;
227	}
228
229	return `0`;
230	}
231
232	static void prepare(void)
233	{
234	struct rlimit rlim;
235
236	page_size = sysconf(_SC_PAGE_SIZE);
237	if (!page_size)
238	ksft_exit_fail_msg("Failed to get page size %s\n",
239	strerror(errno));
240
241	if (getrlimit(RLIMIT_MEMLOCK, &rlim))
242	ksft_exit_fail_msg("Unable to detect mlock limit: %s\n",
243	strerror(errno));
244
245	mlock_limit_cur = rlim.rlim_cur;
246	mlock_limit_max = rlim.rlim_max;
247
248	printf("page_size: %ld, mlock.soft: %ld, mlock.hard: %ld\n",
249	page_size, mlock_limit_cur, mlock_limit_max);
250
251	if (page_size > mlock_limit_cur)
252	mlock_limit_cur = page_size;
253	if (page_size > mlock_limit_max)
254	mlock_limit_max = page_size;
255
256	if (set_cap_limits(mlock_limit_max))
257	ksft_exit_fail_msg("Unable to set mlock limit: %s\n",
258	strerror(errno));
259	}
260
261	#define NUM_TESTS 4
262
263	int main(int argc, char *argv[])
264	{
265	int fd;
266
267	prepare();
268
269	ksft_print_header();
270	ksft_set_plan(NUM_TESTS);
271
272	fd = memfd_secret(`0`);
273	if (fd < `0`) {
274	if (errno == ENOSYS)
275	ksft_exit_skip("memfd_secret is not supported\n");
276	else
277	ksft_exit_fail_msg("memfd_secret failed: %s\n",
278	strerror(errno));
279	}
280
281	test_mlock_limit(fd);
282	test_file_apis(fd);
283	test_process_vm_read(fd);
284	test_ptrace(fd);
285
286	close(fd);
287
288	ksft_finished();
289	}
290
291	#else /* __NR_memfd_secret */
292
293	int main(int argc, char *argv[])
294	{
295	printf("skip: skipping memfd_secret test (missing __NR_memfd_secret)\n");
296	return KSFT_SKIP;
297	}
298
299	#endif /* __NR_memfd_secret */
300

source code of linux/tools/testing/selftests/mm/memfd_secret.c