1 // SPDX-License-Identifier: GPL-2.0
3 #define __EXPORTED_HEADERS__
8 #include <linux/falloc.h>
10 #include <linux/memfd.h>
19 #include <sys/syscall.h>
26 #define MEMFD_STR "memfd:"
27 #define MEMFD_HUGE_STR "memfd-hugetlb:"
28 #define SHARED_FT_STR "(shared file-table)"
30 #define MFD_DEF_SIZE 8192
31 #define STACK_SIZE 65536
33 #define F_SEAL_EXEC 0x0020
35 #define F_WX_SEALS (F_SEAL_SHRINK | \
38 F_SEAL_FUTURE_WRITE | \
41 #define MFD_NOEXEC_SEAL 0x0008U
44 * Default is not to test hugetlbfs
46 static size_t mfd_def_size = MFD_DEF_SIZE;
47 static const char *memfd_str = MEMFD_STR;
49 static ssize_t fd2name(int fd, char *buf, size_t bufsize)
55 size = snprintf(buf1, PATH_MAX, "/proc/self/fd/%d", fd);
57 printf("snprintf(%d) failed on %m\n", fd);
62 * reserver one byte for string termination.
64 nbytes = readlink(buf1, buf, bufsize-1);
66 printf("readlink(%s) failed %m\n", buf1);
73 static int mfd_assert_new(const char *name, loff_t sz, unsigned int flags)
77 fd = sys_memfd_create(name, flags);
79 printf("memfd_create(\"%s\", %u) failed: %m\n",
84 r = ftruncate(fd, sz);
86 printf("ftruncate(%llu) failed: %m\n", (unsigned long long)sz);
93 static void sysctl_assert_write(const char *val)
95 int fd = open("/proc/sys/vm/memfd_noexec", O_WRONLY | O_CLOEXEC);
98 printf("open sysctl failed: %m\n");
102 if (write(fd, val, strlen(val)) < 0) {
103 printf("write sysctl %s failed: %m\n", val);
108 static void sysctl_fail_write(const char *val)
110 int fd = open("/proc/sys/vm/memfd_noexec", O_WRONLY | O_CLOEXEC);
113 printf("open sysctl failed: %m\n");
117 if (write(fd, val, strlen(val)) >= 0) {
118 printf("write sysctl %s succeeded, but failure expected\n",
124 static void sysctl_assert_equal(const char *val)
126 char *p, buf[128] = {};
127 int fd = open("/proc/sys/vm/memfd_noexec", O_RDONLY | O_CLOEXEC);
130 printf("open sysctl failed: %m\n");
134 if (read(fd, buf, sizeof(buf)) < 0) {
135 printf("read sysctl failed: %m\n");
139 /* Strip trailing whitespace. */
145 if (strcmp(buf, val) != 0) {
146 printf("unexpected sysctl value: expected %s, got %s\n", val, buf);
151 static int mfd_assert_reopen_fd(int fd_in)
156 sprintf(path, "/proc/self/fd/%d", fd_in);
158 fd = open(path, O_RDWR);
160 printf("re-open of existing fd %d failed\n", fd_in);
167 static void mfd_fail_new(const char *name, unsigned int flags)
171 r = sys_memfd_create(name, flags);
173 printf("memfd_create(\"%s\", %u) succeeded, but failure expected\n",
180 static unsigned int mfd_assert_get_seals(int fd)
184 r = fcntl(fd, F_GET_SEALS);
186 printf("GET_SEALS(%d) failed: %m\n", fd);
190 return (unsigned int)r;
193 static void mfd_assert_has_seals(int fd, unsigned int seals)
197 fd2name(fd, buf, PATH_MAX);
199 s = mfd_assert_get_seals(fd);
201 printf("%u != %u = GET_SEALS(%s)\n", seals, s, buf);
206 static void mfd_assert_add_seals(int fd, unsigned int seals)
211 s = mfd_assert_get_seals(fd);
212 r = fcntl(fd, F_ADD_SEALS, seals);
214 printf("ADD_SEALS(%d, %u -> %u) failed: %m\n", fd, s, seals);
219 static void mfd_fail_add_seals(int fd, unsigned int seals)
224 r = fcntl(fd, F_GET_SEALS);
230 r = fcntl(fd, F_ADD_SEALS, seals);
232 printf("ADD_SEALS(%d, %u -> %u) didn't fail as expected\n",
238 static void mfd_assert_size(int fd, size_t size)
245 printf("fstat(%d) failed: %m\n", fd);
247 } else if (st.st_size != size) {
248 printf("wrong file size %lld, but expected %lld\n",
249 (long long)st.st_size, (long long)size);
254 static int mfd_assert_dup(int fd)
260 printf("dup(%d) failed: %m\n", fd);
267 static void *mfd_assert_mmap_shared(int fd)
273 PROT_READ | PROT_WRITE,
277 if (p == MAP_FAILED) {
278 printf("mmap() failed: %m\n");
285 static void *mfd_assert_mmap_read_shared(int fd)
295 if (p == MAP_FAILED) {
296 printf("mmap() failed: %m\n");
303 static void *mfd_assert_mmap_private(int fd)
313 if (p == MAP_FAILED) {
314 printf("mmap() failed: %m\n");
321 static int mfd_assert_open(int fd, int flags, mode_t mode)
326 sprintf(buf, "/proc/self/fd/%d", fd);
327 r = open(buf, flags, mode);
329 printf("open(%s) failed: %m\n", buf);
336 static void mfd_fail_open(int fd, int flags, mode_t mode)
341 sprintf(buf, "/proc/self/fd/%d", fd);
342 r = open(buf, flags, mode);
344 printf("open(%s) didn't fail as expected\n", buf);
349 static void mfd_assert_read(int fd)
355 l = read(fd, buf, sizeof(buf));
356 if (l != sizeof(buf)) {
357 printf("read() failed: %m\n");
361 /* verify PROT_READ *is* allowed */
368 if (p == MAP_FAILED) {
369 printf("mmap() failed: %m\n");
372 munmap(p, mfd_def_size);
374 /* verify MAP_PRIVATE is *always* allowed (even writable) */
377 PROT_READ | PROT_WRITE,
381 if (p == MAP_FAILED) {
382 printf("mmap() failed: %m\n");
385 munmap(p, mfd_def_size);
388 /* Test that PROT_READ + MAP_SHARED mappings work. */
389 static void mfd_assert_read_shared(int fd)
393 /* verify PROT_READ and MAP_SHARED *is* allowed */
400 if (p == MAP_FAILED) {
401 printf("mmap() failed: %m\n");
404 munmap(p, mfd_def_size);
407 static void mfd_assert_fork_private_write(int fd)
414 PROT_READ | PROT_WRITE,
418 if (p == MAP_FAILED) {
419 printf("mmap() failed: %m\n");
430 waitpid(pid, NULL, 0);
433 printf("MAP_PRIVATE copy-on-write failed: %m\n");
438 munmap(p, mfd_def_size);
441 static void mfd_assert_write(int fd)
448 * huegtlbfs does not support write, but we want to
449 * verify everything else here.
451 if (!hugetlbfs_test) {
452 /* verify write() succeeds */
453 l = write(fd, "\0\0\0\0", 4);
455 printf("write() failed: %m\n");
460 /* verify PROT_READ | PROT_WRITE is allowed */
463 PROT_READ | PROT_WRITE,
467 if (p == MAP_FAILED) {
468 printf("mmap() failed: %m\n");
472 munmap(p, mfd_def_size);
474 /* verify PROT_WRITE is allowed */
481 if (p == MAP_FAILED) {
482 printf("mmap() failed: %m\n");
486 munmap(p, mfd_def_size);
488 /* verify PROT_READ with MAP_SHARED is allowed and a following
489 * mprotect(PROT_WRITE) allows writing */
496 if (p == MAP_FAILED) {
497 printf("mmap() failed: %m\n");
501 r = mprotect(p, mfd_def_size, PROT_READ | PROT_WRITE);
503 printf("mprotect() failed: %m\n");
508 munmap(p, mfd_def_size);
510 /* verify PUNCH_HOLE works */
512 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
516 printf("fallocate(PUNCH_HOLE) failed: %m\n");
521 static void mfd_fail_write(int fd)
527 /* verify write() fails */
528 l = write(fd, "data", 4);
530 printf("expected EPERM on write(), but got %d: %m\n", (int)l);
534 /* verify PROT_READ | PROT_WRITE is not allowed */
537 PROT_READ | PROT_WRITE,
541 if (p != MAP_FAILED) {
542 printf("mmap() didn't fail as expected\n");
546 /* verify PROT_WRITE is not allowed */
553 if (p != MAP_FAILED) {
554 printf("mmap() didn't fail as expected\n");
558 /* Verify PROT_READ with MAP_SHARED with a following mprotect is not
559 * allowed. Note that for r/w the kernel already prevents the mmap. */
566 if (p != MAP_FAILED) {
567 r = mprotect(p, mfd_def_size, PROT_READ | PROT_WRITE);
569 printf("mmap()+mprotect() didn't fail as expected\n");
572 munmap(p, mfd_def_size);
575 /* verify PUNCH_HOLE fails */
577 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
581 printf("fallocate(PUNCH_HOLE) didn't fail as expected\n");
586 static void mfd_assert_shrink(int fd)
590 r = ftruncate(fd, mfd_def_size / 2);
592 printf("ftruncate(SHRINK) failed: %m\n");
596 mfd_assert_size(fd, mfd_def_size / 2);
598 fd2 = mfd_assert_open(fd,
599 O_RDWR | O_CREAT | O_TRUNC,
603 mfd_assert_size(fd, 0);
606 static void mfd_fail_shrink(int fd)
610 r = ftruncate(fd, mfd_def_size / 2);
612 printf("ftruncate(SHRINK) didn't fail as expected\n");
617 O_RDWR | O_CREAT | O_TRUNC,
621 static void mfd_assert_grow(int fd)
625 r = ftruncate(fd, mfd_def_size * 2);
627 printf("ftruncate(GROW) failed: %m\n");
631 mfd_assert_size(fd, mfd_def_size * 2);
638 printf("fallocate(ALLOC) failed: %m\n");
642 mfd_assert_size(fd, mfd_def_size * 4);
645 static void mfd_fail_grow(int fd)
649 r = ftruncate(fd, mfd_def_size * 2);
651 printf("ftruncate(GROW) didn't fail as expected\n");
660 printf("fallocate(ALLOC) didn't fail as expected\n");
665 static void mfd_assert_grow_write(int fd)
670 /* hugetlbfs does not support write */
674 buf = malloc(mfd_def_size * 8);
676 printf("malloc(%zu) failed: %m\n", mfd_def_size * 8);
680 l = pwrite(fd, buf, mfd_def_size * 8, 0);
681 if (l != (mfd_def_size * 8)) {
682 printf("pwrite() failed: %m\n");
686 mfd_assert_size(fd, mfd_def_size * 8);
689 static void mfd_fail_grow_write(int fd)
694 /* hugetlbfs does not support write */
698 buf = malloc(mfd_def_size * 8);
700 printf("malloc(%zu) failed: %m\n", mfd_def_size * 8);
704 l = pwrite(fd, buf, mfd_def_size * 8, 0);
705 if (l == (mfd_def_size * 8)) {
706 printf("pwrite() didn't fail as expected\n");
711 static void mfd_assert_mode(int fd, int mode)
716 fd2name(fd, buf, PATH_MAX);
718 if (fstat(fd, &st) < 0) {
719 printf("fstat(%s) failed: %m\n", buf);
723 if ((st.st_mode & 07777) != mode) {
724 printf("fstat(%s) wrong file mode 0%04o, but expected 0%04o\n",
725 buf, (int)st.st_mode & 07777, mode);
730 static void mfd_assert_chmod(int fd, int mode)
734 fd2name(fd, buf, PATH_MAX);
736 if (fchmod(fd, mode) < 0) {
737 printf("fchmod(%s, 0%04o) failed: %m\n", buf, mode);
741 mfd_assert_mode(fd, mode);
744 static void mfd_fail_chmod(int fd, int mode)
749 fd2name(fd, buf, PATH_MAX);
751 if (fstat(fd, &st) < 0) {
752 printf("fstat(%s) failed: %m\n", buf);
756 if (fchmod(fd, mode) == 0) {
757 printf("fchmod(%s, 0%04o) didn't fail as expected\n",
762 /* verify that file mode bits did not change */
763 mfd_assert_mode(fd, st.st_mode & 07777);
766 static int idle_thread_fn(void *arg)
771 /* dummy waiter; SIGTERM terminates us anyway */
773 sigaddset(&set, SIGTERM);
779 static pid_t spawn_thread(unsigned int flags, int (*fn)(void *), void *arg)
784 stack = malloc(STACK_SIZE);
786 printf("malloc(STACK_SIZE) failed: %m\n");
790 pid = clone(fn, stack + STACK_SIZE, SIGCHLD | flags, arg);
792 printf("clone() failed: %m\n");
799 static void join_thread(pid_t pid)
803 if (waitpid(pid, &wstatus, 0) < 0) {
804 printf("newpid thread: waitpid() failed: %m\n");
808 if (WIFEXITED(wstatus) && WEXITSTATUS(wstatus) != 0) {
809 printf("newpid thread: exited with non-zero error code %d\n",
810 WEXITSTATUS(wstatus));
814 if (WIFSIGNALED(wstatus)) {
815 printf("newpid thread: killed by signal %d\n",
821 static pid_t spawn_idle_thread(unsigned int flags)
823 return spawn_thread(flags, idle_thread_fn, NULL);
826 static void join_idle_thread(pid_t pid)
829 waitpid(pid, NULL, 0);
833 * Test memfd_create() syscall
834 * Verify syscall-argument validation, including name checks, flag validation
837 static void test_create(void)
842 printf("%s CREATE\n", memfd_str);
845 mfd_fail_new(NULL, 0);
847 /* test over-long name (not zero-terminated) */
848 memset(buf, 0xff, sizeof(buf));
849 mfd_fail_new(buf, 0);
851 /* test over-long zero-terminated name */
852 memset(buf, 0xff, sizeof(buf));
853 buf[sizeof(buf) - 1] = 0;
854 mfd_fail_new(buf, 0);
856 /* verify "" is a valid name */
857 fd = mfd_assert_new("", 0, 0);
860 /* verify invalid O_* open flags */
861 mfd_fail_new("", 0x0100);
862 mfd_fail_new("", ~MFD_CLOEXEC);
863 mfd_fail_new("", ~MFD_ALLOW_SEALING);
864 mfd_fail_new("", ~0);
865 mfd_fail_new("", 0x80000000U);
867 /* verify EXEC and NOEXEC_SEAL can't both be set */
868 mfd_fail_new("", MFD_EXEC | MFD_NOEXEC_SEAL);
870 /* verify MFD_CLOEXEC is allowed */
871 fd = mfd_assert_new("", 0, MFD_CLOEXEC);
874 /* verify MFD_ALLOW_SEALING is allowed */
875 fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING);
878 /* verify MFD_ALLOW_SEALING | MFD_CLOEXEC is allowed */
879 fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING | MFD_CLOEXEC);
885 * A very basic sealing test to see whether setting/retrieving seals works.
887 static void test_basic(void)
891 printf("%s BASIC\n", memfd_str);
893 fd = mfd_assert_new("kern_memfd_basic",
895 MFD_CLOEXEC | MFD_ALLOW_SEALING);
897 /* add basic seals */
898 mfd_assert_has_seals(fd, 0);
899 mfd_assert_add_seals(fd, F_SEAL_SHRINK |
901 mfd_assert_has_seals(fd, F_SEAL_SHRINK |
905 mfd_assert_add_seals(fd, F_SEAL_SHRINK |
907 mfd_assert_has_seals(fd, F_SEAL_SHRINK |
910 /* add more seals and seal against sealing */
911 mfd_assert_add_seals(fd, F_SEAL_GROW | F_SEAL_SEAL);
912 mfd_assert_has_seals(fd, F_SEAL_SHRINK |
917 /* verify that sealing no longer works */
918 mfd_fail_add_seals(fd, F_SEAL_GROW);
919 mfd_fail_add_seals(fd, 0);
923 /* verify sealing does not work without MFD_ALLOW_SEALING */
924 fd = mfd_assert_new("kern_memfd_basic",
927 mfd_assert_has_seals(fd, F_SEAL_SEAL);
928 mfd_fail_add_seals(fd, F_SEAL_SHRINK |
931 mfd_assert_has_seals(fd, F_SEAL_SEAL);
937 * Test whether SEAL_WRITE actually prevents modifications.
939 static void test_seal_write(void)
943 printf("%s SEAL-WRITE\n", memfd_str);
945 fd = mfd_assert_new("kern_memfd_seal_write",
947 MFD_CLOEXEC | MFD_ALLOW_SEALING);
948 mfd_assert_has_seals(fd, 0);
949 mfd_assert_add_seals(fd, F_SEAL_WRITE);
950 mfd_assert_has_seals(fd, F_SEAL_WRITE);
954 mfd_assert_shrink(fd);
956 mfd_fail_grow_write(fd);
962 * Test SEAL_FUTURE_WRITE
963 * Test whether SEAL_FUTURE_WRITE actually prevents modifications.
965 static void test_seal_future_write(void)
970 printf("%s SEAL-FUTURE-WRITE\n", memfd_str);
972 fd = mfd_assert_new("kern_memfd_seal_future_write",
974 MFD_CLOEXEC | MFD_ALLOW_SEALING);
976 p = mfd_assert_mmap_shared(fd);
978 mfd_assert_has_seals(fd, 0);
980 mfd_assert_add_seals(fd, F_SEAL_FUTURE_WRITE);
981 mfd_assert_has_seals(fd, F_SEAL_FUTURE_WRITE);
983 /* read should pass, writes should fail */
985 mfd_assert_read_shared(fd);
988 fd2 = mfd_assert_reopen_fd(fd);
989 /* read should pass, writes should still fail */
990 mfd_assert_read(fd2);
991 mfd_assert_read_shared(fd2);
994 mfd_assert_fork_private_write(fd);
996 munmap(p, mfd_def_size);
1001 static void test_seal_write_map_read_shared(void)
1006 printf("%s SEAL-WRITE-MAP-READ\n", memfd_str);
1008 fd = mfd_assert_new("kern_memfd_seal_write_map_read",
1010 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1012 mfd_assert_add_seals(fd, F_SEAL_WRITE);
1013 mfd_assert_has_seals(fd, F_SEAL_WRITE);
1015 p = mfd_assert_mmap_read_shared(fd);
1017 mfd_assert_read(fd);
1018 mfd_assert_read_shared(fd);
1021 munmap(p, mfd_def_size);
1027 * Test whether SEAL_SHRINK actually prevents shrinking
1029 static void test_seal_shrink(void)
1033 printf("%s SEAL-SHRINK\n", memfd_str);
1035 fd = mfd_assert_new("kern_memfd_seal_shrink",
1037 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1038 mfd_assert_has_seals(fd, 0);
1039 mfd_assert_add_seals(fd, F_SEAL_SHRINK);
1040 mfd_assert_has_seals(fd, F_SEAL_SHRINK);
1042 mfd_assert_read(fd);
1043 mfd_assert_write(fd);
1044 mfd_fail_shrink(fd);
1045 mfd_assert_grow(fd);
1046 mfd_assert_grow_write(fd);
1053 * Test whether SEAL_GROW actually prevents growing
1055 static void test_seal_grow(void)
1059 printf("%s SEAL-GROW\n", memfd_str);
1061 fd = mfd_assert_new("kern_memfd_seal_grow",
1063 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1064 mfd_assert_has_seals(fd, 0);
1065 mfd_assert_add_seals(fd, F_SEAL_GROW);
1066 mfd_assert_has_seals(fd, F_SEAL_GROW);
1068 mfd_assert_read(fd);
1069 mfd_assert_write(fd);
1070 mfd_assert_shrink(fd);
1072 mfd_fail_grow_write(fd);
1078 * Test SEAL_SHRINK | SEAL_GROW
1079 * Test whether SEAL_SHRINK | SEAL_GROW actually prevents resizing
1081 static void test_seal_resize(void)
1085 printf("%s SEAL-RESIZE\n", memfd_str);
1087 fd = mfd_assert_new("kern_memfd_seal_resize",
1089 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1090 mfd_assert_has_seals(fd, 0);
1091 mfd_assert_add_seals(fd, F_SEAL_SHRINK | F_SEAL_GROW);
1092 mfd_assert_has_seals(fd, F_SEAL_SHRINK | F_SEAL_GROW);
1094 mfd_assert_read(fd);
1095 mfd_assert_write(fd);
1096 mfd_fail_shrink(fd);
1098 mfd_fail_grow_write(fd);
1105 * Test fd is created with exec and allow sealing.
1106 * chmod() cannot change x bits after sealing.
1108 static void test_exec_seal(void)
1112 printf("%s SEAL-EXEC\n", memfd_str);
1114 printf("%s Apply SEAL_EXEC\n", memfd_str);
1115 fd = mfd_assert_new("kern_memfd_seal_exec",
1117 MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_EXEC);
1119 mfd_assert_mode(fd, 0777);
1120 mfd_assert_chmod(fd, 0644);
1122 mfd_assert_has_seals(fd, 0);
1123 mfd_assert_add_seals(fd, F_SEAL_EXEC);
1124 mfd_assert_has_seals(fd, F_SEAL_EXEC);
1126 mfd_assert_chmod(fd, 0600);
1127 mfd_fail_chmod(fd, 0777);
1128 mfd_fail_chmod(fd, 0670);
1129 mfd_fail_chmod(fd, 0605);
1130 mfd_fail_chmod(fd, 0700);
1131 mfd_fail_chmod(fd, 0100);
1132 mfd_assert_chmod(fd, 0666);
1133 mfd_assert_write(fd);
1136 printf("%s Apply ALL_SEALS\n", memfd_str);
1137 fd = mfd_assert_new("kern_memfd_seal_exec",
1139 MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_EXEC);
1141 mfd_assert_mode(fd, 0777);
1142 mfd_assert_chmod(fd, 0700);
1144 mfd_assert_has_seals(fd, 0);
1145 mfd_assert_add_seals(fd, F_SEAL_EXEC);
1146 mfd_assert_has_seals(fd, F_WX_SEALS);
1148 mfd_fail_chmod(fd, 0711);
1149 mfd_fail_chmod(fd, 0600);
1156 * Test fd is created with exec and not allow sealing.
1158 static void test_exec_no_seal(void)
1162 printf("%s EXEC_NO_SEAL\n", memfd_str);
1164 /* Create with EXEC but without ALLOW_SEALING */
1165 fd = mfd_assert_new("kern_memfd_exec_no_sealing",
1167 MFD_CLOEXEC | MFD_EXEC);
1168 mfd_assert_mode(fd, 0777);
1169 mfd_assert_has_seals(fd, F_SEAL_SEAL);
1170 mfd_assert_chmod(fd, 0666);
1175 * Test memfd_create with MFD_NOEXEC flag
1177 static void test_noexec_seal(void)
1181 printf("%s NOEXEC_SEAL\n", memfd_str);
1183 /* Create with NOEXEC and ALLOW_SEALING */
1184 fd = mfd_assert_new("kern_memfd_noexec",
1186 MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_NOEXEC_SEAL);
1187 mfd_assert_mode(fd, 0666);
1188 mfd_assert_has_seals(fd, F_SEAL_EXEC);
1189 mfd_fail_chmod(fd, 0777);
1192 /* Create with NOEXEC but without ALLOW_SEALING */
1193 fd = mfd_assert_new("kern_memfd_noexec",
1195 MFD_CLOEXEC | MFD_NOEXEC_SEAL);
1196 mfd_assert_mode(fd, 0666);
1197 mfd_assert_has_seals(fd, F_SEAL_EXEC);
1198 mfd_fail_chmod(fd, 0777);
1202 static void test_sysctl_sysctl0(void)
1206 sysctl_assert_equal("0");
1208 fd = mfd_assert_new("kern_memfd_sysctl_0_dfl",
1210 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1211 mfd_assert_mode(fd, 0777);
1212 mfd_assert_has_seals(fd, 0);
1213 mfd_assert_chmod(fd, 0644);
1217 static void test_sysctl_set_sysctl0(void)
1219 sysctl_assert_write("0");
1220 test_sysctl_sysctl0();
1223 static void test_sysctl_sysctl1(void)
1227 sysctl_assert_equal("1");
1229 fd = mfd_assert_new("kern_memfd_sysctl_1_dfl",
1231 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1232 mfd_assert_mode(fd, 0666);
1233 mfd_assert_has_seals(fd, F_SEAL_EXEC);
1234 mfd_fail_chmod(fd, 0777);
1237 fd = mfd_assert_new("kern_memfd_sysctl_1_exec",
1239 MFD_CLOEXEC | MFD_EXEC | MFD_ALLOW_SEALING);
1240 mfd_assert_mode(fd, 0777);
1241 mfd_assert_has_seals(fd, 0);
1242 mfd_assert_chmod(fd, 0644);
1245 fd = mfd_assert_new("kern_memfd_sysctl_1_noexec",
1247 MFD_CLOEXEC | MFD_NOEXEC_SEAL | MFD_ALLOW_SEALING);
1248 mfd_assert_mode(fd, 0666);
1249 mfd_assert_has_seals(fd, F_SEAL_EXEC);
1250 mfd_fail_chmod(fd, 0777);
1254 static void test_sysctl_set_sysctl1(void)
1256 sysctl_assert_write("1");
1257 test_sysctl_sysctl1();
1260 static void test_sysctl_sysctl2(void)
1264 sysctl_assert_equal("2");
1266 fd = mfd_assert_new("kern_memfd_sysctl_2_dfl",
1268 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1269 mfd_assert_mode(fd, 0666);
1270 mfd_assert_has_seals(fd, F_SEAL_EXEC);
1271 mfd_fail_chmod(fd, 0777);
1274 mfd_fail_new("kern_memfd_sysctl_2_exec",
1275 MFD_CLOEXEC | MFD_EXEC | MFD_ALLOW_SEALING);
1277 fd = mfd_assert_new("kern_memfd_sysctl_2_noexec",
1279 MFD_CLOEXEC | MFD_NOEXEC_SEAL | MFD_ALLOW_SEALING);
1280 mfd_assert_mode(fd, 0666);
1281 mfd_assert_has_seals(fd, F_SEAL_EXEC);
1282 mfd_fail_chmod(fd, 0777);
1286 static void test_sysctl_set_sysctl2(void)
1288 sysctl_assert_write("2");
1289 test_sysctl_sysctl2();
1292 static int sysctl_simple_child(void *arg)
1294 printf("%s sysctl 0\n", memfd_str);
1295 test_sysctl_set_sysctl0();
1297 printf("%s sysctl 1\n", memfd_str);
1298 test_sysctl_set_sysctl1();
1300 printf("%s sysctl 0\n", memfd_str);
1301 test_sysctl_set_sysctl0();
1303 printf("%s sysctl 2\n", memfd_str);
1304 test_sysctl_set_sysctl2();
1306 printf("%s sysctl 1\n", memfd_str);
1307 test_sysctl_set_sysctl1();
1309 printf("%s sysctl 0\n", memfd_str);
1310 test_sysctl_set_sysctl0();
1317 * A very basic test to make sure the core sysctl semantics work.
1319 static void test_sysctl_simple(void)
1321 int pid = spawn_thread(CLONE_NEWPID, sysctl_simple_child, NULL);
1326 static int sysctl_nested(void *arg)
1328 void (*fn)(void) = arg;
1334 static int sysctl_nested_wait(void *arg)
1336 /* Wait for a SIGCONT. */
1337 kill(getpid(), SIGSTOP);
1338 return sysctl_nested(arg);
1341 static void test_sysctl_sysctl1_failset(void)
1343 sysctl_fail_write("0");
1344 test_sysctl_sysctl1();
1347 static void test_sysctl_sysctl2_failset(void)
1349 sysctl_fail_write("1");
1350 test_sysctl_sysctl2();
1352 sysctl_fail_write("0");
1353 test_sysctl_sysctl2();
1356 static int sysctl_nested_child(void *arg)
1360 printf("%s nested sysctl 0\n", memfd_str);
1361 sysctl_assert_write("0");
1362 /* A further nested pidns works the same. */
1363 pid = spawn_thread(CLONE_NEWPID, sysctl_simple_child, NULL);
1366 printf("%s nested sysctl 1\n", memfd_str);
1367 sysctl_assert_write("1");
1368 /* Child inherits our setting. */
1369 pid = spawn_thread(CLONE_NEWPID, sysctl_nested, test_sysctl_sysctl1);
1371 /* Child cannot raise the setting. */
1372 pid = spawn_thread(CLONE_NEWPID, sysctl_nested,
1373 test_sysctl_sysctl1_failset);
1375 /* Child can lower the setting. */
1376 pid = spawn_thread(CLONE_NEWPID, sysctl_nested,
1377 test_sysctl_set_sysctl2);
1379 /* Child lowering the setting has no effect on our setting. */
1380 test_sysctl_sysctl1();
1382 printf("%s nested sysctl 2\n", memfd_str);
1383 sysctl_assert_write("2");
1384 /* Child inherits our setting. */
1385 pid = spawn_thread(CLONE_NEWPID, sysctl_nested, test_sysctl_sysctl2);
1387 /* Child cannot raise the setting. */
1388 pid = spawn_thread(CLONE_NEWPID, sysctl_nested,
1389 test_sysctl_sysctl2_failset);
1392 /* Verify that the rules are actually inherited after fork. */
1393 printf("%s nested sysctl 0 -> 1 after fork\n", memfd_str);
1394 sysctl_assert_write("0");
1396 pid = spawn_thread(CLONE_NEWPID, sysctl_nested_wait,
1397 test_sysctl_sysctl1_failset);
1398 sysctl_assert_write("1");
1402 printf("%s nested sysctl 0 -> 2 after fork\n", memfd_str);
1403 sysctl_assert_write("0");
1405 pid = spawn_thread(CLONE_NEWPID, sysctl_nested_wait,
1406 test_sysctl_sysctl2_failset);
1407 sysctl_assert_write("2");
1412 * Verify that the current effective setting is saved on fork, meaning
1413 * that the parent lowering the sysctl doesn't affect already-forked
1416 printf("%s nested sysctl 2 -> 1 after fork\n", memfd_str);
1417 sysctl_assert_write("2");
1418 pid = spawn_thread(CLONE_NEWPID, sysctl_nested_wait,
1419 test_sysctl_sysctl2);
1420 sysctl_assert_write("1");
1424 printf("%s nested sysctl 2 -> 0 after fork\n", memfd_str);
1425 sysctl_assert_write("2");
1426 pid = spawn_thread(CLONE_NEWPID, sysctl_nested_wait,
1427 test_sysctl_sysctl2);
1428 sysctl_assert_write("0");
1432 printf("%s nested sysctl 1 -> 0 after fork\n", memfd_str);
1433 sysctl_assert_write("1");
1434 pid = spawn_thread(CLONE_NEWPID, sysctl_nested_wait,
1435 test_sysctl_sysctl1);
1436 sysctl_assert_write("0");
1444 * Test sysctl with nested pid namespaces
1445 * Make sure that the sysctl nesting semantics work correctly.
1447 static void test_sysctl_nested(void)
1449 int pid = spawn_thread(CLONE_NEWPID, sysctl_nested_child, NULL);
1455 * Test sharing via dup()
1456 * Test that seals are shared between dupped FDs and they're all equal.
1458 static void test_share_dup(char *banner, char *b_suffix)
1462 printf("%s %s %s\n", memfd_str, banner, b_suffix);
1464 fd = mfd_assert_new("kern_memfd_share_dup",
1466 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1467 mfd_assert_has_seals(fd, 0);
1469 fd2 = mfd_assert_dup(fd);
1470 mfd_assert_has_seals(fd2, 0);
1472 mfd_assert_add_seals(fd, F_SEAL_WRITE);
1473 mfd_assert_has_seals(fd, F_SEAL_WRITE);
1474 mfd_assert_has_seals(fd2, F_SEAL_WRITE);
1476 mfd_assert_add_seals(fd2, F_SEAL_SHRINK);
1477 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
1478 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
1480 mfd_assert_add_seals(fd, F_SEAL_SEAL);
1481 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
1482 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
1484 mfd_fail_add_seals(fd, F_SEAL_GROW);
1485 mfd_fail_add_seals(fd2, F_SEAL_GROW);
1486 mfd_fail_add_seals(fd, F_SEAL_SEAL);
1487 mfd_fail_add_seals(fd2, F_SEAL_SEAL);
1491 mfd_fail_add_seals(fd, F_SEAL_GROW);
1496 * Test sealing with active mmap()s
1497 * Modifying seals is only allowed if no other mmap() refs exist.
1499 static void test_share_mmap(char *banner, char *b_suffix)
1504 printf("%s %s %s\n", memfd_str, banner, b_suffix);
1506 fd = mfd_assert_new("kern_memfd_share_mmap",
1508 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1509 mfd_assert_has_seals(fd, 0);
1511 /* shared/writable ref prevents sealing WRITE, but allows others */
1512 p = mfd_assert_mmap_shared(fd);
1513 mfd_fail_add_seals(fd, F_SEAL_WRITE);
1514 mfd_assert_has_seals(fd, 0);
1515 mfd_assert_add_seals(fd, F_SEAL_SHRINK);
1516 mfd_assert_has_seals(fd, F_SEAL_SHRINK);
1517 munmap(p, mfd_def_size);
1519 /* readable ref allows sealing */
1520 p = mfd_assert_mmap_private(fd);
1521 mfd_assert_add_seals(fd, F_SEAL_WRITE);
1522 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
1523 munmap(p, mfd_def_size);
1529 * Test sealing with open(/proc/self/fd/%d)
1530 * Via /proc we can get access to a separate file-context for the same memfd.
1531 * This is *not* like dup(), but like a real separate open(). Make sure the
1532 * semantics are as expected and we correctly check for RDONLY / WRONLY / RDWR.
1534 static void test_share_open(char *banner, char *b_suffix)
1538 printf("%s %s %s\n", memfd_str, banner, b_suffix);
1540 fd = mfd_assert_new("kern_memfd_share_open",
1542 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1543 mfd_assert_has_seals(fd, 0);
1545 fd2 = mfd_assert_open(fd, O_RDWR, 0);
1546 mfd_assert_add_seals(fd, F_SEAL_WRITE);
1547 mfd_assert_has_seals(fd, F_SEAL_WRITE);
1548 mfd_assert_has_seals(fd2, F_SEAL_WRITE);
1550 mfd_assert_add_seals(fd2, F_SEAL_SHRINK);
1551 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
1552 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
1555 fd = mfd_assert_open(fd2, O_RDONLY, 0);
1557 mfd_fail_add_seals(fd, F_SEAL_SEAL);
1558 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
1559 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
1562 fd2 = mfd_assert_open(fd, O_RDWR, 0);
1564 mfd_assert_add_seals(fd2, F_SEAL_SEAL);
1565 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
1566 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
1573 * Test sharing via fork()
1574 * Test whether seal-modifications work as expected with forked children.
1576 static void test_share_fork(char *banner, char *b_suffix)
1581 printf("%s %s %s\n", memfd_str, banner, b_suffix);
1583 fd = mfd_assert_new("kern_memfd_share_fork",
1585 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1586 mfd_assert_has_seals(fd, 0);
1588 pid = spawn_idle_thread(0);
1589 mfd_assert_add_seals(fd, F_SEAL_SEAL);
1590 mfd_assert_has_seals(fd, F_SEAL_SEAL);
1592 mfd_fail_add_seals(fd, F_SEAL_WRITE);
1593 mfd_assert_has_seals(fd, F_SEAL_SEAL);
1595 join_idle_thread(pid);
1597 mfd_fail_add_seals(fd, F_SEAL_WRITE);
1598 mfd_assert_has_seals(fd, F_SEAL_SEAL);
1603 static bool pid_ns_supported(void)
1605 return access("/proc/self/ns/pid", F_OK) == 0;
1608 int main(int argc, char **argv)
1613 if (!strcmp(argv[1], "hugetlbfs")) {
1614 unsigned long hpage_size = default_huge_page_size();
1617 printf("Unable to determine huge page size\n");
1622 memfd_str = MEMFD_HUGE_STR;
1623 mfd_def_size = hpage_size * 2;
1625 printf("Unknown option: %s\n", argv[1]);
1633 test_exec_no_seal();
1637 test_seal_future_write();
1638 test_seal_write_map_read_shared();
1643 if (pid_ns_supported()) {
1644 test_sysctl_simple();
1645 test_sysctl_nested();
1647 printf("PID namespaces are not supported; skipping sysctl tests\n");
1650 test_share_dup("SHARE-DUP", "");
1651 test_share_mmap("SHARE-MMAP", "");
1652 test_share_open("SHARE-OPEN", "");
1653 test_share_fork("SHARE-FORK", "");
1655 /* Run test-suite in a multi-threaded environment with a shared
1657 pid = spawn_idle_thread(CLONE_FILES | CLONE_FS | CLONE_VM);
1658 test_share_dup("SHARE-DUP", SHARED_FT_STR);
1659 test_share_mmap("SHARE-MMAP", SHARED_FT_STR);
1660 test_share_open("SHARE-OPEN", SHARED_FT_STR);
1661 test_share_fork("SHARE-FORK", SHARED_FT_STR);
1662 join_idle_thread(pid);
1664 printf("memfd: DONE\n");
projects / J-linux.git / blob