1 // SPDX-License-Identifier: GPL-2.0 2 #define _GNU_SOURCE 3 #define __EXPORTED_HEADERS__ 4 5 #include <errno.h> 6 #include <inttypes.h> 7 #include <limits.h> 8 #include <linux/falloc.h> 9 #include <fcntl.h> 10 #include <linux/memfd.h> 11 #include <sched.h> 12 #include <stdio.h> 13 #include <stdlib.h> 14 #include <signal.h> 15 #include <string.h> 16 #include <sys/mman.h> 17 #include <sys/stat.h> 18 #include <sys/syscall.h> 19 #include <sys/wait.h> 20 #include <unistd.h> 21 22 #include "common.h" 23 24 #define MEMFD_STR "memfd:" 25 #define MEMFD_HUGE_STR "memfd-hugetlb:" 26 #define SHARED_FT_STR "(shared file-table)" 27 28 #define MFD_DEF_SIZE 8192 29 #define STACK_SIZE 65536 30 31 /* 32 * Default is not to test hugetlbfs 33 */ 34 static size_t mfd_def_size = MFD_DEF_SIZE; 35 static const char *memfd_str = MEMFD_STR; 36 37 static int mfd_assert_new(const char *name, loff_t sz, unsigned int flags) 38 { 39 int r, fd; 40 41 fd = sys_memfd_create(name, flags); 42 if (fd < 0) { 43 printf("memfd_create(\"%s\", %u) failed: %m\n", 44 name, flags); 45 abort(); 46 } 47 48 r = ftruncate(fd, sz); 49 if (r < 0) { 50 printf("ftruncate(%llu) failed: %m\n", (unsigned long long)sz); 51 abort(); 52 } 53 54 return fd; 55 } 56 57 static int mfd_assert_reopen_fd(int fd_in) 58 { 59 int fd; 60 char path[100]; 61 62 sprintf(path, "/proc/self/fd/%d", fd_in); 63 64 fd = open(path, O_RDWR); 65 if (fd < 0) { 66 printf("re-open of existing fd %d failed\n", fd_in); 67 abort(); 68 } 69 70 return fd; 71 } 72 73 static void mfd_fail_new(const char *name, unsigned int flags) 74 { 75 int r; 76 77 r = sys_memfd_create(name, flags); 78 if (r >= 0) { 79 printf("memfd_create(\"%s\", %u) succeeded, but failure expected\n", 80 name, flags); 81 close(r); 82 abort(); 83 } 84 } 85 86 static unsigned int mfd_assert_get_seals(int fd) 87 { 88 int r; 89 90 r = fcntl(fd, F_GET_SEALS); 91 if (r < 0) { 92 printf("GET_SEALS(%d) failed: %m\n", fd); 93 abort(); 94 } 95 96 return (unsigned int)r; 97 } 98 99 static void mfd_assert_has_seals(int fd, unsigned int seals) 100 { 101 unsigned int s; 102 103 s = mfd_assert_get_seals(fd); 104 if (s != seals) { 105 printf("%u != %u = GET_SEALS(%d)\n", seals, s, fd); 106 abort(); 107 } 108 } 109 110 static void mfd_assert_add_seals(int fd, unsigned int seals) 111 { 112 int r; 113 unsigned int s; 114 115 s = mfd_assert_get_seals(fd); 116 r = fcntl(fd, F_ADD_SEALS, seals); 117 if (r < 0) { 118 printf("ADD_SEALS(%d, %u -> %u) failed: %m\n", fd, s, seals); 119 abort(); 120 } 121 } 122 123 static void mfd_fail_add_seals(int fd, unsigned int seals) 124 { 125 int r; 126 unsigned int s; 127 128 r = fcntl(fd, F_GET_SEALS); 129 if (r < 0) 130 s = 0; 131 else 132 s = (unsigned int)r; 133 134 r = fcntl(fd, F_ADD_SEALS, seals); 135 if (r >= 0) { 136 printf("ADD_SEALS(%d, %u -> %u) didn't fail as expected\n", 137 fd, s, seals); 138 abort(); 139 } 140 } 141 142 static void mfd_assert_size(int fd, size_t size) 143 { 144 struct stat st; 145 int r; 146 147 r = fstat(fd, &st); 148 if (r < 0) { 149 printf("fstat(%d) failed: %m\n", fd); 150 abort(); 151 } else if (st.st_size != size) { 152 printf("wrong file size %lld, but expected %lld\n", 153 (long long)st.st_size, (long long)size); 154 abort(); 155 } 156 } 157 158 static int mfd_assert_dup(int fd) 159 { 160 int r; 161 162 r = dup(fd); 163 if (r < 0) { 164 printf("dup(%d) failed: %m\n", fd); 165 abort(); 166 } 167 168 return r; 169 } 170 171 static void *mfd_assert_mmap_shared(int fd) 172 { 173 void *p; 174 175 p = mmap(NULL, 176 mfd_def_size, 177 PROT_READ | PROT_WRITE, 178 MAP_SHARED, 179 fd, 180 0); 181 if (p == MAP_FAILED) { 182 printf("mmap() failed: %m\n"); 183 abort(); 184 } 185 186 return p; 187 } 188 189 static void *mfd_assert_mmap_private(int fd) 190 { 191 void *p; 192 193 p = mmap(NULL, 194 mfd_def_size, 195 PROT_READ, 196 MAP_PRIVATE, 197 fd, 198 0); 199 if (p == MAP_FAILED) { 200 printf("mmap() failed: %m\n"); 201 abort(); 202 } 203 204 return p; 205 } 206 207 static int mfd_assert_open(int fd, int flags, mode_t mode) 208 { 209 char buf[512]; 210 int r; 211 212 sprintf(buf, "/proc/self/fd/%d", fd); 213 r = open(buf, flags, mode); 214 if (r < 0) { 215 printf("open(%s) failed: %m\n", buf); 216 abort(); 217 } 218 219 return r; 220 } 221 222 static void mfd_fail_open(int fd, int flags, mode_t mode) 223 { 224 char buf[512]; 225 int r; 226 227 sprintf(buf, "/proc/self/fd/%d", fd); 228 r = open(buf, flags, mode); 229 if (r >= 0) { 230 printf("open(%s) didn't fail as expected\n", buf); 231 abort(); 232 } 233 } 234 235 static void mfd_assert_read(int fd) 236 { 237 char buf[16]; 238 void *p; 239 ssize_t l; 240 241 l = read(fd, buf, sizeof(buf)); 242 if (l != sizeof(buf)) { 243 printf("read() failed: %m\n"); 244 abort(); 245 } 246 247 /* verify PROT_READ *is* allowed */ 248 p = mmap(NULL, 249 mfd_def_size, 250 PROT_READ, 251 MAP_PRIVATE, 252 fd, 253 0); 254 if (p == MAP_FAILED) { 255 printf("mmap() failed: %m\n"); 256 abort(); 257 } 258 munmap(p, mfd_def_size); 259 260 /* verify MAP_PRIVATE is *always* allowed (even writable) */ 261 p = mmap(NULL, 262 mfd_def_size, 263 PROT_READ | PROT_WRITE, 264 MAP_PRIVATE, 265 fd, 266 0); 267 if (p == MAP_FAILED) { 268 printf("mmap() failed: %m\n"); 269 abort(); 270 } 271 munmap(p, mfd_def_size); 272 } 273 274 /* Test that PROT_READ + MAP_SHARED mappings work. */ 275 static void mfd_assert_read_shared(int fd) 276 { 277 void *p; 278 279 /* verify PROT_READ and MAP_SHARED *is* allowed */ 280 p = mmap(NULL, 281 mfd_def_size, 282 PROT_READ, 283 MAP_SHARED, 284 fd, 285 0); 286 if (p == MAP_FAILED) { 287 printf("mmap() failed: %m\n"); 288 abort(); 289 } 290 munmap(p, mfd_def_size); 291 } 292 293 static void mfd_assert_fork_private_write(int fd) 294 { 295 int *p; 296 pid_t pid; 297 298 p = mmap(NULL, 299 mfd_def_size, 300 PROT_READ | PROT_WRITE, 301 MAP_PRIVATE, 302 fd, 303 0); 304 if (p == MAP_FAILED) { 305 printf("mmap() failed: %m\n"); 306 abort(); 307 } 308 309 p[0] = 22; 310 311 pid = fork(); 312 if (pid == 0) { 313 p[0] = 33; 314 exit(0); 315 } else { 316 waitpid(pid, NULL, 0); 317 318 if (p[0] != 22) { 319 printf("MAP_PRIVATE copy-on-write failed: %m\n"); 320 abort(); 321 } 322 } 323 324 munmap(p, mfd_def_size); 325 } 326 327 static void mfd_assert_write(int fd) 328 { 329 ssize_t l; 330 void *p; 331 int r; 332 333 /* 334 * huegtlbfs does not support write, but we want to 335 * verify everything else here. 336 */ 337 if (!hugetlbfs_test) { 338 /* verify write() succeeds */ 339 l = write(fd, "\0\0\0\0", 4); 340 if (l != 4) { 341 printf("write() failed: %m\n"); 342 abort(); 343 } 344 } 345 346 /* verify PROT_READ | PROT_WRITE is allowed */ 347 p = mmap(NULL, 348 mfd_def_size, 349 PROT_READ | PROT_WRITE, 350 MAP_SHARED, 351 fd, 352 0); 353 if (p == MAP_FAILED) { 354 printf("mmap() failed: %m\n"); 355 abort(); 356 } 357 *(char *)p = 0; 358 munmap(p, mfd_def_size); 359 360 /* verify PROT_WRITE is allowed */ 361 p = mmap(NULL, 362 mfd_def_size, 363 PROT_WRITE, 364 MAP_SHARED, 365 fd, 366 0); 367 if (p == MAP_FAILED) { 368 printf("mmap() failed: %m\n"); 369 abort(); 370 } 371 *(char *)p = 0; 372 munmap(p, mfd_def_size); 373 374 /* verify PROT_READ with MAP_SHARED is allowed and a following 375 * mprotect(PROT_WRITE) allows writing */ 376 p = mmap(NULL, 377 mfd_def_size, 378 PROT_READ, 379 MAP_SHARED, 380 fd, 381 0); 382 if (p == MAP_FAILED) { 383 printf("mmap() failed: %m\n"); 384 abort(); 385 } 386 387 r = mprotect(p, mfd_def_size, PROT_READ | PROT_WRITE); 388 if (r < 0) { 389 printf("mprotect() failed: %m\n"); 390 abort(); 391 } 392 393 *(char *)p = 0; 394 munmap(p, mfd_def_size); 395 396 /* verify PUNCH_HOLE works */ 397 r = fallocate(fd, 398 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, 399 0, 400 mfd_def_size); 401 if (r < 0) { 402 printf("fallocate(PUNCH_HOLE) failed: %m\n"); 403 abort(); 404 } 405 } 406 407 static void mfd_fail_write(int fd) 408 { 409 ssize_t l; 410 void *p; 411 int r; 412 413 /* verify write() fails */ 414 l = write(fd, "data", 4); 415 if (l != -EPERM) { 416 printf("expected EPERM on write(), but got %d: %m\n", (int)l); 417 abort(); 418 } 419 420 /* verify PROT_READ | PROT_WRITE is not allowed */ 421 p = mmap(NULL, 422 mfd_def_size, 423 PROT_READ | PROT_WRITE, 424 MAP_SHARED, 425 fd, 426 0); 427 if (p != MAP_FAILED) { 428 printf("mmap() didn't fail as expected\n"); 429 abort(); 430 } 431 432 /* verify PROT_WRITE is not allowed */ 433 p = mmap(NULL, 434 mfd_def_size, 435 PROT_WRITE, 436 MAP_SHARED, 437 fd, 438 0); 439 if (p != MAP_FAILED) { 440 printf("mmap() didn't fail as expected\n"); 441 abort(); 442 } 443 444 /* Verify PROT_READ with MAP_SHARED with a following mprotect is not 445 * allowed. Note that for r/w the kernel already prevents the mmap. */ 446 p = mmap(NULL, 447 mfd_def_size, 448 PROT_READ, 449 MAP_SHARED, 450 fd, 451 0); 452 if (p != MAP_FAILED) { 453 r = mprotect(p, mfd_def_size, PROT_READ | PROT_WRITE); 454 if (r >= 0) { 455 printf("mmap()+mprotect() didn't fail as expected\n"); 456 abort(); 457 } 458 } 459 460 /* verify PUNCH_HOLE fails */ 461 r = fallocate(fd, 462 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, 463 0, 464 mfd_def_size); 465 if (r >= 0) { 466 printf("fallocate(PUNCH_HOLE) didn't fail as expected\n"); 467 abort(); 468 } 469 } 470 471 static void mfd_assert_shrink(int fd) 472 { 473 int r, fd2; 474 475 r = ftruncate(fd, mfd_def_size / 2); 476 if (r < 0) { 477 printf("ftruncate(SHRINK) failed: %m\n"); 478 abort(); 479 } 480 481 mfd_assert_size(fd, mfd_def_size / 2); 482 483 fd2 = mfd_assert_open(fd, 484 O_RDWR | O_CREAT | O_TRUNC, 485 S_IRUSR | S_IWUSR); 486 close(fd2); 487 488 mfd_assert_size(fd, 0); 489 } 490 491 static void mfd_fail_shrink(int fd) 492 { 493 int r; 494 495 r = ftruncate(fd, mfd_def_size / 2); 496 if (r >= 0) { 497 printf("ftruncate(SHRINK) didn't fail as expected\n"); 498 abort(); 499 } 500 501 mfd_fail_open(fd, 502 O_RDWR | O_CREAT | O_TRUNC, 503 S_IRUSR | S_IWUSR); 504 } 505 506 static void mfd_assert_grow(int fd) 507 { 508 int r; 509 510 r = ftruncate(fd, mfd_def_size * 2); 511 if (r < 0) { 512 printf("ftruncate(GROW) failed: %m\n"); 513 abort(); 514 } 515 516 mfd_assert_size(fd, mfd_def_size * 2); 517 518 r = fallocate(fd, 519 0, 520 0, 521 mfd_def_size * 4); 522 if (r < 0) { 523 printf("fallocate(ALLOC) failed: %m\n"); 524 abort(); 525 } 526 527 mfd_assert_size(fd, mfd_def_size * 4); 528 } 529 530 static void mfd_fail_grow(int fd) 531 { 532 int r; 533 534 r = ftruncate(fd, mfd_def_size * 2); 535 if (r >= 0) { 536 printf("ftruncate(GROW) didn't fail as expected\n"); 537 abort(); 538 } 539 540 r = fallocate(fd, 541 0, 542 0, 543 mfd_def_size * 4); 544 if (r >= 0) { 545 printf("fallocate(ALLOC) didn't fail as expected\n"); 546 abort(); 547 } 548 } 549 550 static void mfd_assert_grow_write(int fd) 551 { 552 static char *buf; 553 ssize_t l; 554 555 /* hugetlbfs does not support write */ 556 if (hugetlbfs_test) 557 return; 558 559 buf = malloc(mfd_def_size * 8); 560 if (!buf) { 561 printf("malloc(%zu) failed: %m\n", mfd_def_size * 8); 562 abort(); 563 } 564 565 l = pwrite(fd, buf, mfd_def_size * 8, 0); 566 if (l != (mfd_def_size * 8)) { 567 printf("pwrite() failed: %m\n"); 568 abort(); 569 } 570 571 mfd_assert_size(fd, mfd_def_size * 8); 572 } 573 574 static void mfd_fail_grow_write(int fd) 575 { 576 static char *buf; 577 ssize_t l; 578 579 /* hugetlbfs does not support write */ 580 if (hugetlbfs_test) 581 return; 582 583 buf = malloc(mfd_def_size * 8); 584 if (!buf) { 585 printf("malloc(%zu) failed: %m\n", mfd_def_size * 8); 586 abort(); 587 } 588 589 l = pwrite(fd, buf, mfd_def_size * 8, 0); 590 if (l == (mfd_def_size * 8)) { 591 printf("pwrite() didn't fail as expected\n"); 592 abort(); 593 } 594 } 595 596 static int idle_thread_fn(void *arg) 597 { 598 sigset_t set; 599 int sig; 600 601 /* dummy waiter; SIGTERM terminates us anyway */ 602 sigemptyset(&set); 603 sigaddset(&set, SIGTERM); 604 sigwait(&set, &sig); 605 606 return 0; 607 } 608 609 static pid_t spawn_idle_thread(unsigned int flags) 610 { 611 uint8_t *stack; 612 pid_t pid; 613 614 stack = malloc(STACK_SIZE); 615 if (!stack) { 616 printf("malloc(STACK_SIZE) failed: %m\n"); 617 abort(); 618 } 619 620 pid = clone(idle_thread_fn, 621 stack + STACK_SIZE, 622 SIGCHLD | flags, 623 NULL); 624 if (pid < 0) { 625 printf("clone() failed: %m\n"); 626 abort(); 627 } 628 629 return pid; 630 } 631 632 static void join_idle_thread(pid_t pid) 633 { 634 kill(pid, SIGTERM); 635 waitpid(pid, NULL, 0); 636 } 637 638 /* 639 * Test memfd_create() syscall 640 * Verify syscall-argument validation, including name checks, flag validation 641 * and more. 642 */ 643 static void test_create(void) 644 { 645 char buf[2048]; 646 int fd; 647 648 printf("%s CREATE\n", memfd_str); 649 650 /* test NULL name */ 651 mfd_fail_new(NULL, 0); 652 653 /* test over-long name (not zero-terminated) */ 654 memset(buf, 0xff, sizeof(buf)); 655 mfd_fail_new(buf, 0); 656 657 /* test over-long zero-terminated name */ 658 memset(buf, 0xff, sizeof(buf)); 659 buf[sizeof(buf) - 1] = 0; 660 mfd_fail_new(buf, 0); 661 662 /* verify "" is a valid name */ 663 fd = mfd_assert_new("", 0, 0); 664 close(fd); 665 666 /* verify invalid O_* open flags */ 667 mfd_fail_new("", 0x0100); 668 mfd_fail_new("", ~MFD_CLOEXEC); 669 mfd_fail_new("", ~MFD_ALLOW_SEALING); 670 mfd_fail_new("", ~0); 671 mfd_fail_new("", 0x80000000U); 672 673 /* verify MFD_CLOEXEC is allowed */ 674 fd = mfd_assert_new("", 0, MFD_CLOEXEC); 675 close(fd); 676 677 /* verify MFD_ALLOW_SEALING is allowed */ 678 fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING); 679 close(fd); 680 681 /* verify MFD_ALLOW_SEALING | MFD_CLOEXEC is allowed */ 682 fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING | MFD_CLOEXEC); 683 close(fd); 684 } 685 686 /* 687 * Test basic sealing 688 * A very basic sealing test to see whether setting/retrieving seals works. 689 */ 690 static void test_basic(void) 691 { 692 int fd; 693 694 printf("%s BASIC\n", memfd_str); 695 696 fd = mfd_assert_new("kern_memfd_basic", 697 mfd_def_size, 698 MFD_CLOEXEC | MFD_ALLOW_SEALING); 699 700 /* add basic seals */ 701 mfd_assert_has_seals(fd, 0); 702 mfd_assert_add_seals(fd, F_SEAL_SHRINK | 703 F_SEAL_WRITE); 704 mfd_assert_has_seals(fd, F_SEAL_SHRINK | 705 F_SEAL_WRITE); 706 707 /* add them again */ 708 mfd_assert_add_seals(fd, F_SEAL_SHRINK | 709 F_SEAL_WRITE); 710 mfd_assert_has_seals(fd, F_SEAL_SHRINK | 711 F_SEAL_WRITE); 712 713 /* add more seals and seal against sealing */ 714 mfd_assert_add_seals(fd, F_SEAL_GROW | F_SEAL_SEAL); 715 mfd_assert_has_seals(fd, F_SEAL_SHRINK | 716 F_SEAL_GROW | 717 F_SEAL_WRITE | 718 F_SEAL_SEAL); 719 720 /* verify that sealing no longer works */ 721 mfd_fail_add_seals(fd, F_SEAL_GROW); 722 mfd_fail_add_seals(fd, 0); 723 724 close(fd); 725 726 /* verify sealing does not work without MFD_ALLOW_SEALING */ 727 fd = mfd_assert_new("kern_memfd_basic", 728 mfd_def_size, 729 MFD_CLOEXEC); 730 mfd_assert_has_seals(fd, F_SEAL_SEAL); 731 mfd_fail_add_seals(fd, F_SEAL_SHRINK | 732 F_SEAL_GROW | 733 F_SEAL_WRITE); 734 mfd_assert_has_seals(fd, F_SEAL_SEAL); 735 close(fd); 736 } 737 738 /* 739 * Test SEAL_WRITE 740 * Test whether SEAL_WRITE actually prevents modifications. 741 */ 742 static void test_seal_write(void) 743 { 744 int fd; 745 746 printf("%s SEAL-WRITE\n", memfd_str); 747 748 fd = mfd_assert_new("kern_memfd_seal_write", 749 mfd_def_size, 750 MFD_CLOEXEC | MFD_ALLOW_SEALING); 751 mfd_assert_has_seals(fd, 0); 752 mfd_assert_add_seals(fd, F_SEAL_WRITE); 753 mfd_assert_has_seals(fd, F_SEAL_WRITE); 754 755 mfd_assert_read(fd); 756 mfd_fail_write(fd); 757 mfd_assert_shrink(fd); 758 mfd_assert_grow(fd); 759 mfd_fail_grow_write(fd); 760 761 close(fd); 762 } 763 764 /* 765 * Test SEAL_FUTURE_WRITE 766 * Test whether SEAL_FUTURE_WRITE actually prevents modifications. 767 */ 768 static void test_seal_future_write(void) 769 { 770 int fd, fd2; 771 void *p; 772 773 printf("%s SEAL-FUTURE-WRITE\n", memfd_str); 774 775 fd = mfd_assert_new("kern_memfd_seal_future_write", 776 mfd_def_size, 777 MFD_CLOEXEC | MFD_ALLOW_SEALING); 778 779 p = mfd_assert_mmap_shared(fd); 780 781 mfd_assert_has_seals(fd, 0); 782 783 mfd_assert_add_seals(fd, F_SEAL_FUTURE_WRITE); 784 mfd_assert_has_seals(fd, F_SEAL_FUTURE_WRITE); 785 786 /* read should pass, writes should fail */ 787 mfd_assert_read(fd); 788 mfd_assert_read_shared(fd); 789 mfd_fail_write(fd); 790 791 fd2 = mfd_assert_reopen_fd(fd); 792 /* read should pass, writes should still fail */ 793 mfd_assert_read(fd2); 794 mfd_assert_read_shared(fd2); 795 mfd_fail_write(fd2); 796 797 mfd_assert_fork_private_write(fd); 798 799 munmap(p, mfd_def_size); 800 close(fd2); 801 close(fd); 802 } 803 804 /* 805 * Test SEAL_SHRINK 806 * Test whether SEAL_SHRINK actually prevents shrinking 807 */ 808 static void test_seal_shrink(void) 809 { 810 int fd; 811 812 printf("%s SEAL-SHRINK\n", memfd_str); 813 814 fd = mfd_assert_new("kern_memfd_seal_shrink", 815 mfd_def_size, 816 MFD_CLOEXEC | MFD_ALLOW_SEALING); 817 mfd_assert_has_seals(fd, 0); 818 mfd_assert_add_seals(fd, F_SEAL_SHRINK); 819 mfd_assert_has_seals(fd, F_SEAL_SHRINK); 820 821 mfd_assert_read(fd); 822 mfd_assert_write(fd); 823 mfd_fail_shrink(fd); 824 mfd_assert_grow(fd); 825 mfd_assert_grow_write(fd); 826 827 close(fd); 828 } 829 830 /* 831 * Test SEAL_GROW 832 * Test whether SEAL_GROW actually prevents growing 833 */ 834 static void test_seal_grow(void) 835 { 836 int fd; 837 838 printf("%s SEAL-GROW\n", memfd_str); 839 840 fd = mfd_assert_new("kern_memfd_seal_grow", 841 mfd_def_size, 842 MFD_CLOEXEC | MFD_ALLOW_SEALING); 843 mfd_assert_has_seals(fd, 0); 844 mfd_assert_add_seals(fd, F_SEAL_GROW); 845 mfd_assert_has_seals(fd, F_SEAL_GROW); 846 847 mfd_assert_read(fd); 848 mfd_assert_write(fd); 849 mfd_assert_shrink(fd); 850 mfd_fail_grow(fd); 851 mfd_fail_grow_write(fd); 852 853 close(fd); 854 } 855 856 /* 857 * Test SEAL_SHRINK | SEAL_GROW 858 * Test whether SEAL_SHRINK | SEAL_GROW actually prevents resizing 859 */ 860 static void test_seal_resize(void) 861 { 862 int fd; 863 864 printf("%s SEAL-RESIZE\n", memfd_str); 865 866 fd = mfd_assert_new("kern_memfd_seal_resize", 867 mfd_def_size, 868 MFD_CLOEXEC | MFD_ALLOW_SEALING); 869 mfd_assert_has_seals(fd, 0); 870 mfd_assert_add_seals(fd, F_SEAL_SHRINK | F_SEAL_GROW); 871 mfd_assert_has_seals(fd, F_SEAL_SHRINK | F_SEAL_GROW); 872 873 mfd_assert_read(fd); 874 mfd_assert_write(fd); 875 mfd_fail_shrink(fd); 876 mfd_fail_grow(fd); 877 mfd_fail_grow_write(fd); 878 879 close(fd); 880 } 881 882 /* 883 * Test sharing via dup() 884 * Test that seals are shared between dupped FDs and they're all equal. 885 */ 886 static void test_share_dup(char *banner, char *b_suffix) 887 { 888 int fd, fd2; 889 890 printf("%s %s %s\n", memfd_str, banner, b_suffix); 891 892 fd = mfd_assert_new("kern_memfd_share_dup", 893 mfd_def_size, 894 MFD_CLOEXEC | MFD_ALLOW_SEALING); 895 mfd_assert_has_seals(fd, 0); 896 897 fd2 = mfd_assert_dup(fd); 898 mfd_assert_has_seals(fd2, 0); 899 900 mfd_assert_add_seals(fd, F_SEAL_WRITE); 901 mfd_assert_has_seals(fd, F_SEAL_WRITE); 902 mfd_assert_has_seals(fd2, F_SEAL_WRITE); 903 904 mfd_assert_add_seals(fd2, F_SEAL_SHRINK); 905 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK); 906 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK); 907 908 mfd_assert_add_seals(fd, F_SEAL_SEAL); 909 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL); 910 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL); 911 912 mfd_fail_add_seals(fd, F_SEAL_GROW); 913 mfd_fail_add_seals(fd2, F_SEAL_GROW); 914 mfd_fail_add_seals(fd, F_SEAL_SEAL); 915 mfd_fail_add_seals(fd2, F_SEAL_SEAL); 916 917 close(fd2); 918 919 mfd_fail_add_seals(fd, F_SEAL_GROW); 920 close(fd); 921 } 922 923 /* 924 * Test sealing with active mmap()s 925 * Modifying seals is only allowed if no other mmap() refs exist. 926 */ 927 static void test_share_mmap(char *banner, char *b_suffix) 928 { 929 int fd; 930 void *p; 931 932 printf("%s %s %s\n", memfd_str, banner, b_suffix); 933 934 fd = mfd_assert_new("kern_memfd_share_mmap", 935 mfd_def_size, 936 MFD_CLOEXEC | MFD_ALLOW_SEALING); 937 mfd_assert_has_seals(fd, 0); 938 939 /* shared/writable ref prevents sealing WRITE, but allows others */ 940 p = mfd_assert_mmap_shared(fd); 941 mfd_fail_add_seals(fd, F_SEAL_WRITE); 942 mfd_assert_has_seals(fd, 0); 943 mfd_assert_add_seals(fd, F_SEAL_SHRINK); 944 mfd_assert_has_seals(fd, F_SEAL_SHRINK); 945 munmap(p, mfd_def_size); 946 947 /* readable ref allows sealing */ 948 p = mfd_assert_mmap_private(fd); 949 mfd_assert_add_seals(fd, F_SEAL_WRITE); 950 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK); 951 munmap(p, mfd_def_size); 952 953 close(fd); 954 } 955 956 /* 957 * Test sealing with open(/proc/self/fd/%d) 958 * Via /proc we can get access to a separate file-context for the same memfd. 959 * This is *not* like dup(), but like a real separate open(). Make sure the 960 * semantics are as expected and we correctly check for RDONLY / WRONLY / RDWR. 961 */ 962 static void test_share_open(char *banner, char *b_suffix) 963 { 964 int fd, fd2; 965 966 printf("%s %s %s\n", memfd_str, banner, b_suffix); 967 968 fd = mfd_assert_new("kern_memfd_share_open", 969 mfd_def_size, 970 MFD_CLOEXEC | MFD_ALLOW_SEALING); 971 mfd_assert_has_seals(fd, 0); 972 973 fd2 = mfd_assert_open(fd, O_RDWR, 0); 974 mfd_assert_add_seals(fd, F_SEAL_WRITE); 975 mfd_assert_has_seals(fd, F_SEAL_WRITE); 976 mfd_assert_has_seals(fd2, F_SEAL_WRITE); 977 978 mfd_assert_add_seals(fd2, F_SEAL_SHRINK); 979 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK); 980 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK); 981 982 close(fd); 983 fd = mfd_assert_open(fd2, O_RDONLY, 0); 984 985 mfd_fail_add_seals(fd, F_SEAL_SEAL); 986 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK); 987 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK); 988 989 close(fd2); 990 fd2 = mfd_assert_open(fd, O_RDWR, 0); 991 992 mfd_assert_add_seals(fd2, F_SEAL_SEAL); 993 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL); 994 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL); 995 996 close(fd2); 997 close(fd); 998 } 999 1000 /* 1001 * Test sharing via fork() 1002 * Test whether seal-modifications work as expected with forked childs. 1003 */ 1004 static void test_share_fork(char *banner, char *b_suffix) 1005 { 1006 int fd; 1007 pid_t pid; 1008 1009 printf("%s %s %s\n", memfd_str, banner, b_suffix); 1010 1011 fd = mfd_assert_new("kern_memfd_share_fork", 1012 mfd_def_size, 1013 MFD_CLOEXEC | MFD_ALLOW_SEALING); 1014 mfd_assert_has_seals(fd, 0); 1015 1016 pid = spawn_idle_thread(0); 1017 mfd_assert_add_seals(fd, F_SEAL_SEAL); 1018 mfd_assert_has_seals(fd, F_SEAL_SEAL); 1019 1020 mfd_fail_add_seals(fd, F_SEAL_WRITE); 1021 mfd_assert_has_seals(fd, F_SEAL_SEAL); 1022 1023 join_idle_thread(pid); 1024 1025 mfd_fail_add_seals(fd, F_SEAL_WRITE); 1026 mfd_assert_has_seals(fd, F_SEAL_SEAL); 1027 1028 close(fd); 1029 } 1030 1031 int main(int argc, char **argv) 1032 { 1033 pid_t pid; 1034 1035 if (argc == 2) { 1036 if (!strcmp(argv[1], "hugetlbfs")) { 1037 unsigned long hpage_size = default_huge_page_size(); 1038 1039 if (!hpage_size) { 1040 printf("Unable to determine huge page size\n"); 1041 abort(); 1042 } 1043 1044 hugetlbfs_test = 1; 1045 memfd_str = MEMFD_HUGE_STR; 1046 mfd_def_size = hpage_size * 2; 1047 } else { 1048 printf("Unknown option: %s\n", argv[1]); 1049 abort(); 1050 } 1051 } 1052 1053 test_create(); 1054 test_basic(); 1055 1056 test_seal_write(); 1057 test_seal_future_write(); 1058 test_seal_shrink(); 1059 test_seal_grow(); 1060 test_seal_resize(); 1061 1062 test_share_dup("SHARE-DUP", ""); 1063 test_share_mmap("SHARE-MMAP", ""); 1064 test_share_open("SHARE-OPEN", ""); 1065 test_share_fork("SHARE-FORK", ""); 1066 1067 /* Run test-suite in a multi-threaded environment with a shared 1068 * file-table. */ 1069 pid = spawn_idle_thread(CLONE_FILES | CLONE_FS | CLONE_VM); 1070 test_share_dup("SHARE-DUP", SHARED_FT_STR); 1071 test_share_mmap("SHARE-MMAP", SHARED_FT_STR); 1072 test_share_open("SHARE-OPEN", SHARED_FT_STR); 1073 test_share_fork("SHARE-FORK", SHARED_FT_STR); 1074 join_idle_thread(pid); 1075 1076 printf("memfd: DONE\n"); 1077 1078 return 0; 1079 } 1080