From patchwork Mon Feb  3 10:28:09 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kevin Brodsky <kevin.brodsky@arm.com>
X-Patchwork-Id: 13957223
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A3C78C02192
	for <linux-mm@archiver.kernel.org>; Mon,  3 Feb 2025 10:29:11 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 38B30280012; Mon,  3 Feb 2025 05:29:11 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 3131B28000E; Mon,  3 Feb 2025 05:29:11 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 20272280012; Mon,  3 Feb 2025 05:29:11 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com
 [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id F1F6828000E
	for <linux-mm@kvack.org>; Mon,  3 Feb 2025 05:29:10 -0500 (EST)
Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id 3AD8E4B3FC
	for <linux-mm@kvack.org>; Mon,  3 Feb 2025 10:29:02 +0000 (UTC)
X-FDA: 83078260524.04.1524288
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
	by imf23.hostedemail.com (Postfix) with ESMTP id 89636140002
	for <linux-mm@kvack.org>; Mon,  3 Feb 2025 10:29:00 +0000 (UTC)
Authentication-Results: imf23.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=none) header.from=arm.com;
	spf=pass (imf23.hostedemail.com: domain of kevin.brodsky@arm.com designates
 217.140.110.172 as permitted sender) smtp.mailfrom=kevin.brodsky@arm.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1738578540;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=zoyyTWy8+Zu7JkfSAKSCzAU5xw+8zxp6lIz7/LeWBsU=;
	b=sD4QuTXsxYTSiLE6oEEF6NJE2HrAsOPR7zYwaRVS/QrGcrNjN6QU1KtXYnnZ5Qm62cS/3P
	ZezmcciGEZd5Er/J5O25SpjruCrcPazvNZ0nj4dircV1VEDvrhqfbb28eWjzt5Cs8CTIDq
	y+Aj00ELxnGJSaGsl6iECDpnUS7gJbk=
ARC-Authentication-Results: i=1;
	imf23.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=none) header.from=arm.com;
	spf=pass (imf23.hostedemail.com: domain of kevin.brodsky@arm.com designates
 217.140.110.172 as permitted sender) smtp.mailfrom=kevin.brodsky@arm.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1738578540; a=rsa-sha256;
	cv=none;
	b=ve4ABVwC6m2syg75U9bnc0PGnySsz7trQTu38q4+NUwKP3Yd1Vq9H99Vs9IJogSDRrr/Xn
	52P54gPIrNjU4gssVvXYQPXVD23V0ez0fno0qMU/NoOJ5SSXa/qqNwfMq8D1zo8v1rLaqu
	vOfUYwne9njicO6z3LxmNfIXE9u1kpA=
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5909D1BCA;
	Mon,  3 Feb 2025 02:29:24 -0800 (PST)
Received: from e123572-lin.arm.com (e123572-lin.cambridge.arm.com
 [10.1.194.54])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2AE363F7BD;
	Mon,  3 Feb 2025 02:28:56 -0800 (PST)
From: Kevin Brodsky <kevin.brodsky@arm.com>
To: linux-hardening@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	Kevin Brodsky <kevin.brodsky@arm.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Mark Brown <broonie@kernel.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	David Howells <dhowells@redhat.com>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Jann Horn <jannh@google.com>,
	Jeff Xu <jeffxu@chromium.org>,
	Joey Gouly <joey.gouly@arm.com>,
	Kees Cook <kees@kernel.org>,
	Linus Walleij <linus.walleij@linaro.org>,
	Andy Lutomirski <luto@kernel.org>,
	Marc Zyngier <maz@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Pierre Langlois <pierre.langlois@arm.com>,
	Quentin Perret <qperret@google.com>,
	"Mike Rapoport (IBM)" <rppt@kernel.org>,
	Ryan Roberts <ryan.roberts@arm.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Will Deacon <will@kernel.org>,
	Matthew Wilcox <willy@infradead.org>,
	Qi Zheng <zhengqi.arch@bytedance.com>,
	linux-arm-kernel@lists.infradead.org,
	linux-mm@kvack.org,
	x86@kernel.org
Subject: [RFC PATCH 8/8] mm: Add basic tests for kpkeys_hardened_cred
Date: Mon,  3 Feb 2025 10:28:09 +0000
Message-ID: <20250203102809.1223255-9-kevin.brodsky@arm.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <20250203102809.1223255-1-kevin.brodsky@arm.com>
References: <20250203102809.1223255-1-kevin.brodsky@arm.com>
MIME-Version: 1.0
X-Rspamd-Server: rspam05
X-Rspamd-Queue-Id: 89636140002
X-Stat-Signature: 3crr676owubnjmbng853ztn3r1hwmish
X-Rspam-User: 
X-HE-Tag: 1738578540-105660
X-HE-Meta: 
 U2FsdGVkX1/aT2GzGMxcdfPC6EMadn3LGMolaV2cZlu9udNBhRiC0IeQI8bW/JCJIcNzq+e1hnWR0fJBzz2+8uig04FOokB3ngUSt4T1HEO97Tain6a/oI5Ctq8oIOy+VmRFaN2LVCE6Hd9ySK8wvpqiJj53x+wCiHdllWz+3gynLrD7i6ocsNnfQ/bToJaIVZ/zkQ9wVMPm5UiHYdHgoZvi0Dye7fHp9r3qqB1iazB0BvxEt8lEq0DPEv7SPuJ1pkmU/CTZnLQVMKKpE4PZXyRes86qcjd9LGv1arxCfQi/c/8c/eyfZLiAvOia0H3GjM8zlvvM7CJjrv4CY90bCh8rTFn+rs+2qFHDnuffI/QKCqCTPW7Qfgb9R0FeZwq0GozEInST0f8nvso3+lZHVwL94nHM/NVngJmBEptHJUdKcqMW8KfTLA5hCDm3m7pqvxJhF5RHvysAZ00oPgSOBtvtR+2r7zALWIQRY78YYCQREstf9KEpiSIXqzIxPC6uJvepemIolyPXZHAZ+S3am//eCyPJVJItLc9Awd9jXuAAX4nbFhpGUl6no3IIZqiuhB/NVpX0OtIIrwxGNZ4CCxUMaetUxu03zJ4/8zTQzD7sm/4ZSw3KF/hXQh5Ol5JPRWNkKRjRKSHIVBVMqTgZ0SqgJR+hSuFpnJm7NPuEVzf93pYgtjjSyXlZAY4yN/z70ZrW6y5WPuNvPpywYytD5Z55MN9ysJo/JI3ql2qUmgHrGwtSKBD4NmOyn3w5zqTvZ9PjpNTBOEwPKfO8msh5czyZmyUvggSbRPbWsWjREW9WeuEjoJPJz4fqjvFH+eLOZZdsnZTCQK1Zs6ok6Ls7cBjkjEZxiLAypDGMuQPO3398//uUqNjAHlMOkckCyU/Ib5UdM0d9mDCaSKAqgZ6fhjniWfJoeKpeliqUFHRp6WpTYwPjmYJPN/nXEMLk+Pjrr7QMyqZgIfvDTonaIKj
 34nYPnYk
 2nlmI+i+PnUGiNBL2UkNiEuYtgUcE8vJwec/zuIkB6KFiTjTbTRxiPyMzXpPZdO1Nqya5F0+aK7VVYfTkS6fe7SqoLhnrgaJomGt+bystIZaqFp6ZlxLx2RCeFyBk2AMp7axlEh0ITuDXPOUNbXoWB+gJy2F/F6eQxPIYzgs737YgagBEvpW+th/bO7ningLNafVGM7mwS7lV7RI=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Add basic tests for the kpkeys_hardened_pgtables feature: try to
perform a direct write to current->{cred,real_cred} and ensure it
fails.

Signed-off-by: Kevin Brodsky <kevin.brodsky@arm.com>
---
 mm/Makefile                    |  1 +
 mm/kpkeys_hardened_cred_test.c | 42 ++++++++++++++++++++++++++++++++++
 security/Kconfig.hardening     | 11 +++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 mm/kpkeys_hardened_cred_test.c

diff --git a/mm/Makefile b/mm/Makefile
index f7263b7f45b8..2024226902d4 100644
--- a/mm/Makefile
+++ b/mm/Makefile
@@ -149,3 +149,4 @@ obj-$(CONFIG_TMPFS_QUOTA) += shmem_quota.o
 obj-$(CONFIG_PT_RECLAIM) += pt_reclaim.o
 obj-$(CONFIG_KPKEYS_HARDENED_PGTABLES) += kpkeys_hardened_pgtables.o
 obj-$(CONFIG_KPKEYS_HARDENED_PGTABLES_TEST) += kpkeys_hardened_pgtables_test.o
+obj-$(CONFIG_KPKEYS_HARDENED_CRED_TEST) += kpkeys_hardened_cred_test.o
diff --git a/mm/kpkeys_hardened_cred_test.c b/mm/kpkeys_hardened_cred_test.c
new file mode 100644
index 000000000000..46048098f99d
--- /dev/null
+++ b/mm/kpkeys_hardened_cred_test.c
@@ -0,0 +1,42 @@
+// SPDX-License-Identifier: GPL-2.0-only
+#include <kunit/test.h>
+#include <linux/sched.h>
+
+static void write_cred(struct kunit *test)
+{
+	long zero = 0;
+	int ret;
+
+	ret = copy_to_kernel_nofault((unsigned long *)current->cred, &zero, sizeof(zero));
+	KUNIT_EXPECT_EQ_MSG(test, ret, -EFAULT,
+			    "Write to current->cred wasn't prevented");
+
+	ret = copy_to_kernel_nofault((unsigned long *)current->real_cred, &zero, sizeof(zero));
+	KUNIT_EXPECT_EQ_MSG(test, ret, -EFAULT,
+			    "Write to current->real_cred wasn't prevented");
+}
+
+static int kpkeys_hardened_cred_suite_init(struct kunit_suite *suite)
+{
+	if (!arch_kpkeys_enabled()) {
+		pr_err("Cannot run kpkeys_hardened_cred tests: kpkeys are not supported\n");
+		return 1;
+	}
+
+	return 0;
+}
+
+static struct kunit_case kpkeys_hardened_cred_test_cases[] = {
+	KUNIT_CASE(write_cred),
+	{}
+};
+
+static struct kunit_suite kpkeys_hardened_cred_test_suite = {
+	.name = "Hardened credentials using kpkeys",
+	.test_cases = kpkeys_hardened_cred_test_cases,
+	.suite_init = kpkeys_hardened_cred_suite_init,
+};
+kunit_test_suite(kpkeys_hardened_cred_test_suite);
+
+MODULE_DESCRIPTION("Tests for the kpkeys_hardened_cred feature");
+MODULE_LICENSE("GPL");
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index 1af3a9dae645..9b0563a03ab4 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -338,6 +338,17 @@ config KPKEYS_HARDENED_CRED
 	  This option has no effect if the system does not support
 	  kernel pkeys.
 
+config KPKEYS_HARDENED_CRED_TEST
+	tristate "KUnit tests for kpkeys_hardened_cred" if !KUNIT_ALL_TESTS
+	depends on KPKEYS_HARDENED_CRED
+	depends on KUNIT
+	default KUNIT_ALL_TESTS
+	help
+	  Enable this option to check that the kpkeys_hardened_cred feature
+	  functions as intended, i.e. prevents arbitrary writes to live credentials.
+
+	  If unsure, say N.
+
 endmenu
 
 config CC_HAS_RANDSTRUCT