From patchwork Thu May 4 17:09:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 13231421 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02B97C7EE21 for ; Thu, 4 May 2023 17:10:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 47A626B0080; Thu, 4 May 2023 13:10:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 432DD280002; Thu, 4 May 2023 13:10:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 319976B0082; Thu, 4 May 2023 13:10:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by kanga.kvack.org (Postfix) with ESMTP id ED1B66B0080 for ; Thu, 4 May 2023 13:10:09 -0400 (EDT) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-3f315735514so71889345e9.1 for ; Thu, 04 May 2023 10:10:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1683220209; x=1685812209; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eTHDgvve2rlDjfEENOqXxQ+73XcCxja6nWFDNUvgskk=; b=TLY8hWANkz5dJ2crHOy+zJ3/fsXy3K91NDqWzUUpWFnWsc5AvwcKHembAMeXUVfNXl 6aHNKialveKSsvzkPszrvlNeMUCPp2K6hCxbxuo99eVWUuZP9iSacZWOKIfONAsoKL8i GjDtmWIGIo7DVSqPDWi7y6KDAWwPrZSeph3cY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683220209; x=1685812209; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eTHDgvve2rlDjfEENOqXxQ+73XcCxja6nWFDNUvgskk=; b=IbBFGSTK966RJIwyYR+SEvPfyIriNtDVlE3JCVvPrh1LWTcN5EEpUF3eOdY2hMlEmB INweHco/JS0w1CMA8rbQKK6PfojSVu1uNUTe5Q6h+5KLiyujm9/Sto4lTekrRG4MiDKL aF5x+lLFtp2ef5HkcKX9N3T/yKNm0jsUiWZGRwLPV1RvAr/gXBwlP77gXgiKXC7FTrqW TBp7odl2IzlPmZAZfrFD0mNmMvoxBcni8ZHoSCl0VYPgD4U+pPog5PfCgyJTNNAJ1N3g shF2zRUfs6irOyAgANM3R23xJMie9fbpgIUl+TY7TChDID1lYbukREZbx9srFCS8At3q Oz1Q== X-Gm-Message-State: AC+VfDx6G14CgFnLsrzhLyPoKEFHyKtpIbdzUtGHGAXGtfhpF0j2yaNs SoCQr0SBeNtysjE9KmIWhf/OSQ== X-Google-Smtp-Source: ACHHUZ5d0xPnrxlco6YHlUieIkIKj1ECQng329XaF4Xna4iIv1YyKwG/0ZE08ILoIyqxfnt2ijSqiA== X-Received: by 2002:a05:600c:3555:b0:3f1:89de:7e51 with SMTP id i21-20020a05600c355500b003f189de7e51mr262426wmq.12.1683220209275; Thu, 04 May 2023 10:10:09 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:c740:f74d:132c:ca99]) by smtp.gmail.com with ESMTPSA id q3-20020a1cf303000000b003f3157988f8sm5447895wmq.26.2023.05.04.10.10.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 May 2023 10:10:08 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, nd@arm.com, broonie@kernel.org, szabolcs.nagy@arm.com, Florent Revest Subject: [PATCH 1/4] kselftest: vm: Fix tabs/spaces inconsistency in the mdwe test Date: Thu, 4 May 2023 19:09:39 +0200 Message-ID: <20230504170942.822147-2-revest@chromium.org> X-Mailer: git-send-email 2.40.1.495.gc816e09b53d-goog In-Reply-To: <20230504170942.822147-1-revest@chromium.org> References: <20230504170942.822147-1-revest@chromium.org> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Signed-off-by: Florent Revest --- tools/testing/selftests/mm/mdwe_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftests/mm/mdwe_test.c index bc91bef5d254..d0954c657feb 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -49,19 +49,19 @@ FIXTURE_VARIANT(mdwe) FIXTURE_VARIANT_ADD(mdwe, stock) { - .enabled = false, + .enabled = false, .forked = false, }; FIXTURE_VARIANT_ADD(mdwe, enabled) { - .enabled = true, + .enabled = true, .forked = false, }; FIXTURE_VARIANT_ADD(mdwe, forked) { - .enabled = true, + .enabled = true, .forked = true, }; From patchwork Thu May 4 17:09:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 13231422 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97290C7EE25 for ; Thu, 4 May 2023 17:10:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DF0A4280003; Thu, 4 May 2023 13:10:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D7994280002; Thu, 4 May 2023 13:10:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C19E0280003; Thu, 4 May 2023 13:10:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by kanga.kvack.org (Postfix) with ESMTP id 8B8CB280002 for ; Thu, 4 May 2023 13:10:11 -0400 (EDT) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-3f1763ee8f8so5894365e9.1 for ; Thu, 04 May 2023 10:10:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1683220211; x=1685812211; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=P3QYW4dMv2fssbqcmbr7kPwxf8O4yB5nA1oU7n1NpuI=; b=D7x4fa+X6qIEzk2IbZ+D0fz5GhTgakeCXE+E81V7L4crHzOUgGASrNmikW+8iJh6Lp M1n6L4lENTLNeOLhBvCOq7Kq+mXd93sRdO8S61OdMearQDPJkCAv7Q+7Bh7n2mXiDfYh UHQAZtPHV+bXdXq/fi6Bp3nU8BvBD8blOwy0E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683220211; x=1685812211; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=P3QYW4dMv2fssbqcmbr7kPwxf8O4yB5nA1oU7n1NpuI=; b=Nj592oMrFrzfB6NpgKaoXmE4k/955p+S3MXSk1GGqoKE0itrzfL4UjLMUADleFxQAt +O/vyPNKESbL0WQJPgg13JQbbaX1yZByk6yDSEeCsI68AGdrP9lqjWNv2FVgLuVPmXJo 0ZOfCbEJcYv4GF/67n5TD3D+drgcJrLzzGWKBeB//rLI3mYwfcm4GYDOCnB+3OOC0ArM kJyYvI5Leh8rZL1XWr5wFN3LBL1J2tneHUQkHx8cciW1qzIAe6bpDgQrpJJlXPwoEDaB w+DHgzTl+qSLalNjh21UJ5cPrix9nTkDkGETciiniISOBK36PnD5Kjzg71UZo1BYQ0jh uUtg== X-Gm-Message-State: AC+VfDxNC86732xwySkWW4UEewU3bVa1R23miuyCgABMK1q1Vdt0EKuw TEGZwp6eNw79zOOHSA2ccoKv6A== X-Google-Smtp-Source: ACHHUZ7sjcdpMxdHjUAJRoWkPdEa2XxXYPE4S9LIyfl8w/5h6/1ytolBNPYIlZqeNzyAuvye4I8eIQ== X-Received: by 2002:a1c:740d:0:b0:3ef:6819:b2ad with SMTP id p13-20020a1c740d000000b003ef6819b2admr265910wmc.37.1683220210796; Thu, 04 May 2023 10:10:10 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:c740:f74d:132c:ca99]) by smtp.gmail.com with ESMTPSA id q3-20020a1cf303000000b003f3157988f8sm5447895wmq.26.2023.05.04.10.10.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 May 2023 10:10:10 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, nd@arm.com, broonie@kernel.org, szabolcs.nagy@arm.com, Florent Revest Subject: [PATCH 2/4] kselftest: vm: Fix mdwe's mmap_FIXED test case Date: Thu, 4 May 2023 19:09:40 +0200 Message-ID: <20230504170942.822147-3-revest@chromium.org> X-Mailer: git-send-email 2.40.1.495.gc816e09b53d-goog In-Reply-To: <20230504170942.822147-1-revest@chromium.org> References: <20230504170942.822147-1-revest@chromium.org> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: I checked with the original author, the mmap_FIXED test case wasn't properly tested and fails. Currently, it maps two consecutive (non overlapping) pages and expects the second mapping to be denied by MDWE but these two pages have nothing to do with each other so MDWE is actually out of the picture here. What the test actually intended to do was to remap a virtual address using MAP_FIXED. However, this operation unmaps the existing mapping and creates a new one so the va is backed by a new page and MDWE is again out of the picture, all remappings should succeed. This patch keeps the test case to make it clear that this situation is expected to work. Signed-off-by: Florent Revest --- tools/testing/selftests/mm/mdwe_test.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftests/mm/mdwe_test.c index d0954c657feb..91aa9c3099e7 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -168,13 +168,10 @@ TEST_F(mdwe, mmap_FIXED) self->p = mmap(NULL, self->size, PROT_READ, self->flags, 0, 0); ASSERT_NE(self->p, MAP_FAILED); - p = mmap(self->p + self->size, self->size, PROT_READ | PROT_EXEC, + /* MAP_FIXED unmaps the existing page before mapping which is allowed */ + p = mmap(self->p, self->size, PROT_READ | PROT_EXEC, self->flags | MAP_FIXED, 0, 0); - if (variant->enabled) { - EXPECT_EQ(p, MAP_FAILED); - } else { - EXPECT_EQ(p, self->p); - } + EXPECT_EQ(p, self->p); } TEST_F(mdwe, arm64_BTI) From patchwork Thu May 4 17:09:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 13231423 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56CAFC77B78 for ; Thu, 4 May 2023 17:10:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9D1F3280004; Thu, 4 May 2023 13:10:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 982C7280002; Thu, 4 May 2023 13:10:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7FC43280004; Thu, 4 May 2023 13:10:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by kanga.kvack.org (Postfix) with ESMTP id 4290C280002 for ; Thu, 4 May 2023 13:10:13 -0400 (EDT) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-3f20215fa70so5913275e9.0 for ; Thu, 04 May 2023 10:10:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1683220212; x=1685812212; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=as31pCoPiH/Lp8KLJm8spaUi4yVvoAv9TTcEhjCAAgY=; b=LPi2IBa3epGcENfstLDmxknEDjzoeVoyMCOVXvn2hIqJbhS/z3Z7beqcX8HNc6RUU/ /pzEgUoHJDLiDTe06ySVWNrxzOY57B8Ei43G0kuT69v4VEEQebPwALydX2HCV6VqXzRz DN1UCfrQbZ+PMVzcuWYehyE4oV9BCc+rsc8xk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683220212; x=1685812212; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=as31pCoPiH/Lp8KLJm8spaUi4yVvoAv9TTcEhjCAAgY=; b=MkRo3JkTwsRvjBNifw9NFOXWwmnz3G3JVMCjx8GYmlkck8W5hxAqABflLxWRqiV4su 1+Ob/8pcMND1IJ4iQSMEtOPyJKWF/GzLhJd7zuVfEV27fCkbiKyeWusb30wZ8n4BFCpw fmX+tz+R7lCFwmNHA0k3n4LqxaHZFzgf9u9TRgopUVy3LnotXYaSuud6d/B2mb33SqRO Y3yiT3fefmnC8DT9Tgh5LwHDgTQq6hjOyBXdXLmVlocsQV1DPy4oUgROMY9Ka/z0V+hG B0mpRr5xASeTgeASoU05af2PR2bzibCggNOrRfzGrKjedDt8KpnLGNyow5SvYp1ztWmU 3VIA== X-Gm-Message-State: AC+VfDwZXSGFLpRXICaXqrKnCtUkTu7HTASBJTH+WUGjjRPIEMQDUcEI vSlj+9cFm/Hqf5r+FFPY+jla9g== X-Google-Smtp-Source: ACHHUZ4E7M1YUpqW0h8R/EXzvhzI1Z5KyW0l0wGNsfKg6JHhw1LfgpgTa2/V7lU+cw1m2C7vUKdAkg== X-Received: by 2002:a7b:ce84:0:b0:3f2:4fca:1b0f with SMTP id q4-20020a7bce84000000b003f24fca1b0fmr255985wmj.24.1683220212624; Thu, 04 May 2023 10:10:12 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:c740:f74d:132c:ca99]) by smtp.gmail.com with ESMTPSA id q3-20020a1cf303000000b003f3157988f8sm5447895wmq.26.2023.05.04.10.10.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 May 2023 10:10:11 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, nd@arm.com, broonie@kernel.org, szabolcs.nagy@arm.com, Florent Revest Subject: [PATCH 3/4] mm: Add a NO_INHERIT flag to the PR_SET_MDWE prctl Date: Thu, 4 May 2023 19:09:41 +0200 Message-ID: <20230504170942.822147-4-revest@chromium.org> X-Mailer: git-send-email 2.40.1.495.gc816e09b53d-goog In-Reply-To: <20230504170942.822147-1-revest@chromium.org> References: <20230504170942.822147-1-revest@chromium.org> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This extends the current PR_SET_MDWE prctl arg with a bit to indicate that the process doesn't want MDWE protection to propagate to children. To implement this no-inherit mode, the tag in current->mm->flags must be absent from MMF_INIT_MASK. This means that the encoding for "MDWE but without inherit" is different in the prctl than in the mm flags. This leads to a bit of bit-mangling in the prctl implementation. Signed-off-by: Florent Revest --- include/linux/mman.h | 8 +++++++- include/linux/sched/coredump.h | 1 + include/uapi/linux/prctl.h | 1 + kernel/sys.c | 29 +++++++++++++++++++++++------ tools/include/uapi/linux/prctl.h | 1 + 5 files changed, 33 insertions(+), 7 deletions(-) diff --git a/include/linux/mman.h b/include/linux/mman.h index cee1e4b566d8..3d7a0b70ad2d 100644 --- a/include/linux/mman.h +++ b/include/linux/mman.h @@ -157,6 +157,12 @@ calc_vm_flag_bits(unsigned long flags) unsigned long vm_commit_limit(void); +static inline bool has_mdwe_enabled(struct task_struct *task) +{ + return test_bit(MMF_HAS_MDWE, &task->mm->flags) || + test_bit(MMF_HAS_MDWE_NO_INHERIT, &task->mm->flags); +} + /* * Denies creating a writable executable mapping or gaining executable permissions. * @@ -178,7 +184,7 @@ unsigned long vm_commit_limit(void); */ static inline bool map_deny_write_exec(struct vm_area_struct *vma, unsigned long vm_flags) { - if (!test_bit(MMF_HAS_MDWE, ¤t->mm->flags)) + if (!has_mdwe_enabled(current)) return false; if ((vm_flags & VM_EXEC) && (vm_flags & VM_WRITE)) diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h index 0ee96ea7a0e9..b2d9659ef863 100644 --- a/include/linux/sched/coredump.h +++ b/include/linux/sched/coredump.h @@ -91,4 +91,5 @@ static inline int get_dumpable(struct mm_struct *mm) MMF_DISABLE_THP_MASK | MMF_HAS_MDWE_MASK) #define MMF_VM_MERGE_ANY 29 +#define MMF_HAS_MDWE_NO_INHERIT 30 #endif /* _LINUX_SCHED_COREDUMP_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index f23d9a16507f..31ec44728412 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -284,6 +284,7 @@ struct prctl_mm_map { /* Memory deny write / execute */ #define PR_SET_MDWE 65 # define PR_MDWE_REFUSE_EXEC_GAIN 1 +# define PR_MDWE_NO_INHERIT 2 #define PR_GET_MDWE 66 diff --git a/kernel/sys.c b/kernel/sys.c index 339fee3eff6a..c864fd42ece1 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2368,12 +2368,25 @@ static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3, if (arg3 || arg4 || arg5) return -EINVAL; - if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN)) + if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT)) return -EINVAL; - if (bits & PR_MDWE_REFUSE_EXEC_GAIN) - set_bit(MMF_HAS_MDWE, ¤t->mm->flags); - else if (test_bit(MMF_HAS_MDWE, ¤t->mm->flags)) + /* Cannot set NO_INHERIT without REFUSE_EXEC_GAIN */ + if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN)) + return -EINVAL; + + if (bits & PR_MDWE_REFUSE_EXEC_GAIN) { + if (bits & PR_MDWE_NO_INHERIT) { + /* Cannot go from inherit mode to no inherit */ + if (test_bit(MMF_HAS_MDWE, ¤t->mm->flags)) + return -EPERM; + + set_bit(MMF_HAS_MDWE_NO_INHERIT, ¤t->mm->flags); + } else { + set_bit(MMF_HAS_MDWE, ¤t->mm->flags); + clear_bit(MMF_HAS_MDWE_NO_INHERIT, ¤t->mm->flags); + } + } else if (has_mdwe_enabled(current)) return -EPERM; /* Cannot unset the flag */ return 0; @@ -2385,8 +2398,12 @@ static inline int prctl_get_mdwe(unsigned long arg2, unsigned long arg3, if (arg2 || arg3 || arg4 || arg5) return -EINVAL; - return test_bit(MMF_HAS_MDWE, ¤t->mm->flags) ? - PR_MDWE_REFUSE_EXEC_GAIN : 0; + if (test_bit(MMF_HAS_MDWE, ¤t->mm->flags)) + return PR_MDWE_REFUSE_EXEC_GAIN; + else if (test_bit(MMF_HAS_MDWE_NO_INHERIT, ¤t->mm->flags)) + return PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT; + + return 0; } static int prctl_get_auxv(void __user *addr, unsigned long len) diff --git a/tools/include/uapi/linux/prctl.h b/tools/include/uapi/linux/prctl.h index 759b3f53e53f..a3424852d2d6 100644 --- a/tools/include/uapi/linux/prctl.h +++ b/tools/include/uapi/linux/prctl.h @@ -284,6 +284,7 @@ struct prctl_mm_map { /* Memory deny write / execute */ #define PR_SET_MDWE 65 # define PR_MDWE_REFUSE_EXEC_GAIN 1 +# define PR_MDWE_NO_INHERIT 2 #define PR_GET_MDWE 66 From patchwork Thu May 4 17:09:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florent Revest X-Patchwork-Id: 13231424 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B977C7EE25 for ; Thu, 4 May 2023 17:10:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C1C7F280005; Thu, 4 May 2023 13:10:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BA5D0280002; Thu, 4 May 2023 13:10:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A450A280005; Thu, 4 May 2023 13:10:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by kanga.kvack.org (Postfix) with ESMTP id 5927C280002 for ; Thu, 4 May 2023 13:10:15 -0400 (EDT) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-2f3fe12de15so532730f8f.3 for ; Thu, 04 May 2023 10:10:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1683220214; x=1685812214; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1SRzuJqpvnzSAOXKSWghhiqVYW6J1y/TsKOBytQBtN4=; b=b0n2C4i8lymk8dRpWOfTuJnCia7q/qvlmX+zU/kRwHQNNJ4h/PvDPJfE3TW4FuEQyq GxNI2PXk7U7odx4x/SMJ8jZxUvjY9mXIu6yBOFpsQlRvi71FueOZC0jH/GF+2fU/HMk9 5hofoAb5Ek/MaQvYilxsgGZjtqaxikqck0/r8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683220214; x=1685812214; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1SRzuJqpvnzSAOXKSWghhiqVYW6J1y/TsKOBytQBtN4=; b=aPu9Rr3cYzcqiDyYrWMg3/BNW9kXMf40TdfMdMrT4OZIEwLBKEqCuce57XanIPwUvS HeHbpsQOr6RilnOD9h70WgaOrHJGtkmbE5iqjeG+G1RqkQk3OEyLnLfr5LY9ztbNkBIv MZYqHzM9otQsh3QNDa9toxpIVyCDdmfcab4u6ybNuXbCM/8/pPwjSqbUnPkUdHA2LpBt u6eJhrQEPQGNM93fPMJFqTp3dzAHlD8Zc/i1Ofn0kymxj91DESbrXcqM3eq1OxLEyz8j ylxM8YQ8Aa+6SvJyl5ceTWypZaV8q45mOvw8OC0V8Y0kfWuIjwEfF0dw7ZzGqW7PcJZh cAiw== X-Gm-Message-State: AC+VfDyr8SQpQyXoRyksSpCWIGVPwgry+HFTI17WejkppYe9kmjksKIl +yBFyKHqb8dnn5d+EmviyV6P1Q== X-Google-Smtp-Source: ACHHUZ4xqUPKwd2yqVsyE6IZZzbxVAg+Th1py3ve8uPMzscEzkS8tAo9MzIwuZGnk8zCVr4AUN5+jA== X-Received: by 2002:a05:6000:108f:b0:307:4d2c:8353 with SMTP id y15-20020a056000108f00b003074d2c8353mr1400687wrw.53.1683220214530; Thu, 04 May 2023 10:10:14 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:c740:f74d:132c:ca99]) by smtp.gmail.com with ESMTPSA id q3-20020a1cf303000000b003f3157988f8sm5447895wmq.26.2023.05.04.10.10.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 May 2023 10:10:14 -0700 (PDT) From: Florent Revest To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: akpm@linux-foundation.org, catalin.marinas@arm.com, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, nd@arm.com, broonie@kernel.org, szabolcs.nagy@arm.com, Florent Revest Subject: [PATCH 4/4] kselftest: vm: Add tests for no-inherit memory-deny-write-execute Date: Thu, 4 May 2023 19:09:42 +0200 Message-ID: <20230504170942.822147-5-revest@chromium.org> X-Mailer: git-send-email 2.40.1.495.gc816e09b53d-goog In-Reply-To: <20230504170942.822147-1-revest@chromium.org> References: <20230504170942.822147-1-revest@chromium.org> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add some tests to cover the new PR_MDWE_NO_INHERIT flag of the PR_SET_MDWE prctl. Signed-off-by: Florent Revest --- tools/testing/selftests/mm/mdwe_test.c | 95 ++++++++++++++++++++++++-- 1 file changed, 89 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/mm/mdwe_test.c b/tools/testing/selftests/mm/mdwe_test.c index 91aa9c3099e7..9f08ed1b99ae 100644 --- a/tools/testing/selftests/mm/mdwe_test.c +++ b/tools/testing/selftests/mm/mdwe_test.c @@ -22,6 +22,8 @@ TEST(prctl_flags) { + EXPECT_LT(prctl(PR_SET_MDWE, PR_MDWE_NO_INHERIT, 0L, 0L, 7L), 0); + EXPECT_LT(prctl(PR_SET_MDWE, 7L, 0L, 0L, 0L), 0); EXPECT_LT(prctl(PR_SET_MDWE, 0L, 7L, 0L, 0L), 0); EXPECT_LT(prctl(PR_SET_MDWE, 0L, 0L, 7L, 0L), 0); @@ -33,6 +35,66 @@ TEST(prctl_flags) EXPECT_LT(prctl(PR_GET_MDWE, 0L, 0L, 0L, 7L), 0); } +FIXTURE(consecutive_prctl_flags) {}; +FIXTURE_SETUP(consecutive_prctl_flags) {} +FIXTURE_TEARDOWN(consecutive_prctl_flags) {} + +FIXTURE_VARIANT(consecutive_prctl_flags) +{ + unsigned long first_flags; + unsigned long second_flags; + bool should_work; +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, same) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .second_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .should_work = true, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_mdwe) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .second_flags = 0, + .should_work = false, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_disable_mdwe_no_inherit) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .second_flags = 0, + .should_work = false, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, can_lower_privileges) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .second_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .should_work = true, +}; + +FIXTURE_VARIANT_ADD(consecutive_prctl_flags, cant_gain_privileges) +{ + .first_flags = PR_MDWE_REFUSE_EXEC_GAIN, + .second_flags = PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT, + .should_work = false, +}; + +TEST_F(consecutive_prctl_flags, two_prctls) +{ + int ret; + + EXPECT_EQ(prctl(PR_SET_MDWE, variant->first_flags, 0L, 0L, 0L), 0); + + ret = prctl(PR_SET_MDWE, variant->second_flags, 0L, 0L, 0L); + if (variant->should_work) { + EXPECT_EQ(ret, 0); + } else { + EXPECT_NE(ret, 0); + } +} + FIXTURE(mdwe) { void *p; @@ -45,28 +107,45 @@ FIXTURE_VARIANT(mdwe) { bool enabled; bool forked; + bool inherit; }; FIXTURE_VARIANT_ADD(mdwe, stock) { .enabled = false, .forked = false, + .inherit = false, }; FIXTURE_VARIANT_ADD(mdwe, enabled) { .enabled = true, .forked = false, + .inherit = true, }; -FIXTURE_VARIANT_ADD(mdwe, forked) +FIXTURE_VARIANT_ADD(mdwe, inherited) { .enabled = true, .forked = true, + .inherit = true, }; +FIXTURE_VARIANT_ADD(mdwe, not_inherited) +{ + .enabled = true, + .forked = true, + .inherit = false, +}; + +static bool executable_map_should_fail(const FIXTURE_VARIANT(mdwe) *variant) +{ + return variant->enabled && (!variant->forked || variant->inherit); +} + FIXTURE_SETUP(mdwe) { + unsigned long mdwe_flags; int ret, status; self->p = NULL; @@ -76,13 +155,17 @@ FIXTURE_SETUP(mdwe) if (!variant->enabled) return; - ret = prctl(PR_SET_MDWE, PR_MDWE_REFUSE_EXEC_GAIN, 0L, 0L, 0L); + mdwe_flags = PR_MDWE_REFUSE_EXEC_GAIN; + if (!variant->inherit) + mdwe_flags |= PR_MDWE_NO_INHERIT; + + ret = prctl(PR_SET_MDWE, mdwe_flags, 0L, 0L, 0L); ASSERT_EQ(ret, 0) { TH_LOG("PR_SET_MDWE failed or unsupported"); } ret = prctl(PR_GET_MDWE, 0L, 0L, 0L, 0L); - ASSERT_EQ(ret, 1); + ASSERT_EQ(ret, mdwe_flags); if (variant->forked) { self->pid = fork(); @@ -113,7 +196,7 @@ TEST_F(mdwe, mmap_READ_EXEC) TEST_F(mdwe, mmap_WRITE_EXEC) { self->p = mmap(NULL, self->size, PROT_WRITE | PROT_EXEC, self->flags, 0, 0); - if (variant->enabled) { + if (executable_map_should_fail(variant)) { EXPECT_EQ(self->p, MAP_FAILED); } else { EXPECT_NE(self->p, MAP_FAILED); @@ -139,7 +222,7 @@ TEST_F(mdwe, mprotect_add_EXEC) ASSERT_NE(self->p, MAP_FAILED); ret = mprotect(self->p, self->size, PROT_READ | PROT_EXEC); - if (variant->enabled) { + if (executable_map_should_fail(variant)) { EXPECT_LT(ret, 0); } else { EXPECT_EQ(ret, 0); @@ -154,7 +237,7 @@ TEST_F(mdwe, mprotect_WRITE_EXEC) ASSERT_NE(self->p, MAP_FAILED); ret = mprotect(self->p, self->size, PROT_WRITE | PROT_EXEC); - if (variant->enabled) { + if (executable_map_should_fail(variant)) { EXPECT_LT(ret, 0); } else { EXPECT_EQ(ret, 0);