Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2023-02-21 at 09:48 +0100, David Hildenbrand wrote:
> On 18.02.23 22:14, Rick Edgecombe wrote:
> > Add a simple selftest for exercising some shadow stack behavior:
> >    - map_shadow_stack syscall and pivot
> >    - Faulting in shadow stack memory
> >    - Handling shadow stack violations
> >    - GUP of shadow stack memory
> >    - mprotect() of shadow stack memory
> >    - Userfaultfd on shadow stack memory
> > 
> > Since this test exercises a recently added syscall manually, it
> > needs
> > to find the automatically created __NR_foo defines. Per the
> > selftest
> > documentation, KHDR_INCLUDES can be used to help the selftest
> > Makefile's
> > find the headers from the kernel source. This way the new selftest
> > can
> > be built inside the kernel source tree without installing the
> > headers
> > to the system. So also add KHDR_INCLUDES as described in the
> > selftest
> > docs, to facilitate this.
> > 
> > Tested-by: Pengfei Xu <pengfei.xu@xxxxxxxxx>
> > Tested-by: John Allen <john.allen@xxxxxxx>
> > Co-developed-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
> > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
> > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
> > 
> > ---
> 
> 
> [...]
> 
> > +bool gup_write(void *ptr)
> > +{
> > +     unsigned long val;
> > +
> > +     lseek(fd, (unsigned long)ptr, SEEK_SET);
> > +     if (write(fd, &val, sizeof(val)) < 0)
> > +             return 1;
> 
> /proc/self/mem is for debug/ptrace access (FOLL_FORCE). I think you 
> might also want to add tests for ordinary GUP, checking that we fail
> to 
> obtain a write pin -- and call these tests "gup_ptrace_read" / 
> "gup_ptrace_write"

Yes, this only tests the FOLL_FORCE case, but it does exercise GUP.

> 
> An simple approach would be to trigger a read()/write() on a file
> opened 
> via O_DIRECT, using the shadow stack as buffer. While the write() 
> [reading from the page] is expected to work, a read() [writing to
> the 
> page] has to fail.

Hmm, good idea. This would be nice to add.




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux