Hi I'm not sure this is a correct fix. Since mseal is a security feature, an attacker can access syscall directly, so the test should utilize syscall directly instead of adding glibc as an extra layer. The correct fix is probably one of below: 1> switch to __NR_mmap2 for this test on all architecture, or 2> switch to __NR_mmap2 for ARMHF Though I'm not sure which one is more appropriate, because I don't have a test environment for ARMHF . Although, I don't think we need to block this getting into 6.10, we can backport again when a future fix is available. Thanks -Jeff On Tue, Sep 10, 2024 at 2:42 AM Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > 6.10-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Muhammad Usama Anjum <usama.anjum@xxxxxxxxxxxxx> > > commit b808f629215685c1941b1cd567c7b7ccb3c90278 upstream. > > The __NR_mmap isn't found on armhf. The mmap() is commonly available > system call and its wrapper is present on all architectures. So it should > be used directly. It solves problem for armhf and doesn't create problem > for other architectures. > > Remove sys_mmap() functions as they aren't doing anything else other than > calling mmap(). There is no need to set errno = 0 manually as glibc > always resets it. > > For reference errors are as following: > > CC seal_elf > seal_elf.c: In function 'sys_mmap': > seal_elf.c:39:33: error: '__NR_mmap' undeclared (first use in this function) > 39 | sret = (void *) syscall(__NR_mmap, addr, len, prot, > | ^~~~~~~~~ > > mseal_test.c: In function 'sys_mmap': > mseal_test.c:90:33: error: '__NR_mmap' undeclared (first use in this function) > 90 | sret = (void *) syscall(__NR_mmap, addr, len, prot, > | ^~~~~~~~~ > > Link: https://lkml.kernel.org/r/20240809082511.497266-1-usama.anjum@xxxxxxxxxxxxx > Fixes: 4926c7a52de7 ("selftest mm/mseal memory sealing") > Signed-off-by: Muhammad Usama Anjum <usama.anjum@xxxxxxxxxxxxx> > Cc: Jeff Xu <jeffxu@xxxxxxxxxxxx> > Cc: Kees Cook <kees@xxxxxxxxxx> > Cc: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx> > Cc: Shuah Khan <shuah@xxxxxxxxxx> > Cc: <stable@xxxxxxxxxxxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > --- > tools/testing/selftests/mm/mseal_test.c | 37 +++++++++++--------------------- > tools/testing/selftests/mm/seal_elf.c | 13 ----------- > 2 files changed, 14 insertions(+), 36 deletions(-) > > --- a/tools/testing/selftests/mm/mseal_test.c > +++ b/tools/testing/selftests/mm/mseal_test.c > @@ -128,17 +128,6 @@ static int sys_mprotect_pkey(void *ptr, > return sret; > } > > -static void *sys_mmap(void *addr, unsigned long len, unsigned long prot, > - unsigned long flags, unsigned long fd, unsigned long offset) > -{ > - void *sret; > - > - errno = 0; > - sret = (void *) syscall(__NR_mmap, addr, len, prot, > - flags, fd, offset); > - return sret; > -} > - > static int sys_munmap(void *ptr, size_t size) > { > int sret; > @@ -219,7 +208,7 @@ static void setup_single_address(int siz > { > void *ptr; > > - ptr = sys_mmap(NULL, size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); > + ptr = mmap(NULL, size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); > *ptrOut = ptr; > } > > @@ -228,7 +217,7 @@ static void setup_single_address_rw(int > void *ptr; > unsigned long mapflags = MAP_ANONYMOUS | MAP_PRIVATE; > > - ptr = sys_mmap(NULL, size, PROT_READ | PROT_WRITE, mapflags, -1, 0); > + ptr = mmap(NULL, size, PROT_READ | PROT_WRITE, mapflags, -1, 0); > *ptrOut = ptr; > } > > @@ -252,7 +241,7 @@ bool seal_support(void) > void *ptr; > unsigned long page_size = getpagesize(); > > - ptr = sys_mmap(NULL, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); > + ptr = mmap(NULL, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); > if (ptr == (void *) -1) > return false; > > @@ -528,8 +517,8 @@ static void test_seal_zero_address(void) > int prot; > > /* use mmap to change protection. */ > - ptr = sys_mmap(0, size, PROT_NONE, > - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); > + ptr = mmap(0, size, PROT_NONE, > + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); > FAIL_TEST_IF_FALSE(ptr == 0); > > size = get_vma_size(ptr, &prot); > @@ -1256,8 +1245,8 @@ static void test_seal_mmap_overwrite_pro > } > > /* use mmap to change protection. */ > - ret2 = sys_mmap(ptr, size, PROT_NONE, > - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); > + ret2 = mmap(ptr, size, PROT_NONE, > + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); > if (seal) { > FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); > FAIL_TEST_IF_FALSE(errno == EPERM); > @@ -1287,8 +1276,8 @@ static void test_seal_mmap_expand(bool s > } > > /* use mmap to expand. */ > - ret2 = sys_mmap(ptr, size, PROT_READ, > - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); > + ret2 = mmap(ptr, size, PROT_READ, > + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); > if (seal) { > FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); > FAIL_TEST_IF_FALSE(errno == EPERM); > @@ -1315,8 +1304,8 @@ static void test_seal_mmap_shrink(bool s > } > > /* use mmap to shrink. */ > - ret2 = sys_mmap(ptr, 8 * page_size, PROT_READ, > - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); > + ret2 = mmap(ptr, 8 * page_size, PROT_READ, > + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); > if (seal) { > FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); > FAIL_TEST_IF_FALSE(errno == EPERM); > @@ -1697,7 +1686,7 @@ static void test_seal_discard_ro_anon_on > ret = fallocate(fd, 0, 0, size); > FAIL_TEST_IF_FALSE(!ret); > > - ptr = sys_mmap(NULL, size, PROT_READ, mapflags, fd, 0); > + ptr = mmap(NULL, size, PROT_READ, mapflags, fd, 0); > FAIL_TEST_IF_FALSE(ptr != MAP_FAILED); > > if (seal) { > @@ -1727,7 +1716,7 @@ static void test_seal_discard_ro_anon_on > int ret; > unsigned long mapflags = MAP_ANONYMOUS | MAP_SHARED; > > - ptr = sys_mmap(NULL, size, PROT_READ, mapflags, -1, 0); > + ptr = mmap(NULL, size, PROT_READ, mapflags, -1, 0); > FAIL_TEST_IF_FALSE(ptr != (void *)-1); > > if (seal) { > --- a/tools/testing/selftests/mm/seal_elf.c > +++ b/tools/testing/selftests/mm/seal_elf.c > @@ -61,17 +61,6 @@ static int sys_mseal(void *start, size_t > return sret; > } > > -static void *sys_mmap(void *addr, unsigned long len, unsigned long prot, > - unsigned long flags, unsigned long fd, unsigned long offset) > -{ > - void *sret; > - > - errno = 0; > - sret = (void *) syscall(__NR_mmap, addr, len, prot, > - flags, fd, offset); > - return sret; > -} > - > static inline int sys_mprotect(void *ptr, size_t size, unsigned long prot) > { > int sret; > @@ -87,7 +76,7 @@ static bool seal_support(void) > void *ptr; > unsigned long page_size = getpagesize(); > > - ptr = sys_mmap(NULL, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); > + ptr = mmap(NULL, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); > if (ptr == (void *) -1) > return false; > > >
