selftests/memfd_secret: add vmsplice() test

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Let's add a simple reproducer for a scenario where GUP-fast could succeed
on secretmem folios, making vmsplice() succeed instead of failing. The
reproducer is based on a reproducer [1] by Miklos Szeredi.

We want to perform two tests: vmsplice() when a fresh page was just
faulted in, and vmsplice() on an existing page after munmap() that would
drain certain LRU caches/batches in the kernel.

In an ideal world, we could use fallocate(FALLOC_FL_PUNCH_HOLE) /
MADV_REMOVE to remove any existing page. As that is currently not
possible, run the test before any other tests that would allocate memory
in the secretmem fd.

Perform the ftruncate() only once, and check the return value.

[1] https://lkml.kernel.org/r/CAJfpegt3UCsMmxd0taOY11Uaw5U=eS1fE5dn0wZX3HF0oy8-oQ@mail.gmail.com

Link: https://lkml.kernel.org/r/20240326143210.291116-3-david@redhat.com
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Mike Rapoport (IBM) <rppt@kernel.org>
Cc: Lorenzo Stoakes <lstoakes@gmail.com>
Cc: Miklos Szeredi <mszeredi@redhat.com>
Cc: xingwei lee <xrivendell7@gmail.com>
Cc: yue sun <samsun1006219@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

David Hildenbrand and committed by

Andrew Morton 2 years ago c139ca42 5b34b76c

+49 -2

1 changed file

expand all

tools

testing

selftests

memfd_secret.c

+49 -2

tools/testing/selftests/mm/memfd_secret.c

··· 20 20 #include <unistd.h> 21 21 #include <errno.h> 22 22 #include <stdio.h> 23 + #include <fcntl.h> 23 24 24 25 #include "../kselftest.h" 25 26 ··· 82 81 } 83 82 84 83 pass("mlock limit is respected\n"); 84 + } 85 + 86 + static void test_vmsplice(int fd, const char *desc) 87 + { 88 + ssize_t transferred; 89 + struct iovec iov; 90 + int pipefd[2]; 91 + char *mem; 92 + 93 + if (pipe(pipefd)) { 94 + fail("pipe failed: %s\n", strerror(errno)); 95 + return; 96 + } 97 + 98 + mem = mmap(NULL, page_size, prot, mode, fd, 0); 99 + if (mem == MAP_FAILED) { 100 + fail("Unable to mmap secret memory\n"); 101 + goto close_pipe; 102 + } 103 + 104 + /* 105 + * vmsplice() may use GUP-fast, which must also fail. Prefault the 106 + * page table, so GUP-fast could find it. 107 + */ 108 + memset(mem, PATTERN, page_size); 109 + 110 + iov.iov_base = mem; 111 + iov.iov_len = page_size; 112 + transferred = vmsplice(pipefd[1], &iov, 1, 0); 113 + 114 + if (transferred < 0 && errno == EFAULT) 115 + pass("vmsplice is blocked as expected with %s\n", desc); 116 + else 117 + fail("vmsplice: unexpected memory access with %s\n", desc); 118 + 119 + munmap(mem, page_size); 120 + close_pipe: 121 + close(pipefd[0]); 122 + close(pipefd[1]); 85 123 } 86 124 87 125 static void try_process_vm_read(int fd, int pipefd[2]) ··· 227 187 return; 228 188 } 229 189 230 - ftruncate(fd, page_size); 231 190 memset(mem, PATTERN, page_size); 232 191 233 192 if (write(pipefd[1], &mem, sizeof(mem)) < 0) { ··· 297 258 strerror(errno)); 298 259 } 299 260 300 - #define NUM_TESTS 4 261 + #define NUM_TESTS 6 301 262 302 263 int main(int argc, char *argv[]) 303 264 { ··· 316 277 ksft_exit_fail_msg("memfd_secret failed: %s\n", 317 278 strerror(errno)); 318 279 } 280 + if (ftruncate(fd, page_size)) 281 + ksft_exit_fail_msg("ftruncate failed: %s\n", strerror(errno)); 319 282 320 283 test_mlock_limit(fd); 321 284 test_file_apis(fd); 285 + /* 286 + * We have to run the first vmsplice test before any secretmem page was 287 + * allocated for this fd. 288 + */ 289 + test_vmsplice(fd, "fresh page"); 290 + test_vmsplice(fd, "existing page"); 322 291 test_process_vm_read(fd); 323 292 test_ptrace(fd); 324 293