Re: [PATCH v9 7/7] selftest: test system mappings are sealed.

Tue, 04 Mar 2025 22:00:00 -0800 

On Wed, Mar 05, 2025 at 02:17:11AM +0000, [email protected] wrote:
> From: Jeff Xu <[email protected]>
>
> Add sysmap_is_sealed.c to test system mappings are sealed.
>
> Note: CONFIG_MSEAL_SYSTEM_MAPPINGS must be set, as indicated in
> config file.
>
> Signed-off-by: Jeff Xu <[email protected]>
> Reviewed-by: Lorenzo Stoakes <[email protected]>
> ---
>  tools/testing/selftests/Makefile              |   1 +
>  .../mseal_system_mappings/.gitignore          |   2 +
>  .../selftests/mseal_system_mappings/Makefile  |   6 +
>  .../selftests/mseal_system_mappings/config    |   1 +
>  .../mseal_system_mappings/sysmap_is_sealed.c  | 119 ++++++++++++++++++
>  5 files changed, 129 insertions(+)
>  create mode 100644 tools/testing/selftests/mseal_system_mappings/.gitignore
>  create mode 100644 tools/testing/selftests/mseal_system_mappings/Makefile
>  create mode 100644 tools/testing/selftests/mseal_system_mappings/config
>  create mode 100644 
> tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c
>
> diff --git a/tools/testing/selftests/Makefile 
> b/tools/testing/selftests/Makefile
> index 8daac70c2f9d..be836be8f03f 100644
> --- a/tools/testing/selftests/Makefile
> +++ b/tools/testing/selftests/Makefile
> @@ -61,6 +61,7 @@ TARGETS += mount
>  TARGETS += mount_setattr
>  TARGETS += move_mount_set_group
>  TARGETS += mqueue
> +TARGETS += mseal_system_mappings

Thanks!

>  TARGETS += nci
>  TARGETS += net
>  TARGETS += net/af_unix
> diff --git a/tools/testing/selftests/mseal_system_mappings/.gitignore 
> b/tools/testing/selftests/mseal_system_mappings/.gitignore
> new file mode 100644
> index 000000000000..319c497a595e
> --- /dev/null
> +++ b/tools/testing/selftests/mseal_system_mappings/.gitignore
> @@ -0,0 +1,2 @@
> +# SPDX-License-Identifier: GPL-2.0-only
> +sysmap_is_sealed
> diff --git a/tools/testing/selftests/mseal_system_mappings/Makefile 
> b/tools/testing/selftests/mseal_system_mappings/Makefile
> new file mode 100644
> index 000000000000..2b4504e2f52f
> --- /dev/null
> +++ b/tools/testing/selftests/mseal_system_mappings/Makefile
> @@ -0,0 +1,6 @@
> +# SPDX-License-Identifier: GPL-2.0-only
> +CFLAGS += -std=c99 -pthread -Wall $(KHDR_INCLUDES)
> +
> +TEST_GEN_PROGS := sysmap_is_sealed
> +
> +include ../lib.mk
> diff --git a/tools/testing/selftests/mseal_system_mappings/config 
> b/tools/testing/selftests/mseal_system_mappings/config
> new file mode 100644
> index 000000000000..675cb9f37b86
> --- /dev/null
> +++ b/tools/testing/selftests/mseal_system_mappings/config
> @@ -0,0 +1 @@
> +CONFIG_MSEAL_SYSTEM_MAPPINGS=y
> diff --git a/tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c 
> b/tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c
> new file mode 100644
> index 000000000000..0d2af30c3bf5
> --- /dev/null
> +++ b/tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c
> @@ -0,0 +1,119 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * test system mappings are sealed when
> + * KCONFIG_MSEAL_SYSTEM_MAPPINGS=y
> + */
> +
> +#define _GNU_SOURCE
> +#include <stdio.h>
> +#include <errno.h>
> +#include <unistd.h>
> +#include <string.h>
> +#include <stdbool.h>
> +
> +#include "../kselftest.h"
> +#include "../kselftest_harness.h"
> +
> +#define VMFLAGS "VmFlags:"
> +#define MSEAL_FLAGS "sl"
> +#define MAX_LINE_LEN 512
> +
> +bool has_mapping(char *name, FILE *maps)
> +{
> +     char line[MAX_LINE_LEN];
> +
> +     while (fgets(line, sizeof(line), maps)) {
> +             if (strstr(line, name))
> +                     return true;
> +     }
> +
> +     return false;
> +}
> +
> +bool mapping_is_sealed(char *name, FILE *maps)
> +{
> +     char line[MAX_LINE_LEN];
> +
> +     while (fgets(line, sizeof(line), maps)) {
> +             if (!strncmp(line, VMFLAGS, strlen(VMFLAGS))) {
> +                     if (strstr(line, MSEAL_FLAGS))
> +                             return true;
> +
> +                     return false;
> +             }
> +     }
> +
> +     return false;
> +}
> +
> +FIXTURE(basic) {
> +     FILE *maps;
> +};
> +
> +FIXTURE_SETUP(basic)
> +{
> +     self->maps = fopen("/proc/self/smaps", "r");
> +     if (!self->maps)
> +             SKIP(return, "Could not open /proc/self/smap, errno=%d",
> +                     errno);
> +};
> +
> +FIXTURE_TEARDOWN(basic)
> +{
> +     if (self->maps)
> +             fclose(self->maps);
> +};
> +
> +FIXTURE_VARIANT(basic)
> +{
> +     char *name;
> +     bool sealed;
> +};
> +
> +FIXTURE_VARIANT_ADD(basic, vdso) {
> +     .name = "[vdso]",
> +     .sealed = true,
> +};
> +
> +FIXTURE_VARIANT_ADD(basic, vvar) {
> +     .name = "[vvar]",
> +     .sealed = true,
> +};
> +
> +FIXTURE_VARIANT_ADD(basic, vvar_vclock) {
> +     .name = "[vvar_vclock]",
> +     .sealed = true,
> +};
> +
> +FIXTURE_VARIANT_ADD(basic, sigpage) {
> +     .name = "[sigpage]",
> +     .sealed = true,
> +};
> +
> +FIXTURE_VARIANT_ADD(basic, vectors) {
> +     .name = "[vectors]",
> +     .sealed = true,
> +};
> +
> +FIXTURE_VARIANT_ADD(basic, uprobes) {
> +     .name = "[uprobes]",
> +     .sealed = true,
> +};
> +
> +FIXTURE_VARIANT_ADD(basic, stack) {
> +     .name = "[stack]",
> +     .sealed = false,
> +};
> +
> +TEST_F(basic, check_sealed)
> +{
> +     if (!has_mapping(variant->name, self->maps)) {
> +             SKIP(return, "could not find the mapping, %s",
> +                     variant->name);
> +     }
> +
> +     EXPECT_EQ(variant->sealed,
> +             mapping_is_sealed(variant->name, self->maps));
> +};
> +
> +TEST_HARNESS_MAIN
> --
> 2.48.1.711.g2feabab25a-goog
>

Reply via email to