Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test

From: Edgecombe, Rick P
Date: Tue Feb 21 2023 - 15:02:21 EST

Next message: Edgecombe, Rick P: "Re: [PATCH v6 24/41] mm: Don't allow write GUPs to shadow stack memory"
Previous message: Jochen Henneberg: "[PATCH net V2] net: stmmac: Premature loop termination check was ignored"
In reply to: David Hildenbrand: "Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test"
Next in thread: Borislav Petkov: "Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2023-02-21 at 09:48 +0100, David Hildenbrand wrote:
> On 18.02.23 22:14, Rick Edgecombe wrote:
> > Add a simple selftest for exercising some shadow stack behavior:
> > - map_shadow_stack syscall and pivot
> > - Faulting in shadow stack memory
> > - Handling shadow stack violations
> > - GUP of shadow stack memory
> > - mprotect() of shadow stack memory
> > - Userfaultfd on shadow stack memory
> >
> > Since this test exercises a recently added syscall manually, it
> > needs
> > to find the automatically created __NR_foo defines. Per the
> > selftest
> > documentation, KHDR_INCLUDES can be used to help the selftest
> > Makefile's
> > find the headers from the kernel source. This way the new selftest
> > can
> > be built inside the kernel source tree without installing the
> > headers
> > to the system. So also add KHDR_INCLUDES as described in the
> > selftest
> > docs, to facilitate this.
> >
> > Tested-by: Pengfei Xu <pengfei.xu@xxxxxxxxx>
> > Tested-by: John Allen <john.allen@xxxxxxx>
> > Co-developed-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
> > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
> > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
> >
> > ---
>
>
> [...]
>
> > +bool gup_write(void *ptr)
> > +{
> > + unsigned long val;
> > +
> > + lseek(fd, (unsigned long)ptr, SEEK_SET);
> > + if (write(fd, &val, sizeof(val)) < 0)
> > + return 1;
>
> /proc/self/mem is for debug/ptrace access (FOLL_FORCE). I think you
> might also want to add tests for ordinary GUP, checking that we fail
> to
> obtain a write pin -- and call these tests "gup_ptrace_read" /
> "gup_ptrace_write"

Yes, this only tests the FOLL_FORCE case, but it does exercise GUP.

>
> An simple approach would be to trigger a read()/write() on a file
> opened
> via O_DIRECT, using the shadow stack as buffer. While the write()
> [reading from the page] is expected to work, a read() [writing to
> the
> page] has to fail.

Hmm, good idea. This would be nice to add.

Next message: Edgecombe, Rick P: "Re: [PATCH v6 24/41] mm: Don't allow write GUPs to shadow stack memory"
Previous message: Jochen Henneberg: "[PATCH net V2] net: stmmac: Premature loop termination check was ignored"
In reply to: David Hildenbrand: "Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test"
Next in thread: Borislav Petkov: "Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]