1 // SPDX-License-Identifier: GPL-2.0
3 #define __EXPORTED_HEADERS__
8 #include <linux/falloc.h>
9 #include <linux/fcntl.h>
10 #include <linux/memfd.h>
18 #include <sys/syscall.h>
22 #define MEMFD_STR "memfd:"
23 #define SHARED_FT_STR "(shared file-table)"
25 #define MFD_DEF_SIZE 8192
26 #define STACK_SIZE 65536
29 * Default is not to test hugetlbfs
31 static int hugetlbfs_test;
32 static size_t mfd_def_size = MFD_DEF_SIZE;
35 * Copied from mlock2-tests.c
37 static unsigned long default_huge_page_size(void)
39 unsigned long hps = 0;
42 FILE *f = fopen("/proc/meminfo", "r");
46 while (getline(&line, &linelen, f) > 0) {
47 if (sscanf(line, "Hugepagesize: %lu kB", &hps) == 1) {
58 static int sys_memfd_create(const char *name,
64 return syscall(__NR_memfd_create, name, flags);
67 static int mfd_assert_new(const char *name, loff_t sz, unsigned int flags)
71 fd = sys_memfd_create(name, flags);
73 printf("memfd_create(\"%s\", %u) failed: %m\n",
78 r = ftruncate(fd, sz);
80 printf("ftruncate(%llu) failed: %m\n", (unsigned long long)sz);
87 static void mfd_fail_new(const char *name, unsigned int flags)
91 r = sys_memfd_create(name, flags);
93 printf("memfd_create(\"%s\", %u) succeeded, but failure expected\n",
100 static unsigned int mfd_assert_get_seals(int fd)
104 r = fcntl(fd, F_GET_SEALS);
106 printf("GET_SEALS(%d) failed: %m\n", fd);
110 return (unsigned int)r;
113 static void mfd_assert_has_seals(int fd, unsigned int seals)
117 s = mfd_assert_get_seals(fd);
119 printf("%u != %u = GET_SEALS(%d)\n", seals, s, fd);
124 static void mfd_assert_add_seals(int fd, unsigned int seals)
129 s = mfd_assert_get_seals(fd);
130 r = fcntl(fd, F_ADD_SEALS, seals);
132 printf("ADD_SEALS(%d, %u -> %u) failed: %m\n", fd, s, seals);
137 static void mfd_fail_add_seals(int fd, unsigned int seals)
142 r = fcntl(fd, F_GET_SEALS);
148 r = fcntl(fd, F_ADD_SEALS, seals);
150 printf("ADD_SEALS(%d, %u -> %u) didn't fail as expected\n",
156 static void mfd_assert_size(int fd, size_t size)
163 printf("fstat(%d) failed: %m\n", fd);
165 } else if (st.st_size != size) {
166 printf("wrong file size %lld, but expected %lld\n",
167 (long long)st.st_size, (long long)size);
172 static int mfd_assert_dup(int fd)
178 printf("dup(%d) failed: %m\n", fd);
185 static void *mfd_assert_mmap_shared(int fd)
191 PROT_READ | PROT_WRITE,
195 if (p == MAP_FAILED) {
196 printf("mmap() failed: %m\n");
203 static void *mfd_assert_mmap_private(int fd)
213 if (p == MAP_FAILED) {
214 printf("mmap() failed: %m\n");
221 static int mfd_assert_open(int fd, int flags, mode_t mode)
226 sprintf(buf, "/proc/self/fd/%d", fd);
227 r = open(buf, flags, mode);
229 printf("open(%s) failed: %m\n", buf);
236 static void mfd_fail_open(int fd, int flags, mode_t mode)
241 sprintf(buf, "/proc/self/fd/%d", fd);
242 r = open(buf, flags, mode);
244 printf("open(%s) didn't fail as expected\n", buf);
249 static void mfd_assert_read(int fd)
255 l = read(fd, buf, sizeof(buf));
256 if (l != sizeof(buf)) {
257 printf("read() failed: %m\n");
261 /* verify PROT_READ *is* allowed */
268 if (p == MAP_FAILED) {
269 printf("mmap() failed: %m\n");
272 munmap(p, mfd_def_size);
274 /* verify MAP_PRIVATE is *always* allowed (even writable) */
277 PROT_READ | PROT_WRITE,
281 if (p == MAP_FAILED) {
282 printf("mmap() failed: %m\n");
285 munmap(p, mfd_def_size);
288 static void mfd_assert_write(int fd)
295 * huegtlbfs does not support write, but we want to
296 * verify everything else here.
298 if (!hugetlbfs_test) {
299 /* verify write() succeeds */
300 l = write(fd, "\0\0\0\0", 4);
302 printf("write() failed: %m\n");
307 /* verify PROT_READ | PROT_WRITE is allowed */
310 PROT_READ | PROT_WRITE,
314 if (p == MAP_FAILED) {
315 printf("mmap() failed: %m\n");
319 munmap(p, mfd_def_size);
321 /* verify PROT_WRITE is allowed */
328 if (p == MAP_FAILED) {
329 printf("mmap() failed: %m\n");
333 munmap(p, mfd_def_size);
335 /* verify PROT_READ with MAP_SHARED is allowed and a following
336 * mprotect(PROT_WRITE) allows writing */
343 if (p == MAP_FAILED) {
344 printf("mmap() failed: %m\n");
348 r = mprotect(p, mfd_def_size, PROT_READ | PROT_WRITE);
350 printf("mprotect() failed: %m\n");
355 munmap(p, mfd_def_size);
357 /* verify PUNCH_HOLE works */
359 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
363 printf("fallocate(PUNCH_HOLE) failed: %m\n");
368 static void mfd_fail_write(int fd)
374 /* verify write() fails */
375 l = write(fd, "data", 4);
377 printf("expected EPERM on write(), but got %d: %m\n", (int)l);
381 /* verify PROT_READ | PROT_WRITE is not allowed */
384 PROT_READ | PROT_WRITE,
388 if (p != MAP_FAILED) {
389 printf("mmap() didn't fail as expected\n");
393 /* verify PROT_WRITE is not allowed */
400 if (p != MAP_FAILED) {
401 printf("mmap() didn't fail as expected\n");
405 /* Verify PROT_READ with MAP_SHARED with a following mprotect is not
406 * allowed. Note that for r/w the kernel already prevents the mmap. */
413 if (p != MAP_FAILED) {
414 r = mprotect(p, mfd_def_size, PROT_READ | PROT_WRITE);
416 printf("mmap()+mprotect() didn't fail as expected\n");
419 munmap(p, mfd_def_size);
422 /* verify PUNCH_HOLE fails */
424 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
428 printf("fallocate(PUNCH_HOLE) didn't fail as expected\n");
433 static void mfd_assert_shrink(int fd)
437 r = ftruncate(fd, mfd_def_size / 2);
439 printf("ftruncate(SHRINK) failed: %m\n");
443 mfd_assert_size(fd, mfd_def_size / 2);
445 fd2 = mfd_assert_open(fd,
446 O_RDWR | O_CREAT | O_TRUNC,
450 mfd_assert_size(fd, 0);
453 static void mfd_fail_shrink(int fd)
457 r = ftruncate(fd, mfd_def_size / 2);
459 printf("ftruncate(SHRINK) didn't fail as expected\n");
464 O_RDWR | O_CREAT | O_TRUNC,
468 static void mfd_assert_grow(int fd)
472 r = ftruncate(fd, mfd_def_size * 2);
474 printf("ftruncate(GROW) failed: %m\n");
478 mfd_assert_size(fd, mfd_def_size * 2);
485 printf("fallocate(ALLOC) failed: %m\n");
489 mfd_assert_size(fd, mfd_def_size * 4);
492 static void mfd_fail_grow(int fd)
496 r = ftruncate(fd, mfd_def_size * 2);
498 printf("ftruncate(GROW) didn't fail as expected\n");
507 printf("fallocate(ALLOC) didn't fail as expected\n");
512 static void mfd_assert_grow_write(int fd)
517 buf = malloc(mfd_def_size * 8);
519 printf("malloc(%d) failed: %m\n", mfd_def_size * 8);
523 l = pwrite(fd, buf, mfd_def_size * 8, 0);
524 if (l != (mfd_def_size * 8)) {
525 printf("pwrite() failed: %m\n");
529 mfd_assert_size(fd, mfd_def_size * 8);
532 static void mfd_fail_grow_write(int fd)
537 buf = malloc(mfd_def_size * 8);
539 printf("malloc(%d) failed: %m\n", mfd_def_size * 8);
543 l = pwrite(fd, buf, mfd_def_size * 8, 0);
544 if (l == (mfd_def_size * 8)) {
545 printf("pwrite() didn't fail as expected\n");
550 static int idle_thread_fn(void *arg)
555 /* dummy waiter; SIGTERM terminates us anyway */
557 sigaddset(&set, SIGTERM);
563 static pid_t spawn_idle_thread(unsigned int flags)
568 stack = malloc(STACK_SIZE);
570 printf("malloc(STACK_SIZE) failed: %m\n");
574 pid = clone(idle_thread_fn,
579 printf("clone() failed: %m\n");
586 static void join_idle_thread(pid_t pid)
589 waitpid(pid, NULL, 0);
593 * Test memfd_create() syscall
594 * Verify syscall-argument validation, including name checks, flag validation
597 static void test_create(void)
602 printf("%s CREATE\n", MEMFD_STR);
605 mfd_fail_new(NULL, 0);
607 /* test over-long name (not zero-terminated) */
608 memset(buf, 0xff, sizeof(buf));
609 mfd_fail_new(buf, 0);
611 /* test over-long zero-terminated name */
612 memset(buf, 0xff, sizeof(buf));
613 buf[sizeof(buf) - 1] = 0;
614 mfd_fail_new(buf, 0);
616 /* verify "" is a valid name */
617 fd = mfd_assert_new("", 0, 0);
620 /* verify invalid O_* open flags */
621 mfd_fail_new("", 0x0100);
622 mfd_fail_new("", ~MFD_CLOEXEC);
623 mfd_fail_new("", ~MFD_ALLOW_SEALING);
624 mfd_fail_new("", ~0);
625 mfd_fail_new("", 0x80000000U);
627 /* verify MFD_CLOEXEC is allowed */
628 fd = mfd_assert_new("", 0, MFD_CLOEXEC);
631 if (!hugetlbfs_test) {
632 /* verify MFD_ALLOW_SEALING is allowed */
633 fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING);
636 /* verify MFD_ALLOW_SEALING | MFD_CLOEXEC is allowed */
637 fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING | MFD_CLOEXEC);
640 /* sealing is not supported on hugetlbfs */
641 mfd_fail_new("", MFD_ALLOW_SEALING);
647 * A very basic sealing test to see whether setting/retrieving seals works.
649 static void test_basic(void)
653 /* hugetlbfs does not contain sealing support */
657 printf("%s BASIC\n", MEMFD_STR);
659 fd = mfd_assert_new("kern_memfd_basic",
661 MFD_CLOEXEC | MFD_ALLOW_SEALING);
663 /* add basic seals */
664 mfd_assert_has_seals(fd, 0);
665 mfd_assert_add_seals(fd, F_SEAL_SHRINK |
667 mfd_assert_has_seals(fd, F_SEAL_SHRINK |
671 mfd_assert_add_seals(fd, F_SEAL_SHRINK |
673 mfd_assert_has_seals(fd, F_SEAL_SHRINK |
676 /* add more seals and seal against sealing */
677 mfd_assert_add_seals(fd, F_SEAL_GROW | F_SEAL_SEAL);
678 mfd_assert_has_seals(fd, F_SEAL_SHRINK |
683 /* verify that sealing no longer works */
684 mfd_fail_add_seals(fd, F_SEAL_GROW);
685 mfd_fail_add_seals(fd, 0);
689 /* verify sealing does not work without MFD_ALLOW_SEALING */
690 fd = mfd_assert_new("kern_memfd_basic",
693 mfd_assert_has_seals(fd, F_SEAL_SEAL);
694 mfd_fail_add_seals(fd, F_SEAL_SHRINK |
697 mfd_assert_has_seals(fd, F_SEAL_SEAL);
702 * hugetlbfs doesn't support seals or write, so just verify grow and shrink
703 * on a hugetlbfs file created via memfd_create.
705 static void test_hugetlbfs_grow_shrink(void)
709 printf("%s HUGETLBFS-GROW-SHRINK\n", MEMFD_STR);
711 fd = mfd_assert_new("kern_memfd_seal_write",
716 mfd_assert_write(fd);
717 mfd_assert_shrink(fd);
725 * Test whether SEAL_WRITE actually prevents modifications.
727 static void test_seal_write(void)
732 * hugetlbfs does not contain sealing or write support. Just test
733 * basic grow and shrink via test_hugetlbfs_grow_shrink.
736 return test_hugetlbfs_grow_shrink();
738 printf("%s SEAL-WRITE\n", MEMFD_STR);
740 fd = mfd_assert_new("kern_memfd_seal_write",
742 MFD_CLOEXEC | MFD_ALLOW_SEALING);
743 mfd_assert_has_seals(fd, 0);
744 mfd_assert_add_seals(fd, F_SEAL_WRITE);
745 mfd_assert_has_seals(fd, F_SEAL_WRITE);
749 mfd_assert_shrink(fd);
751 mfd_fail_grow_write(fd);
758 * Test whether SEAL_SHRINK actually prevents shrinking
760 static void test_seal_shrink(void)
764 /* hugetlbfs does not contain sealing support */
768 printf("%s SEAL-SHRINK\n", MEMFD_STR);
770 fd = mfd_assert_new("kern_memfd_seal_shrink",
772 MFD_CLOEXEC | MFD_ALLOW_SEALING);
773 mfd_assert_has_seals(fd, 0);
774 mfd_assert_add_seals(fd, F_SEAL_SHRINK);
775 mfd_assert_has_seals(fd, F_SEAL_SHRINK);
778 mfd_assert_write(fd);
781 mfd_assert_grow_write(fd);
788 * Test whether SEAL_GROW actually prevents growing
790 static void test_seal_grow(void)
794 /* hugetlbfs does not contain sealing support */
798 printf("%s SEAL-GROW\n", MEMFD_STR);
800 fd = mfd_assert_new("kern_memfd_seal_grow",
802 MFD_CLOEXEC | MFD_ALLOW_SEALING);
803 mfd_assert_has_seals(fd, 0);
804 mfd_assert_add_seals(fd, F_SEAL_GROW);
805 mfd_assert_has_seals(fd, F_SEAL_GROW);
808 mfd_assert_write(fd);
809 mfd_assert_shrink(fd);
811 mfd_fail_grow_write(fd);
817 * Test SEAL_SHRINK | SEAL_GROW
818 * Test whether SEAL_SHRINK | SEAL_GROW actually prevents resizing
820 static void test_seal_resize(void)
824 /* hugetlbfs does not contain sealing support */
828 printf("%s SEAL-RESIZE\n", MEMFD_STR);
830 fd = mfd_assert_new("kern_memfd_seal_resize",
832 MFD_CLOEXEC | MFD_ALLOW_SEALING);
833 mfd_assert_has_seals(fd, 0);
834 mfd_assert_add_seals(fd, F_SEAL_SHRINK | F_SEAL_GROW);
835 mfd_assert_has_seals(fd, F_SEAL_SHRINK | F_SEAL_GROW);
838 mfd_assert_write(fd);
841 mfd_fail_grow_write(fd);
847 * hugetlbfs does not support seals. Basic test to dup the memfd created
848 * fd and perform some basic operations on it.
850 static void hugetlbfs_dup(char *b_suffix)
854 printf("%s HUGETLBFS-DUP %s\n", MEMFD_STR, b_suffix);
856 fd = mfd_assert_new("kern_memfd_share_dup",
860 fd2 = mfd_assert_dup(fd);
863 mfd_assert_write(fd);
865 mfd_assert_shrink(fd2);
866 mfd_assert_grow(fd2);
873 * Test sharing via dup()
874 * Test that seals are shared between dupped FDs and they're all equal.
876 static void test_share_dup(char *banner, char *b_suffix)
881 * hugetlbfs does not contain sealing support. Perform some
882 * basic testing on dup'ed fd instead via hugetlbfs_dup.
884 if (hugetlbfs_test) {
885 hugetlbfs_dup(b_suffix);
889 printf("%s %s %s\n", MEMFD_STR, banner, b_suffix);
891 fd = mfd_assert_new("kern_memfd_share_dup",
893 MFD_CLOEXEC | MFD_ALLOW_SEALING);
894 mfd_assert_has_seals(fd, 0);
896 fd2 = mfd_assert_dup(fd);
897 mfd_assert_has_seals(fd2, 0);
899 mfd_assert_add_seals(fd, F_SEAL_WRITE);
900 mfd_assert_has_seals(fd, F_SEAL_WRITE);
901 mfd_assert_has_seals(fd2, F_SEAL_WRITE);
903 mfd_assert_add_seals(fd2, F_SEAL_SHRINK);
904 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
905 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
907 mfd_assert_add_seals(fd, F_SEAL_SEAL);
908 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
909 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
911 mfd_fail_add_seals(fd, F_SEAL_GROW);
912 mfd_fail_add_seals(fd2, F_SEAL_GROW);
913 mfd_fail_add_seals(fd, F_SEAL_SEAL);
914 mfd_fail_add_seals(fd2, F_SEAL_SEAL);
918 mfd_fail_add_seals(fd, F_SEAL_GROW);
923 * Test sealing with active mmap()s
924 * Modifying seals is only allowed if no other mmap() refs exist.
926 static void test_share_mmap(char *banner, char *b_suffix)
931 /* hugetlbfs does not contain sealing support */
935 printf("%s %s %s\n", MEMFD_STR, banner, b_suffix);
937 fd = mfd_assert_new("kern_memfd_share_mmap",
939 MFD_CLOEXEC | MFD_ALLOW_SEALING);
940 mfd_assert_has_seals(fd, 0);
942 /* shared/writable ref prevents sealing WRITE, but allows others */
943 p = mfd_assert_mmap_shared(fd);
944 mfd_fail_add_seals(fd, F_SEAL_WRITE);
945 mfd_assert_has_seals(fd, 0);
946 mfd_assert_add_seals(fd, F_SEAL_SHRINK);
947 mfd_assert_has_seals(fd, F_SEAL_SHRINK);
948 munmap(p, mfd_def_size);
950 /* readable ref allows sealing */
951 p = mfd_assert_mmap_private(fd);
952 mfd_assert_add_seals(fd, F_SEAL_WRITE);
953 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
954 munmap(p, mfd_def_size);
960 * Basic test to make sure we can open the hugetlbfs fd via /proc and
961 * perform some simple operations on it.
963 static void hugetlbfs_proc_open(char *b_suffix)
967 printf("%s HUGETLBFS-PROC-OPEN %s\n", MEMFD_STR, b_suffix);
969 fd = mfd_assert_new("kern_memfd_share_open",
973 fd2 = mfd_assert_open(fd, O_RDWR, 0);
976 mfd_assert_write(fd);
978 mfd_assert_shrink(fd2);
979 mfd_assert_grow(fd2);
986 * Test sealing with open(/proc/self/fd/%d)
987 * Via /proc we can get access to a separate file-context for the same memfd.
988 * This is *not* like dup(), but like a real separate open(). Make sure the
989 * semantics are as expected and we correctly check for RDONLY / WRONLY / RDWR.
991 static void test_share_open(char *banner, char *b_suffix)
996 * hugetlbfs does not contain sealing support. So test basic
997 * functionality of using /proc fd via hugetlbfs_proc_open
999 if (hugetlbfs_test) {
1000 hugetlbfs_proc_open(b_suffix);
1004 printf("%s %s %s\n", MEMFD_STR, banner, b_suffix);
1006 fd = mfd_assert_new("kern_memfd_share_open",
1008 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1009 mfd_assert_has_seals(fd, 0);
1011 fd2 = mfd_assert_open(fd, O_RDWR, 0);
1012 mfd_assert_add_seals(fd, F_SEAL_WRITE);
1013 mfd_assert_has_seals(fd, F_SEAL_WRITE);
1014 mfd_assert_has_seals(fd2, F_SEAL_WRITE);
1016 mfd_assert_add_seals(fd2, F_SEAL_SHRINK);
1017 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
1018 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
1021 fd = mfd_assert_open(fd2, O_RDONLY, 0);
1023 mfd_fail_add_seals(fd, F_SEAL_SEAL);
1024 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
1025 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
1028 fd2 = mfd_assert_open(fd, O_RDWR, 0);
1030 mfd_assert_add_seals(fd2, F_SEAL_SEAL);
1031 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
1032 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
1039 * Test sharing via fork()
1040 * Test whether seal-modifications work as expected with forked childs.
1042 static void test_share_fork(char *banner, char *b_suffix)
1047 /* hugetlbfs does not contain sealing support */
1051 printf("%s %s %s\n", MEMFD_STR, banner, b_suffix);
1053 fd = mfd_assert_new("kern_memfd_share_fork",
1055 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1056 mfd_assert_has_seals(fd, 0);
1058 pid = spawn_idle_thread(0);
1059 mfd_assert_add_seals(fd, F_SEAL_SEAL);
1060 mfd_assert_has_seals(fd, F_SEAL_SEAL);
1062 mfd_fail_add_seals(fd, F_SEAL_WRITE);
1063 mfd_assert_has_seals(fd, F_SEAL_SEAL);
1065 join_idle_thread(pid);
1067 mfd_fail_add_seals(fd, F_SEAL_WRITE);
1068 mfd_assert_has_seals(fd, F_SEAL_SEAL);
1073 int main(int argc, char **argv)
1078 if (!strcmp(argv[1], "hugetlbfs")) {
1079 unsigned long hpage_size = default_huge_page_size();
1082 printf("Unable to determine huge page size\n");
1087 mfd_def_size = hpage_size * 2;
1099 test_share_dup("SHARE-DUP", "");
1100 test_share_mmap("SHARE-MMAP", "");
1101 test_share_open("SHARE-OPEN", "");
1102 test_share_fork("SHARE-FORK", "");
1104 /* Run test-suite in a multi-threaded environment with a shared
1106 pid = spawn_idle_thread(CLONE_FILES | CLONE_FS | CLONE_VM);
1107 test_share_dup("SHARE-DUP", SHARED_FT_STR);
1108 test_share_mmap("SHARE-MMAP", SHARED_FT_STR);
1109 test_share_open("SHARE-OPEN", SHARED_FT_STR);
1110 test_share_fork("SHARE-FORK", SHARED_FT_STR);
1111 join_idle_thread(pid);
1113 printf("memfd: DONE\n");
projects / releases.git / blob