/*
* Test sharing via dup()
* Test that seals are shared between dupped FDs and they're all equal.
*/
static void test_share_dup(void)
{
int fd, fd2;
fd = mfd_assert_new("kern_memfd_share_dup",
MFD_DEF_SIZE,
MFD_CLOEXEC | MFD_ALLOW_SEALING);
mfd_assert_has_seals(fd, 0);
fd2 = mfd_assert_dup(fd);
mfd_assert_has_seals(fd2, 0);
mfd_assert_add_seals(fd, F_SEAL_WRITE);
mfd_assert_has_seals(fd, F_SEAL_WRITE);
mfd_assert_has_seals(fd2, F_SEAL_WRITE);
mfd_assert_add_seals(fd2, F_SEAL_SHRINK);
mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
mfd_assert_add_seals(fd, F_SEAL_SEAL);
mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
mfd_fail_add_seals(fd, F_SEAL_GROW);
mfd_fail_add_seals(fd2, F_SEAL_GROW);
mfd_fail_add_seals(fd, F_SEAL_SEAL);
mfd_fail_add_seals(fd2, F_SEAL_SEAL);
close(fd2);
mfd_fail_add_seals(fd, F_SEAL_GROW);
close(fd);
}
/*
* Test sharing via fork()
* Test whether seal-modifications work as expected with forked childs.
*/
static void test_share_fork(char *banner, char *b_suffix)
{
int fd;
pid_t pid;
printf("%s %s %s\n", memfd_str, banner, b_suffix);
fd = mfd_assert_new("kern_memfd_share_fork",
mfd_def_size,
MFD_CLOEXEC | MFD_ALLOW_SEALING);
mfd_assert_has_seals(fd, 0);
pid = spawn_idle_thread(0);
mfd_assert_add_seals(fd, F_SEAL_SEAL);
mfd_assert_has_seals(fd, F_SEAL_SEAL);
mfd_fail_add_seals(fd, F_SEAL_WRITE);
mfd_assert_has_seals(fd, F_SEAL_SEAL);
join_idle_thread(pid);
mfd_fail_add_seals(fd, F_SEAL_WRITE);
mfd_assert_has_seals(fd, F_SEAL_SEAL);
close(fd);
}
/*
* Test sealing with active mmap()s
* Modifying seals is only allowed if no other mmap() refs exist.
*/
static void test_share_mmap(void)
{
int fd;
void *p;
fd = mfd_assert_new("kern_memfd_share_mmap",
MFD_DEF_SIZE,
MFD_CLOEXEC | MFD_ALLOW_SEALING);
mfd_assert_has_seals(fd, 0);
/* shared/writable ref prevents sealing WRITE, but allows others */
p = mfd_assert_mmap_shared(fd);
mfd_fail_add_seals(fd, F_SEAL_WRITE);
mfd_assert_has_seals(fd, 0);
mfd_assert_add_seals(fd, F_SEAL_SHRINK);
mfd_assert_has_seals(fd, F_SEAL_SHRINK);
munmap(p, MFD_DEF_SIZE);
/* readable ref allows sealing */
p = mfd_assert_mmap_private(fd);
mfd_assert_add_seals(fd, F_SEAL_WRITE);
mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
munmap(p, MFD_DEF_SIZE);
close(fd);
}
/*
* Test sealing with active mmap()s
* Modifying seals is only allowed if no other mmap() refs exist.
*/
static void test_share_mmap(char *banner, char *b_suffix)
{
int fd;
void *p;
printf("%s %s %s\n", memfd_str, banner, b_suffix);
fd = mfd_assert_new("kern_memfd_share_mmap",
mfd_def_size,
MFD_CLOEXEC | MFD_ALLOW_SEALING);
mfd_assert_has_seals(fd, 0);
/* shared/writable ref prevents sealing WRITE, but allows others */
p = mfd_assert_mmap_shared(fd);
mfd_fail_add_seals(fd, F_SEAL_WRITE);
mfd_assert_has_seals(fd, 0);
mfd_assert_add_seals(fd, F_SEAL_SHRINK);
mfd_assert_has_seals(fd, F_SEAL_SHRINK);
munmap(p, mfd_def_size);
/* readable ref allows sealing */
p = mfd_assert_mmap_private(fd);
mfd_assert_add_seals(fd, F_SEAL_WRITE);
mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
munmap(p, mfd_def_size);
close(fd);
}
/*
* Test basic sealing
* A very basic sealing test to see whether setting/retrieving seals works.
*/
static void test_basic(void)
{
int fd;
printf("%s BASIC\n", memfd_str);
fd = mfd_assert_new("kern_memfd_basic",
mfd_def_size,
MFD_CLOEXEC | MFD_ALLOW_SEALING);
/* add basic seals */
mfd_assert_has_seals(fd, 0);
mfd_assert_add_seals(fd, F_SEAL_SHRINK |
F_SEAL_WRITE);
mfd_assert_has_seals(fd, F_SEAL_SHRINK |
F_SEAL_WRITE);
/* add them again */
mfd_assert_add_seals(fd, F_SEAL_SHRINK |
F_SEAL_WRITE);
mfd_assert_has_seals(fd, F_SEAL_SHRINK |
F_SEAL_WRITE);
/* add more seals and seal against sealing */
mfd_assert_add_seals(fd, F_SEAL_GROW | F_SEAL_SEAL);
mfd_assert_has_seals(fd, F_SEAL_SHRINK |
F_SEAL_GROW |
F_SEAL_WRITE |
F_SEAL_SEAL);
/* verify that sealing no longer works */
mfd_fail_add_seals(fd, F_SEAL_GROW);
mfd_fail_add_seals(fd, 0);
close(fd);
/* verify sealing does not work without MFD_ALLOW_SEALING */
fd = mfd_assert_new("kern_memfd_basic",
mfd_def_size,
MFD_CLOEXEC);
mfd_assert_has_seals(fd, F_SEAL_SEAL);
mfd_fail_add_seals(fd, F_SEAL_SHRINK |
F_SEAL_GROW |
F_SEAL_WRITE);
mfd_assert_has_seals(fd, F_SEAL_SEAL);
close(fd);
}
/*
* Test sharing via fork()
* Test whether seal-modifications work as expected with forked childs.
*/
static void test_share_fork(void)
{
int fd;
pid_t pid;
fd = mfd_assert_new("kern_memfd_share_fork",
MFD_DEF_SIZE,
MFD_CLOEXEC | MFD_ALLOW_SEALING);
mfd_assert_has_seals(fd, 0);
pid = spawn_idle_thread(0);
mfd_assert_add_seals(fd, F_SEAL_SEAL);
mfd_assert_has_seals(fd, F_SEAL_SEAL);
mfd_fail_add_seals(fd, F_SEAL_WRITE);
mfd_assert_has_seals(fd, F_SEAL_SEAL);
join_idle_thread(pid);
mfd_fail_add_seals(fd, F_SEAL_WRITE);
mfd_assert_has_seals(fd, F_SEAL_SEAL);
close(fd);
}
/*
* Test sharing via dup()
* Test that seals are shared between dupped FDs and they're all equal.
*/
static void test_share_dup(char *banner, char *b_suffix)
{
int fd, fd2;
printf("%s %s %s\n", memfd_str, banner, b_suffix);
fd = mfd_assert_new("kern_memfd_share_dup",
mfd_def_size,
MFD_CLOEXEC | MFD_ALLOW_SEALING);
mfd_assert_has_seals(fd, 0);
fd2 = mfd_assert_dup(fd);
mfd_assert_has_seals(fd2, 0);
mfd_assert_add_seals(fd, F_SEAL_WRITE);
mfd_assert_has_seals(fd, F_SEAL_WRITE);
mfd_assert_has_seals(fd2, F_SEAL_WRITE);
mfd_assert_add_seals(fd2, F_SEAL_SHRINK);
mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
mfd_assert_add_seals(fd, F_SEAL_SEAL);
mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
mfd_fail_add_seals(fd, F_SEAL_GROW);
mfd_fail_add_seals(fd2, F_SEAL_GROW);
mfd_fail_add_seals(fd, F_SEAL_SEAL);
mfd_fail_add_seals(fd2, F_SEAL_SEAL);
close(fd2);
mfd_fail_add_seals(fd, F_SEAL_GROW);
close(fd);
}
