[PATCH RFC RFT v2 5/5] kselftest/clone3: Test shadow stack support

From: Mark Brown
Date: Tue Nov 14 2023 - 15:07:19 EST

Next message: Mario Limonciello: "[PATCH v3 0/7] Improvements to pcie_bandwidth_available() for eGPUs"
Previous message: Alisa-Dariana Roman: "[PATCH v2 4/4] iio: adc: ad7192: Add AD7194 support"
In reply to: Mark Brown: "[PATCH RFC RFT v2 4/5] selftests/clone3: Allow tests to flag if -E2BIG is a valid error code"
Next in thread: Edgecombe, Rick P: "Re: [PATCH RFC RFT v2 5/5] kselftest/clone3: Test shadow stack support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Add basic test coverage for specifying the shadow stack for a newly
created thread via clone3(), including coverage of the newly extended
argument structure. We detect support for shadow stacks on the running
system by attempting to allocate a shadow stack page during initialisation
using map_shadow_stack().

Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>
---
tools/testing/selftests/clone3/clone3.c | 68 +++++++++++++++++++++++
tools/testing/selftests/clone3/clone3_selftests.h | 7 +++
2 files changed, 75 insertions(+)

diff --git a/tools/testing/selftests/clone3/clone3.c b/tools/testing/selftests/clone3/clone3.c
index 6adbfd14c841..10e0487c402a 100644
--- a/tools/testing/selftests/clone3/clone3.c
+++ b/tools/testing/selftests/clone3/clone3.c
@@ -11,6 +11,7 @@
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
+#include <sys/mman.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/un.h>
@@ -21,6 +22,9 @@
#include "../kselftest.h"
#include "clone3_selftests.h"

+static bool shadow_stack_supported;
+static size_t max_supported_args_size;
+
enum test_mode {
CLONE3_ARGS_NO_TEST,
CLONE3_ARGS_ALL_0,
@@ -28,6 +32,7 @@ enum test_mode {
CLONE3_ARGS_INVAL_EXIT_SIGNAL_NEG,
CLONE3_ARGS_INVAL_EXIT_SIGNAL_CSIG,
CLONE3_ARGS_INVAL_EXIT_SIGNAL_NSIG,
+ CLONE3_ARGS_SHADOW_STACK,
};

typedef bool (*filter_function)(void);
@@ -44,6 +49,27 @@ struct test {
filter_function filter;
};

+#ifndef __NR_map_shadow_stack
+#define __NR_map_shadow_stack 453
+#endif
+
+static void test_shadow_stack_supported(void)
+{
+ long shadow_stack;
+
+ shadow_stack = syscall(__NR_map_shadow_stack, 0, getpagesize(), 0);
+ if (shadow_stack == -1) {
+ ksft_print_msg("map_shadow_stack() not supported\n");
+ } else if ((void *)shadow_stack == MAP_FAILED) {
+ ksft_print_msg("Failed to map shadow stack\n");
+ } else {
+ ksft_print_msg("Shadow stack supportd\n");
+ shadow_stack_supported = true;
+
+ munmap((void *)shadow_stack, getpagesize());
+ }
+}
+
static int call_clone3(uint64_t flags, size_t size, enum test_mode test_mode)
{
struct __clone_args args = {
@@ -89,6 +115,9 @@ static int call_clone3(uint64_t flags, size_t size, enum test_mode test_mode)
case CLONE3_ARGS_INVAL_EXIT_SIGNAL_NSIG:
args.exit_signal = 0x00000000000000f0ULL;
break;
+ case CLONE3_ARGS_SHADOW_STACK:
+ args.shadow_stack_size = getpagesize();
+ break;
}

memcpy(&args_ext.args, &args, sizeof(struct __clone_args));
@@ -179,6 +208,26 @@ static bool no_timenamespace(void)
return true;
}

+static bool have_shadow_stack(void)
+{
+ if (shadow_stack_supported) {
+ ksft_print_msg("Shadow stack supported\n");
+ return true;
+ }
+
+ return false;
+}
+
+static bool no_shadow_stack(void)
+{
+ if (!shadow_stack_supported) {
+ ksft_print_msg("Shadow stack not supported\n");
+ return true;
+ }
+
+ return false;
+}
+
static size_t page_size_plus_8(void)
{
return getpagesize() + 8;
@@ -322,6 +371,24 @@ static const struct test tests[] = {
.expected = -EINVAL,
.test_mode = CLONE3_ARGS_NO_TEST,
},
+ {
+ .name = "Shadow stack on system with shadow stack",
+ .flags = 0,
+ .size = 0,
+ .expected = 0,
+ .e2big_valid = true,
+ .test_mode = CLONE3_ARGS_SHADOW_STACK,
+ .filter = no_shadow_stack,
+ },
+ {
+ .name = "Shadow stack on system without shadow stack",
+ .flags = 0,
+ .size = 0,
+ .expected = -EINVAL,
+ .e2big_valid = true,
+ .test_mode = CLONE3_ARGS_SHADOW_STACK,
+ .filter = have_shadow_stack,
+ },
};

int main(int argc, char *argv[])
@@ -332,6 +399,7 @@ int main(int argc, char *argv[])
ksft_print_header();
ksft_set_plan(ARRAY_SIZE(tests));
test_clone3_supported();
+ test_shadow_stack_supported();

for (i = 0; i < ARRAY_SIZE(tests); i++)
test_clone3(&tests[i]);
diff --git a/tools/testing/selftests/clone3/clone3_selftests.h b/tools/testing/selftests/clone3/clone3_selftests.h
index 3d2663fe50ba..2e06127091f5 100644
--- a/tools/testing/selftests/clone3/clone3_selftests.h
+++ b/tools/testing/selftests/clone3/clone3_selftests.h
@@ -31,6 +31,13 @@ struct __clone_args {
__aligned_u64 set_tid;
__aligned_u64 set_tid_size;
__aligned_u64 cgroup;
+#ifndef CLONE_ARGS_SIZE_VER2
+#define CLONE_ARGS_SIZE_VER2 88 /* sizeof third published struct */
+#endif
+ __aligned_u64 shadow_stack_size;
+#ifndef CLONE_ARGS_SIZE_VER3
+#define CLONE_ARGS_SIZE_VER3 96 /* sizeof fourth published struct */
+#endif
};

static pid_t sys_clone3(struct __clone_args *args, size_t size)

--
2.30.2

Next message: Mario Limonciello: "[PATCH v3 0/7] Improvements to pcie_bandwidth_available() for eGPUs"
Previous message: Alisa-Dariana Roman: "[PATCH v2 4/4] iio: adc: ad7192: Add AD7194 support"
In reply to: Mark Brown: "[PATCH RFC RFT v2 4/5] selftests/clone3: Allow tests to flag if -E2BIG is a valid error code"
Next in thread: Edgecombe, Rick P: "Re: [PATCH RFC RFT v2 5/5] kselftest/clone3: Test shadow stack support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]