2 #define __EXPORTED_HEADERS__
7 #include <linux/falloc.h>
8 #include <linux/fcntl.h>
9 #include <linux/memfd.h>
17 #include <sys/syscall.h>
21 #define MFD_DEF_SIZE 8192
22 #define STACK_SIZE 65536
24 static int sys_memfd_create(const char *name,
27 return syscall(__NR_memfd_create, name, flags);
30 static int mfd_assert_new(const char *name, loff_t sz, unsigned int flags)
34 fd = sys_memfd_create(name, flags);
36 printf("memfd_create(\"%s\", %u) failed: %m\n",
41 r = ftruncate(fd, sz);
43 printf("ftruncate(%llu) failed: %m\n", (unsigned long long)sz);
50 static void mfd_fail_new(const char *name, unsigned int flags)
54 r = sys_memfd_create(name, flags);
56 printf("memfd_create(\"%s\", %u) succeeded, but failure expected\n",
63 static unsigned int mfd_assert_get_seals(int fd)
67 r = fcntl(fd, F_GET_SEALS);
69 printf("GET_SEALS(%d) failed: %m\n", fd);
73 return (unsigned int)r;
76 static void mfd_assert_has_seals(int fd, unsigned int seals)
80 s = mfd_assert_get_seals(fd);
82 printf("%u != %u = GET_SEALS(%d)\n", seals, s, fd);
87 static void mfd_assert_add_seals(int fd, unsigned int seals)
92 s = mfd_assert_get_seals(fd);
93 r = fcntl(fd, F_ADD_SEALS, seals);
95 printf("ADD_SEALS(%d, %u -> %u) failed: %m\n", fd, s, seals);
100 static void mfd_fail_add_seals(int fd, unsigned int seals)
105 r = fcntl(fd, F_GET_SEALS);
111 r = fcntl(fd, F_ADD_SEALS, seals);
113 printf("ADD_SEALS(%d, %u -> %u) didn't fail as expected\n",
119 static void mfd_assert_size(int fd, size_t size)
126 printf("fstat(%d) failed: %m\n", fd);
128 } else if (st.st_size != size) {
129 printf("wrong file size %lld, but expected %lld\n",
130 (long long)st.st_size, (long long)size);
135 static int mfd_assert_dup(int fd)
141 printf("dup(%d) failed: %m\n", fd);
148 static void *mfd_assert_mmap_shared(int fd)
154 PROT_READ | PROT_WRITE,
158 if (p == MAP_FAILED) {
159 printf("mmap() failed: %m\n");
166 static void *mfd_assert_mmap_private(int fd)
176 if (p == MAP_FAILED) {
177 printf("mmap() failed: %m\n");
184 static int mfd_assert_open(int fd, int flags, mode_t mode)
189 sprintf(buf, "/proc/self/fd/%d", fd);
190 r = open(buf, flags, mode);
192 printf("open(%s) failed: %m\n", buf);
199 static void mfd_fail_open(int fd, int flags, mode_t mode)
204 sprintf(buf, "/proc/self/fd/%d", fd);
205 r = open(buf, flags, mode);
207 printf("open(%s) didn't fail as expected\n", buf);
212 static void mfd_assert_read(int fd)
218 l = read(fd, buf, sizeof(buf));
219 if (l != sizeof(buf)) {
220 printf("read() failed: %m\n");
224 /* verify PROT_READ *is* allowed */
231 if (p == MAP_FAILED) {
232 printf("mmap() failed: %m\n");
235 munmap(p, MFD_DEF_SIZE);
237 /* verify MAP_PRIVATE is *always* allowed (even writable) */
240 PROT_READ | PROT_WRITE,
244 if (p == MAP_FAILED) {
245 printf("mmap() failed: %m\n");
248 munmap(p, MFD_DEF_SIZE);
251 static void mfd_assert_write(int fd)
257 /* verify write() succeeds */
258 l = write(fd, "\0\0\0\0", 4);
260 printf("write() failed: %m\n");
264 /* verify PROT_READ | PROT_WRITE is allowed */
267 PROT_READ | PROT_WRITE,
271 if (p == MAP_FAILED) {
272 printf("mmap() failed: %m\n");
276 munmap(p, MFD_DEF_SIZE);
278 /* verify PROT_WRITE is allowed */
285 if (p == MAP_FAILED) {
286 printf("mmap() failed: %m\n");
290 munmap(p, MFD_DEF_SIZE);
292 /* verify PROT_READ with MAP_SHARED is allowed and a following
293 * mprotect(PROT_WRITE) allows writing */
300 if (p == MAP_FAILED) {
301 printf("mmap() failed: %m\n");
305 r = mprotect(p, MFD_DEF_SIZE, PROT_READ | PROT_WRITE);
307 printf("mprotect() failed: %m\n");
312 munmap(p, MFD_DEF_SIZE);
314 /* verify PUNCH_HOLE works */
316 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
320 printf("fallocate(PUNCH_HOLE) failed: %m\n");
325 static void mfd_fail_write(int fd)
331 /* verify write() fails */
332 l = write(fd, "data", 4);
334 printf("expected EPERM on write(), but got %d: %m\n", (int)l);
338 /* verify PROT_READ | PROT_WRITE is not allowed */
341 PROT_READ | PROT_WRITE,
345 if (p != MAP_FAILED) {
346 printf("mmap() didn't fail as expected\n");
350 /* verify PROT_WRITE is not allowed */
357 if (p != MAP_FAILED) {
358 printf("mmap() didn't fail as expected\n");
362 /* Verify PROT_READ with MAP_SHARED with a following mprotect is not
363 * allowed. Note that for r/w the kernel already prevents the mmap. */
370 if (p != MAP_FAILED) {
371 r = mprotect(p, MFD_DEF_SIZE, PROT_READ | PROT_WRITE);
373 printf("mmap()+mprotect() didn't fail as expected\n");
376 munmap(p, mfd_def_size);
379 /* verify PUNCH_HOLE fails */
381 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
385 printf("fallocate(PUNCH_HOLE) didn't fail as expected\n");
390 static void mfd_assert_shrink(int fd)
394 r = ftruncate(fd, MFD_DEF_SIZE / 2);
396 printf("ftruncate(SHRINK) failed: %m\n");
400 mfd_assert_size(fd, MFD_DEF_SIZE / 2);
402 fd2 = mfd_assert_open(fd,
403 O_RDWR | O_CREAT | O_TRUNC,
407 mfd_assert_size(fd, 0);
410 static void mfd_fail_shrink(int fd)
414 r = ftruncate(fd, MFD_DEF_SIZE / 2);
416 printf("ftruncate(SHRINK) didn't fail as expected\n");
421 O_RDWR | O_CREAT | O_TRUNC,
425 static void mfd_assert_grow(int fd)
429 r = ftruncate(fd, MFD_DEF_SIZE * 2);
431 printf("ftruncate(GROW) failed: %m\n");
435 mfd_assert_size(fd, MFD_DEF_SIZE * 2);
442 printf("fallocate(ALLOC) failed: %m\n");
446 mfd_assert_size(fd, MFD_DEF_SIZE * 4);
449 static void mfd_fail_grow(int fd)
453 r = ftruncate(fd, MFD_DEF_SIZE * 2);
455 printf("ftruncate(GROW) didn't fail as expected\n");
464 printf("fallocate(ALLOC) didn't fail as expected\n");
469 static void mfd_assert_grow_write(int fd)
471 static char buf[MFD_DEF_SIZE * 8];
474 l = pwrite(fd, buf, sizeof(buf), 0);
475 if (l != sizeof(buf)) {
476 printf("pwrite() failed: %m\n");
480 mfd_assert_size(fd, MFD_DEF_SIZE * 8);
483 static void mfd_fail_grow_write(int fd)
485 static char buf[MFD_DEF_SIZE * 8];
488 l = pwrite(fd, buf, sizeof(buf), 0);
489 if (l == sizeof(buf)) {
490 printf("pwrite() didn't fail as expected\n");
495 static int idle_thread_fn(void *arg)
500 /* dummy waiter; SIGTERM terminates us anyway */
502 sigaddset(&set, SIGTERM);
508 static pid_t spawn_idle_thread(unsigned int flags)
513 stack = malloc(STACK_SIZE);
515 printf("malloc(STACK_SIZE) failed: %m\n");
519 pid = clone(idle_thread_fn,
524 printf("clone() failed: %m\n");
531 static void join_idle_thread(pid_t pid)
534 waitpid(pid, NULL, 0);
538 * Test memfd_create() syscall
539 * Verify syscall-argument validation, including name checks, flag validation
542 static void test_create(void)
548 mfd_fail_new(NULL, 0);
550 /* test over-long name (not zero-terminated) */
551 memset(buf, 0xff, sizeof(buf));
552 mfd_fail_new(buf, 0);
554 /* test over-long zero-terminated name */
555 memset(buf, 0xff, sizeof(buf));
556 buf[sizeof(buf) - 1] = 0;
557 mfd_fail_new(buf, 0);
559 /* verify "" is a valid name */
560 fd = mfd_assert_new("", 0, 0);
563 /* verify invalid O_* open flags */
564 mfd_fail_new("", 0x0100);
565 mfd_fail_new("", ~MFD_CLOEXEC);
566 mfd_fail_new("", ~MFD_ALLOW_SEALING);
567 mfd_fail_new("", ~0);
568 mfd_fail_new("", 0x80000000U);
570 /* verify MFD_CLOEXEC is allowed */
571 fd = mfd_assert_new("", 0, MFD_CLOEXEC);
574 /* verify MFD_ALLOW_SEALING is allowed */
575 fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING);
578 /* verify MFD_ALLOW_SEALING | MFD_CLOEXEC is allowed */
579 fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING | MFD_CLOEXEC);
585 * A very basic sealing test to see whether setting/retrieving seals works.
587 static void test_basic(void)
591 fd = mfd_assert_new("kern_memfd_basic",
593 MFD_CLOEXEC | MFD_ALLOW_SEALING);
595 /* add basic seals */
596 mfd_assert_has_seals(fd, 0);
597 mfd_assert_add_seals(fd, F_SEAL_SHRINK |
599 mfd_assert_has_seals(fd, F_SEAL_SHRINK |
603 mfd_assert_add_seals(fd, F_SEAL_SHRINK |
605 mfd_assert_has_seals(fd, F_SEAL_SHRINK |
608 /* add more seals and seal against sealing */
609 mfd_assert_add_seals(fd, F_SEAL_GROW | F_SEAL_SEAL);
610 mfd_assert_has_seals(fd, F_SEAL_SHRINK |
615 /* verify that sealing no longer works */
616 mfd_fail_add_seals(fd, F_SEAL_GROW);
617 mfd_fail_add_seals(fd, 0);
621 /* verify sealing does not work without MFD_ALLOW_SEALING */
622 fd = mfd_assert_new("kern_memfd_basic",
625 mfd_assert_has_seals(fd, F_SEAL_SEAL);
626 mfd_fail_add_seals(fd, F_SEAL_SHRINK |
629 mfd_assert_has_seals(fd, F_SEAL_SEAL);
635 * Test whether SEAL_WRITE actually prevents modifications.
637 static void test_seal_write(void)
641 fd = mfd_assert_new("kern_memfd_seal_write",
643 MFD_CLOEXEC | MFD_ALLOW_SEALING);
644 mfd_assert_has_seals(fd, 0);
645 mfd_assert_add_seals(fd, F_SEAL_WRITE);
646 mfd_assert_has_seals(fd, F_SEAL_WRITE);
650 mfd_assert_shrink(fd);
652 mfd_fail_grow_write(fd);
659 * Test whether SEAL_SHRINK actually prevents shrinking
661 static void test_seal_shrink(void)
665 fd = mfd_assert_new("kern_memfd_seal_shrink",
667 MFD_CLOEXEC | MFD_ALLOW_SEALING);
668 mfd_assert_has_seals(fd, 0);
669 mfd_assert_add_seals(fd, F_SEAL_SHRINK);
670 mfd_assert_has_seals(fd, F_SEAL_SHRINK);
673 mfd_assert_write(fd);
676 mfd_assert_grow_write(fd);
683 * Test whether SEAL_GROW actually prevents growing
685 static void test_seal_grow(void)
689 fd = mfd_assert_new("kern_memfd_seal_grow",
691 MFD_CLOEXEC | MFD_ALLOW_SEALING);
692 mfd_assert_has_seals(fd, 0);
693 mfd_assert_add_seals(fd, F_SEAL_GROW);
694 mfd_assert_has_seals(fd, F_SEAL_GROW);
697 mfd_assert_write(fd);
698 mfd_assert_shrink(fd);
700 mfd_fail_grow_write(fd);
706 * Test SEAL_SHRINK | SEAL_GROW
707 * Test whether SEAL_SHRINK | SEAL_GROW actually prevents resizing
709 static void test_seal_resize(void)
713 fd = mfd_assert_new("kern_memfd_seal_resize",
715 MFD_CLOEXEC | MFD_ALLOW_SEALING);
716 mfd_assert_has_seals(fd, 0);
717 mfd_assert_add_seals(fd, F_SEAL_SHRINK | F_SEAL_GROW);
718 mfd_assert_has_seals(fd, F_SEAL_SHRINK | F_SEAL_GROW);
721 mfd_assert_write(fd);
724 mfd_fail_grow_write(fd);
730 * Test sharing via dup()
731 * Test that seals are shared between dupped FDs and they're all equal.
733 static void test_share_dup(void)
737 fd = mfd_assert_new("kern_memfd_share_dup",
739 MFD_CLOEXEC | MFD_ALLOW_SEALING);
740 mfd_assert_has_seals(fd, 0);
742 fd2 = mfd_assert_dup(fd);
743 mfd_assert_has_seals(fd2, 0);
745 mfd_assert_add_seals(fd, F_SEAL_WRITE);
746 mfd_assert_has_seals(fd, F_SEAL_WRITE);
747 mfd_assert_has_seals(fd2, F_SEAL_WRITE);
749 mfd_assert_add_seals(fd2, F_SEAL_SHRINK);
750 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
751 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
753 mfd_assert_add_seals(fd, F_SEAL_SEAL);
754 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
755 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
757 mfd_fail_add_seals(fd, F_SEAL_GROW);
758 mfd_fail_add_seals(fd2, F_SEAL_GROW);
759 mfd_fail_add_seals(fd, F_SEAL_SEAL);
760 mfd_fail_add_seals(fd2, F_SEAL_SEAL);
764 mfd_fail_add_seals(fd, F_SEAL_GROW);
769 * Test sealing with active mmap()s
770 * Modifying seals is only allowed if no other mmap() refs exist.
772 static void test_share_mmap(void)
777 fd = mfd_assert_new("kern_memfd_share_mmap",
779 MFD_CLOEXEC | MFD_ALLOW_SEALING);
780 mfd_assert_has_seals(fd, 0);
782 /* shared/writable ref prevents sealing WRITE, but allows others */
783 p = mfd_assert_mmap_shared(fd);
784 mfd_fail_add_seals(fd, F_SEAL_WRITE);
785 mfd_assert_has_seals(fd, 0);
786 mfd_assert_add_seals(fd, F_SEAL_SHRINK);
787 mfd_assert_has_seals(fd, F_SEAL_SHRINK);
788 munmap(p, MFD_DEF_SIZE);
790 /* readable ref allows sealing */
791 p = mfd_assert_mmap_private(fd);
792 mfd_assert_add_seals(fd, F_SEAL_WRITE);
793 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
794 munmap(p, MFD_DEF_SIZE);
800 * Test sealing with open(/proc/self/fd/%d)
801 * Via /proc we can get access to a separate file-context for the same memfd.
802 * This is *not* like dup(), but like a real separate open(). Make sure the
803 * semantics are as expected and we correctly check for RDONLY / WRONLY / RDWR.
805 static void test_share_open(void)
809 fd = mfd_assert_new("kern_memfd_share_open",
811 MFD_CLOEXEC | MFD_ALLOW_SEALING);
812 mfd_assert_has_seals(fd, 0);
814 fd2 = mfd_assert_open(fd, O_RDWR, 0);
815 mfd_assert_add_seals(fd, F_SEAL_WRITE);
816 mfd_assert_has_seals(fd, F_SEAL_WRITE);
817 mfd_assert_has_seals(fd2, F_SEAL_WRITE);
819 mfd_assert_add_seals(fd2, F_SEAL_SHRINK);
820 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
821 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
824 fd = mfd_assert_open(fd2, O_RDONLY, 0);
826 mfd_fail_add_seals(fd, F_SEAL_SEAL);
827 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
828 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
831 fd2 = mfd_assert_open(fd, O_RDWR, 0);
833 mfd_assert_add_seals(fd2, F_SEAL_SEAL);
834 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
835 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
842 * Test sharing via fork()
843 * Test whether seal-modifications work as expected with forked childs.
845 static void test_share_fork(void)
850 fd = mfd_assert_new("kern_memfd_share_fork",
852 MFD_CLOEXEC | MFD_ALLOW_SEALING);
853 mfd_assert_has_seals(fd, 0);
855 pid = spawn_idle_thread(0);
856 mfd_assert_add_seals(fd, F_SEAL_SEAL);
857 mfd_assert_has_seals(fd, F_SEAL_SEAL);
859 mfd_fail_add_seals(fd, F_SEAL_WRITE);
860 mfd_assert_has_seals(fd, F_SEAL_SEAL);
862 join_idle_thread(pid);
864 mfd_fail_add_seals(fd, F_SEAL_WRITE);
865 mfd_assert_has_seals(fd, F_SEAL_SEAL);
870 int main(int argc, char **argv)
874 printf("memfd: CREATE\n");
876 printf("memfd: BASIC\n");
879 printf("memfd: SEAL-WRITE\n");
881 printf("memfd: SEAL-SHRINK\n");
883 printf("memfd: SEAL-GROW\n");
885 printf("memfd: SEAL-RESIZE\n");
888 printf("memfd: SHARE-DUP\n");
890 printf("memfd: SHARE-MMAP\n");
892 printf("memfd: SHARE-OPEN\n");
894 printf("memfd: SHARE-FORK\n");
897 /* Run test-suite in a multi-threaded environment with a shared
899 pid = spawn_idle_thread(CLONE_FILES | CLONE_FS | CLONE_VM);
900 printf("memfd: SHARE-DUP (shared file-table)\n");
902 printf("memfd: SHARE-MMAP (shared file-table)\n");
904 printf("memfd: SHARE-OPEN (shared file-table)\n");
906 printf("memfd: SHARE-FORK (shared file-table)\n");
908 join_idle_thread(pid);
910 printf("memfd: DONE\n");