2 #define __EXPORTED_HEADERS__
7 #include <linux/falloc.h>
8 #include <linux/fcntl.h>
9 #include <linux/memfd.h>
17 #include <sys/syscall.h>
21 #define MEMFD_STR "memfd:"
22 #define SHARED_FT_STR "(shared file-table)"
24 #define MFD_DEF_SIZE 8192
25 #define STACK_SIZE 65536
28 * Default is not to test hugetlbfs
30 static int hugetlbfs_test;
31 static size_t mfd_def_size = MFD_DEF_SIZE;
34 * Copied from mlock2-tests.c
36 static unsigned long default_huge_page_size(void)
38 unsigned long hps = 0;
41 FILE *f = fopen("/proc/meminfo", "r");
45 while (getline(&line, &linelen, f) > 0) {
46 if (sscanf(line, "Hugepagesize: %lu kB", &hps) == 1) {
57 static int sys_memfd_create(const char *name,
63 return syscall(__NR_memfd_create, name, flags);
66 static int mfd_assert_new(const char *name, loff_t sz, unsigned int flags)
70 fd = sys_memfd_create(name, flags);
72 printf("memfd_create(\"%s\", %u) failed: %m\n",
77 r = ftruncate(fd, sz);
79 printf("ftruncate(%llu) failed: %m\n", (unsigned long long)sz);
86 static void mfd_fail_new(const char *name, unsigned int flags)
90 r = sys_memfd_create(name, flags);
92 printf("memfd_create(\"%s\", %u) succeeded, but failure expected\n",
99 static unsigned int mfd_assert_get_seals(int fd)
103 r = fcntl(fd, F_GET_SEALS);
105 printf("GET_SEALS(%d) failed: %m\n", fd);
109 return (unsigned int)r;
112 static void mfd_assert_has_seals(int fd, unsigned int seals)
116 s = mfd_assert_get_seals(fd);
118 printf("%u != %u = GET_SEALS(%d)\n", seals, s, fd);
123 static void mfd_assert_add_seals(int fd, unsigned int seals)
128 s = mfd_assert_get_seals(fd);
129 r = fcntl(fd, F_ADD_SEALS, seals);
131 printf("ADD_SEALS(%d, %u -> %u) failed: %m\n", fd, s, seals);
136 static void mfd_fail_add_seals(int fd, unsigned int seals)
141 r = fcntl(fd, F_GET_SEALS);
147 r = fcntl(fd, F_ADD_SEALS, seals);
149 printf("ADD_SEALS(%d, %u -> %u) didn't fail as expected\n",
155 static void mfd_assert_size(int fd, size_t size)
162 printf("fstat(%d) failed: %m\n", fd);
164 } else if (st.st_size != size) {
165 printf("wrong file size %lld, but expected %lld\n",
166 (long long)st.st_size, (long long)size);
171 static int mfd_assert_dup(int fd)
177 printf("dup(%d) failed: %m\n", fd);
184 static void *mfd_assert_mmap_shared(int fd)
190 PROT_READ | PROT_WRITE,
194 if (p == MAP_FAILED) {
195 printf("mmap() failed: %m\n");
202 static void *mfd_assert_mmap_private(int fd)
212 if (p == MAP_FAILED) {
213 printf("mmap() failed: %m\n");
220 static int mfd_assert_open(int fd, int flags, mode_t mode)
225 sprintf(buf, "/proc/self/fd/%d", fd);
226 r = open(buf, flags, mode);
228 printf("open(%s) failed: %m\n", buf);
235 static void mfd_fail_open(int fd, int flags, mode_t mode)
240 sprintf(buf, "/proc/self/fd/%d", fd);
241 r = open(buf, flags, mode);
243 printf("open(%s) didn't fail as expected\n", buf);
248 static void mfd_assert_read(int fd)
254 l = read(fd, buf, sizeof(buf));
255 if (l != sizeof(buf)) {
256 printf("read() failed: %m\n");
260 /* verify PROT_READ *is* allowed */
267 if (p == MAP_FAILED) {
268 printf("mmap() failed: %m\n");
271 munmap(p, mfd_def_size);
273 /* verify MAP_PRIVATE is *always* allowed (even writable) */
276 PROT_READ | PROT_WRITE,
280 if (p == MAP_FAILED) {
281 printf("mmap() failed: %m\n");
284 munmap(p, mfd_def_size);
287 static void mfd_assert_write(int fd)
294 * huegtlbfs does not support write, but we want to
295 * verify everything else here.
297 if (!hugetlbfs_test) {
298 /* verify write() succeeds */
299 l = write(fd, "\0\0\0\0", 4);
301 printf("write() failed: %m\n");
306 /* verify PROT_READ | PROT_WRITE is allowed */
309 PROT_READ | PROT_WRITE,
313 if (p == MAP_FAILED) {
314 printf("mmap() failed: %m\n");
318 munmap(p, mfd_def_size);
320 /* verify PROT_WRITE is allowed */
327 if (p == MAP_FAILED) {
328 printf("mmap() failed: %m\n");
332 munmap(p, mfd_def_size);
334 /* verify PROT_READ with MAP_SHARED is allowed and a following
335 * mprotect(PROT_WRITE) allows writing */
342 if (p == MAP_FAILED) {
343 printf("mmap() failed: %m\n");
347 r = mprotect(p, mfd_def_size, PROT_READ | PROT_WRITE);
349 printf("mprotect() failed: %m\n");
354 munmap(p, mfd_def_size);
356 /* verify PUNCH_HOLE works */
358 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
362 printf("fallocate(PUNCH_HOLE) failed: %m\n");
367 static void mfd_fail_write(int fd)
373 /* verify write() fails */
374 l = write(fd, "data", 4);
376 printf("expected EPERM on write(), but got %d: %m\n", (int)l);
380 /* verify PROT_READ | PROT_WRITE is not allowed */
383 PROT_READ | PROT_WRITE,
387 if (p != MAP_FAILED) {
388 printf("mmap() didn't fail as expected\n");
392 /* verify PROT_WRITE is not allowed */
399 if (p != MAP_FAILED) {
400 printf("mmap() didn't fail as expected\n");
404 /* Verify PROT_READ with MAP_SHARED with a following mprotect is not
405 * allowed. Note that for r/w the kernel already prevents the mmap. */
412 if (p != MAP_FAILED) {
413 r = mprotect(p, mfd_def_size, PROT_READ | PROT_WRITE);
415 printf("mmap()+mprotect() didn't fail as expected\n");
420 /* verify PUNCH_HOLE fails */
422 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
426 printf("fallocate(PUNCH_HOLE) didn't fail as expected\n");
431 static void mfd_assert_shrink(int fd)
435 r = ftruncate(fd, mfd_def_size / 2);
437 printf("ftruncate(SHRINK) failed: %m\n");
441 mfd_assert_size(fd, mfd_def_size / 2);
443 fd2 = mfd_assert_open(fd,
444 O_RDWR | O_CREAT | O_TRUNC,
448 mfd_assert_size(fd, 0);
451 static void mfd_fail_shrink(int fd)
455 r = ftruncate(fd, mfd_def_size / 2);
457 printf("ftruncate(SHRINK) didn't fail as expected\n");
462 O_RDWR | O_CREAT | O_TRUNC,
466 static void mfd_assert_grow(int fd)
470 r = ftruncate(fd, mfd_def_size * 2);
472 printf("ftruncate(GROW) failed: %m\n");
476 mfd_assert_size(fd, mfd_def_size * 2);
483 printf("fallocate(ALLOC) failed: %m\n");
487 mfd_assert_size(fd, mfd_def_size * 4);
490 static void mfd_fail_grow(int fd)
494 r = ftruncate(fd, mfd_def_size * 2);
496 printf("ftruncate(GROW) didn't fail as expected\n");
505 printf("fallocate(ALLOC) didn't fail as expected\n");
510 static void mfd_assert_grow_write(int fd)
515 buf = malloc(mfd_def_size * 8);
517 printf("malloc(%d) failed: %m\n", mfd_def_size * 8);
521 l = pwrite(fd, buf, mfd_def_size * 8, 0);
522 if (l != (mfd_def_size * 8)) {
523 printf("pwrite() failed: %m\n");
527 mfd_assert_size(fd, mfd_def_size * 8);
530 static void mfd_fail_grow_write(int fd)
535 buf = malloc(mfd_def_size * 8);
537 printf("malloc(%d) failed: %m\n", mfd_def_size * 8);
541 l = pwrite(fd, buf, mfd_def_size * 8, 0);
542 if (l == (mfd_def_size * 8)) {
543 printf("pwrite() didn't fail as expected\n");
548 static int idle_thread_fn(void *arg)
553 /* dummy waiter; SIGTERM terminates us anyway */
555 sigaddset(&set, SIGTERM);
561 static pid_t spawn_idle_thread(unsigned int flags)
566 stack = malloc(STACK_SIZE);
568 printf("malloc(STACK_SIZE) failed: %m\n");
572 pid = clone(idle_thread_fn,
577 printf("clone() failed: %m\n");
584 static void join_idle_thread(pid_t pid)
587 waitpid(pid, NULL, 0);
591 * Test memfd_create() syscall
592 * Verify syscall-argument validation, including name checks, flag validation
595 static void test_create(void)
600 printf("%s CREATE\n", MEMFD_STR);
603 mfd_fail_new(NULL, 0);
605 /* test over-long name (not zero-terminated) */
606 memset(buf, 0xff, sizeof(buf));
607 mfd_fail_new(buf, 0);
609 /* test over-long zero-terminated name */
610 memset(buf, 0xff, sizeof(buf));
611 buf[sizeof(buf) - 1] = 0;
612 mfd_fail_new(buf, 0);
614 /* verify "" is a valid name */
615 fd = mfd_assert_new("", 0, 0);
618 /* verify invalid O_* open flags */
619 mfd_fail_new("", 0x0100);
620 mfd_fail_new("", ~MFD_CLOEXEC);
621 mfd_fail_new("", ~MFD_ALLOW_SEALING);
622 mfd_fail_new("", ~0);
623 mfd_fail_new("", 0x80000000U);
625 /* verify MFD_CLOEXEC is allowed */
626 fd = mfd_assert_new("", 0, MFD_CLOEXEC);
629 if (!hugetlbfs_test) {
630 /* verify MFD_ALLOW_SEALING is allowed */
631 fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING);
634 /* verify MFD_ALLOW_SEALING | MFD_CLOEXEC is allowed */
635 fd = mfd_assert_new("", 0, MFD_ALLOW_SEALING | MFD_CLOEXEC);
638 /* sealing is not supported on hugetlbfs */
639 mfd_fail_new("", MFD_ALLOW_SEALING);
645 * A very basic sealing test to see whether setting/retrieving seals works.
647 static void test_basic(void)
651 /* hugetlbfs does not contain sealing support */
655 printf("%s BASIC\n", MEMFD_STR);
657 fd = mfd_assert_new("kern_memfd_basic",
659 MFD_CLOEXEC | MFD_ALLOW_SEALING);
661 /* add basic seals */
662 mfd_assert_has_seals(fd, 0);
663 mfd_assert_add_seals(fd, F_SEAL_SHRINK |
665 mfd_assert_has_seals(fd, F_SEAL_SHRINK |
669 mfd_assert_add_seals(fd, F_SEAL_SHRINK |
671 mfd_assert_has_seals(fd, F_SEAL_SHRINK |
674 /* add more seals and seal against sealing */
675 mfd_assert_add_seals(fd, F_SEAL_GROW | F_SEAL_SEAL);
676 mfd_assert_has_seals(fd, F_SEAL_SHRINK |
681 /* verify that sealing no longer works */
682 mfd_fail_add_seals(fd, F_SEAL_GROW);
683 mfd_fail_add_seals(fd, 0);
687 /* verify sealing does not work without MFD_ALLOW_SEALING */
688 fd = mfd_assert_new("kern_memfd_basic",
691 mfd_assert_has_seals(fd, F_SEAL_SEAL);
692 mfd_fail_add_seals(fd, F_SEAL_SHRINK |
695 mfd_assert_has_seals(fd, F_SEAL_SEAL);
700 * hugetlbfs doesn't support seals or write, so just verify grow and shrink
701 * on a hugetlbfs file created via memfd_create.
703 static void test_hugetlbfs_grow_shrink(void)
707 printf("%s HUGETLBFS-GROW-SHRINK\n", MEMFD_STR);
709 fd = mfd_assert_new("kern_memfd_seal_write",
714 mfd_assert_write(fd);
715 mfd_assert_shrink(fd);
723 * Test whether SEAL_WRITE actually prevents modifications.
725 static void test_seal_write(void)
730 * hugetlbfs does not contain sealing or write support. Just test
731 * basic grow and shrink via test_hugetlbfs_grow_shrink.
734 return test_hugetlbfs_grow_shrink();
736 printf("%s SEAL-WRITE\n", MEMFD_STR);
738 fd = mfd_assert_new("kern_memfd_seal_write",
740 MFD_CLOEXEC | MFD_ALLOW_SEALING);
741 mfd_assert_has_seals(fd, 0);
742 mfd_assert_add_seals(fd, F_SEAL_WRITE);
743 mfd_assert_has_seals(fd, F_SEAL_WRITE);
747 mfd_assert_shrink(fd);
749 mfd_fail_grow_write(fd);
756 * Test whether SEAL_SHRINK actually prevents shrinking
758 static void test_seal_shrink(void)
762 /* hugetlbfs does not contain sealing support */
766 printf("%s SEAL-SHRINK\n", MEMFD_STR);
768 fd = mfd_assert_new("kern_memfd_seal_shrink",
770 MFD_CLOEXEC | MFD_ALLOW_SEALING);
771 mfd_assert_has_seals(fd, 0);
772 mfd_assert_add_seals(fd, F_SEAL_SHRINK);
773 mfd_assert_has_seals(fd, F_SEAL_SHRINK);
776 mfd_assert_write(fd);
779 mfd_assert_grow_write(fd);
786 * Test whether SEAL_GROW actually prevents growing
788 static void test_seal_grow(void)
792 /* hugetlbfs does not contain sealing support */
796 printf("%s SEAL-GROW\n", MEMFD_STR);
798 fd = mfd_assert_new("kern_memfd_seal_grow",
800 MFD_CLOEXEC | MFD_ALLOW_SEALING);
801 mfd_assert_has_seals(fd, 0);
802 mfd_assert_add_seals(fd, F_SEAL_GROW);
803 mfd_assert_has_seals(fd, F_SEAL_GROW);
806 mfd_assert_write(fd);
807 mfd_assert_shrink(fd);
809 mfd_fail_grow_write(fd);
815 * Test SEAL_SHRINK | SEAL_GROW
816 * Test whether SEAL_SHRINK | SEAL_GROW actually prevents resizing
818 static void test_seal_resize(void)
822 /* hugetlbfs does not contain sealing support */
826 printf("%s SEAL-RESIZE\n", MEMFD_STR);
828 fd = mfd_assert_new("kern_memfd_seal_resize",
830 MFD_CLOEXEC | MFD_ALLOW_SEALING);
831 mfd_assert_has_seals(fd, 0);
832 mfd_assert_add_seals(fd, F_SEAL_SHRINK | F_SEAL_GROW);
833 mfd_assert_has_seals(fd, F_SEAL_SHRINK | F_SEAL_GROW);
836 mfd_assert_write(fd);
839 mfd_fail_grow_write(fd);
845 * hugetlbfs does not support seals. Basic test to dup the memfd created
846 * fd and perform some basic operations on it.
848 static void hugetlbfs_dup(char *b_suffix)
852 printf("%s HUGETLBFS-DUP %s\n", MEMFD_STR, b_suffix);
854 fd = mfd_assert_new("kern_memfd_share_dup",
858 fd2 = mfd_assert_dup(fd);
861 mfd_assert_write(fd);
863 mfd_assert_shrink(fd2);
864 mfd_assert_grow(fd2);
871 * Test sharing via dup()
872 * Test that seals are shared between dupped FDs and they're all equal.
874 static void test_share_dup(char *banner, char *b_suffix)
879 * hugetlbfs does not contain sealing support. Perform some
880 * basic testing on dup'ed fd instead via hugetlbfs_dup.
882 if (hugetlbfs_test) {
883 hugetlbfs_dup(b_suffix);
887 printf("%s %s %s\n", MEMFD_STR, banner, b_suffix);
889 fd = mfd_assert_new("kern_memfd_share_dup",
891 MFD_CLOEXEC | MFD_ALLOW_SEALING);
892 mfd_assert_has_seals(fd, 0);
894 fd2 = mfd_assert_dup(fd);
895 mfd_assert_has_seals(fd2, 0);
897 mfd_assert_add_seals(fd, F_SEAL_WRITE);
898 mfd_assert_has_seals(fd, F_SEAL_WRITE);
899 mfd_assert_has_seals(fd2, F_SEAL_WRITE);
901 mfd_assert_add_seals(fd2, F_SEAL_SHRINK);
902 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
903 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
905 mfd_assert_add_seals(fd, F_SEAL_SEAL);
906 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
907 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
909 mfd_fail_add_seals(fd, F_SEAL_GROW);
910 mfd_fail_add_seals(fd2, F_SEAL_GROW);
911 mfd_fail_add_seals(fd, F_SEAL_SEAL);
912 mfd_fail_add_seals(fd2, F_SEAL_SEAL);
916 mfd_fail_add_seals(fd, F_SEAL_GROW);
921 * Test sealing with active mmap()s
922 * Modifying seals is only allowed if no other mmap() refs exist.
924 static void test_share_mmap(char *banner, char *b_suffix)
929 /* hugetlbfs does not contain sealing support */
933 printf("%s %s %s\n", MEMFD_STR, banner, b_suffix);
935 fd = mfd_assert_new("kern_memfd_share_mmap",
937 MFD_CLOEXEC | MFD_ALLOW_SEALING);
938 mfd_assert_has_seals(fd, 0);
940 /* shared/writable ref prevents sealing WRITE, but allows others */
941 p = mfd_assert_mmap_shared(fd);
942 mfd_fail_add_seals(fd, F_SEAL_WRITE);
943 mfd_assert_has_seals(fd, 0);
944 mfd_assert_add_seals(fd, F_SEAL_SHRINK);
945 mfd_assert_has_seals(fd, F_SEAL_SHRINK);
946 munmap(p, mfd_def_size);
948 /* readable ref allows sealing */
949 p = mfd_assert_mmap_private(fd);
950 mfd_assert_add_seals(fd, F_SEAL_WRITE);
951 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
952 munmap(p, mfd_def_size);
958 * Basic test to make sure we can open the hugetlbfs fd via /proc and
959 * perform some simple operations on it.
961 static void hugetlbfs_proc_open(char *b_suffix)
965 printf("%s HUGETLBFS-PROC-OPEN %s\n", MEMFD_STR, b_suffix);
967 fd = mfd_assert_new("kern_memfd_share_open",
971 fd2 = mfd_assert_open(fd, O_RDWR, 0);
974 mfd_assert_write(fd);
976 mfd_assert_shrink(fd2);
977 mfd_assert_grow(fd2);
984 * Test sealing with open(/proc/self/fd/%d)
985 * Via /proc we can get access to a separate file-context for the same memfd.
986 * This is *not* like dup(), but like a real separate open(). Make sure the
987 * semantics are as expected and we correctly check for RDONLY / WRONLY / RDWR.
989 static void test_share_open(char *banner, char *b_suffix)
994 * hugetlbfs does not contain sealing support. So test basic
995 * functionality of using /proc fd via hugetlbfs_proc_open
997 if (hugetlbfs_test) {
998 hugetlbfs_proc_open(b_suffix);
1002 printf("%s %s %s\n", MEMFD_STR, banner, b_suffix);
1004 fd = mfd_assert_new("kern_memfd_share_open",
1006 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1007 mfd_assert_has_seals(fd, 0);
1009 fd2 = mfd_assert_open(fd, O_RDWR, 0);
1010 mfd_assert_add_seals(fd, F_SEAL_WRITE);
1011 mfd_assert_has_seals(fd, F_SEAL_WRITE);
1012 mfd_assert_has_seals(fd2, F_SEAL_WRITE);
1014 mfd_assert_add_seals(fd2, F_SEAL_SHRINK);
1015 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
1016 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
1019 fd = mfd_assert_open(fd2, O_RDONLY, 0);
1021 mfd_fail_add_seals(fd, F_SEAL_SEAL);
1022 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK);
1023 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK);
1026 fd2 = mfd_assert_open(fd, O_RDWR, 0);
1028 mfd_assert_add_seals(fd2, F_SEAL_SEAL);
1029 mfd_assert_has_seals(fd, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
1030 mfd_assert_has_seals(fd2, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_SEAL);
1037 * Test sharing via fork()
1038 * Test whether seal-modifications work as expected with forked childs.
1040 static void test_share_fork(char *banner, char *b_suffix)
1045 /* hugetlbfs does not contain sealing support */
1049 printf("%s %s %s\n", MEMFD_STR, banner, b_suffix);
1051 fd = mfd_assert_new("kern_memfd_share_fork",
1053 MFD_CLOEXEC | MFD_ALLOW_SEALING);
1054 mfd_assert_has_seals(fd, 0);
1056 pid = spawn_idle_thread(0);
1057 mfd_assert_add_seals(fd, F_SEAL_SEAL);
1058 mfd_assert_has_seals(fd, F_SEAL_SEAL);
1060 mfd_fail_add_seals(fd, F_SEAL_WRITE);
1061 mfd_assert_has_seals(fd, F_SEAL_SEAL);
1063 join_idle_thread(pid);
1065 mfd_fail_add_seals(fd, F_SEAL_WRITE);
1066 mfd_assert_has_seals(fd, F_SEAL_SEAL);
1071 int main(int argc, char **argv)
1076 if (!strcmp(argv[1], "hugetlbfs")) {
1077 unsigned long hpage_size = default_huge_page_size();
1080 printf("Unable to determine huge page size\n");
1085 mfd_def_size = hpage_size * 2;
1097 test_share_dup("SHARE-DUP", "");
1098 test_share_mmap("SHARE-MMAP", "");
1099 test_share_open("SHARE-OPEN", "");
1100 test_share_fork("SHARE-FORK", "");
1102 /* Run test-suite in a multi-threaded environment with a shared
1104 pid = spawn_idle_thread(CLONE_FILES | CLONE_FS | CLONE_VM);
1105 test_share_dup("SHARE-DUP", SHARED_FT_STR);
1106 test_share_mmap("SHARE-MMAP", SHARED_FT_STR);
1107 test_share_open("SHARE-OPEN", SHARED_FT_STR);
1108 test_share_fork("SHARE-FORK", SHARED_FT_STR);
1109 join_idle_thread(pid);
1111 printf("memfd: DONE\n");