<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small">Hi Liam,</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Mar 24, 2021 at 12:27 AM Liam Howlett <<a href="mailto:liam.howlett@oracle.com">liam.howlett@oracle.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello Li,<br>
<br>
Thank you for looking at this testcase.<br>
<br>
* Li Wang <<a href="mailto:liwang@redhat.com" target="_blank">liwang@redhat.com</a>> [210317 07:08]:<br>
> Hi Liam, Petr,<br>
> <br>
> Liam Howlett <<a href="mailto:liam.howlett@oracle.com" target="_blank">liam.howlett@oracle.com</a>> wrote:<br>
> <br>
> <br>
> > ...<br>
> > + if (mprotect(addr - page_size, page_size,<br>
> > + PROT_READ|PROT_WRITE|PROT_EXEC)) {<br>
> > + tst_res(TFAIL, "Cannot mprotect new VMA.");<br>
> > + return;<br>
> > + }<br>
> ><br>
> <br>
> We got permission denied here while performing the brk02 on<br>
> x86_64/s390x(kernel-4.18~). After looking at the manual page of<br>
> mprotect(), seems the access issue caused by PROT_EXEC.<br>
> <br>
> "<br>
> POSIX says that the behavior of mprotect() is unspecified if it is applied<br>
> to a region of memory that was not obtained via mmap(2).<br>
> ...<br>
> Whether PROT_EXEC has any effect different from PROT_READ<br>
> depends on processor architecture, kernel version, and process state.<br>
> If READ_IMPLIES_EXEC is set in the process's personality flags<br>
> (see personality(2)), specifying PROT_READ will implicitly add PROT_EXEC.<br>
> "<br>
<br>
<br>
Unforntunately, dropping the PROT_EXEC causes the VMA behaviour to<br>
change and does not test what this testcase is intended to test.<br></blockquote><div><br></div><div><div class="gmail_default" style="font-size:small">Yes, I agree with this. But am not sure if Linux take some action on security</div></div><div class="gmail_default" style="font-size:small">side to prevent setting PROT_EXEC permission arbitrary.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Removing the PROT_EXEC and the PROT_WRITE does test what is supposed to<br>
be tested. Can you verify that this works on the s390x?<br></blockquote><div><br></div><div><div class="gmail_default" style="font-size:small">Actually just removing the PROT_EXEC then the brk02 can be passed on all my platforms.</div></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Are you using real hardware to test this or can I use some sort of<br>
emulation to test on my side?<br></blockquote><div><br></div><div><div class="gmail_default" style="font-size:small">It looks like easily to reproduce.</div><br></div><div><div class="gmail_default" style="font-size:small">I get failed with both virtual system and bare metal, e.g. the first one</div><div class="gmail_default" style="font-size:small">is on my Fedora33-workstation. But the worth to say, brk02 passed</div><div class="gmail_default" style="font-size:small">with raspberry pi3 and pi4.</div></div><div><br></div><div><div class="gmail_default" style="font-size:small">x86_64</div><div class="gmail_default" style="font-size:small">-------------</div></div><div class="gmail_default" style="font-size:small"># virt-what <br># echo $?<br>0<br></div><div class="gmail_default" style="font-size:small"># uname -r<br>5.10.22-200.fc33.x86_64<br># ./brk02 <br>tst_test.c:1289: TINFO: Timeout per run is 0h 05m 00s<br>brk02.c:41: TFAIL: Cannot mprotect new VMA<br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><div class="gmail_default">x86_64</div><div class="gmail_default">-------------</div></div><div><div class="gmail_default" style="font-size:small"># virt-what</div>kvm</div><div># ./brk02 <br>tst_test.c:1291: TINFO: Timeout per run is 0h 05m 00s<br>brk02.c:41: TFAIL: Cannot mprotect new VMA<div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">s390x</div><div class="gmail_default" style="font-size:small">-------------</div></div><div class="gmail_default" style="font-size:small"># uname -r</div>5.12.0-rc4.vdso+</div><div class="gmail_quote"># virt-what <br>ibm_systemz<br>ibm_systemz-zvm<br></div><div class="gmail_quote"># ./brk02 <br>tst_test.c:1289: TINFO: Timeout per run is 0h 05m 00s<br>brk02.c:41: TFAIL: Cannot mprotect new VMA</div><div><br></div><div><br></div><div><div class="gmail_default" style="font-size:small">armv7l -- raspberry-pi3</div></div><div><div class="gmail_default" style="font-size:small">-----------------------------</div></div><div><div class="gmail_default" style="font-size:small"># uname -r</div>5.4.96-v7.1.el7<br># ./brk02<br>tst_test.c:1291: TINFO: Timeout per run is 0h 05m 00s<br>brk02.c:56: TPASS: munmap at least two VMAs of brk() passed<br><div class="gmail_default" style="font-size:small"></div><div class="gmail_default" style="font-size:small">armv7l -- raspberry-pi4</div><div class="gmail_default" style="font-size:small">-----------------------------</div><div class="gmail_default" style="font-size:small"># uname -rm<br>5.10.17-v7l+ armv7l<br># ./brk02<br>tst_test.c:1291: TINFO: Timeout per run is 0h 05m 00s<br>brk02.c:56: TPASS: munmap at least two VMAs of brk() passed<br></div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>Regards,<br></div><div>Li Wang<br></div></div></div></div>