[LTP] [PATCH v1] splice10.c: New splice tests involving memfd secret

Wei Gao wegao@suse.com
Wed Jul 16 14:05:57 CEST 2025 

Linux commit cbe4134ea4bc ("fs: export anon_inode_make_secure_inode() and fix
secretmem LSM bypass") prevents any access to secret memory pages from other
kernel subsystems.

Splice operations involving memfd secret are checked within this case.

Discussed-on: https://lists.linux.it/pipermail/ltp/2025-July/044351.html
Reference: cbe4134ea4bc ("fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass")
Signed-off-by: Wei Gao <wegao@suse.com>
---
 runtest/syscalls                            |  1 +
 testcases/kernel/syscalls/splice/.gitignore |  1 +
 testcases/kernel/syscalls/splice/splice10.c | 48 +++++++++++++++++++++
 3 files changed, 50 insertions(+)
 create mode 100644 testcases/kernel/syscalls/splice/splice10.c

diff --git a/runtest/syscalls b/runtest/syscalls
index b4a387b28..d6da59bd2 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -1585,6 +1585,7 @@ splice06 splice06
 splice07 splice07
 splice08 splice08
 splice09 splice09
+splice10 splice10
 
 tee01 tee01
 tee02 tee02
diff --git a/testcases/kernel/syscalls/splice/.gitignore b/testcases/kernel/syscalls/splice/.gitignore
index 96b1727a1..5e98981fe 100644
--- a/testcases/kernel/syscalls/splice/.gitignore
+++ b/testcases/kernel/syscalls/splice/.gitignore
@@ -7,3 +7,4 @@
 /splice07
 /splice08
 /splice09
+/splice10
diff --git a/testcases/kernel/syscalls/splice/splice10.c b/testcases/kernel/syscalls/splice/splice10.c
new file mode 100644
index 000000000..98ee73ef0
--- /dev/null
+++ b/testcases/kernel/syscalls/splice/splice10.c
@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2025 Wei Gao <wegao@suse.com>
+ */
+
+/*\
+ * Linux commit cbe4134ea4bc ("fs: export anon_inode_make_secure_inode() and fix
+ * secretmem LSM bypass") prevents any access to secret memory pages from other
+ * kernel subsystems.
+ * This case check splice operations involving memfd secret should return EACCES.
+ */
+
+#define _GNU_SOURCE
+#include "tst_test.h"
+#include "lapi/syscalls.h"
+
+static void verify_splice(void)
+{
+	char buf[1024];
+	int fd;
+	int pipefd[2];
+
+	memset(buf, 0xff, sizeof(buf));
+
+	if (!tst_selinux_enforcing())
+		tst_brk(TCONF, "SELinux not running");
+
+	fd = syscall(__NR_memfd_secret, 0);
+	if (fd < 0) {
+		tst_brk(TCONF | TERRNO,
+			"Skipping __NR_memfd_secret check");
+	}
+
+	SAFE_PIPE(pipefd);
+	SAFE_WRITE(1, pipefd[1], buf, sizeof(buf));
+
+	TST_EXP_FAIL(splice(pipefd[0], NULL, fd, NULL, sizeof(buf), 0), EACCES);
+	TST_EXP_FAIL(splice(fd, NULL, pipefd[1], NULL, sizeof(buf), 0), EACCES);
+
+	SAFE_CLOSE(pipefd[0]);
+	SAFE_CLOSE(pipefd[1]);
+	SAFE_CLOSE(fd);
+}
+
+static struct tst_test test = {
+	.test_all = verify_splice,
+	.min_kver = "6.16",
+};
-- 
2.49.0

More information about the ltp mailing list