[LTP] [PATCH v1] splice10.c: New splice tests involving memfd secret
Andrea Cervesato
andrea.cervesato@suse.com
Wed Jul 16 09:13:14 CEST 2025
Hi!
On 7/16/25 2:05 PM, Wei Gao via ltp wrote:
> Linux commit cbe4134ea4bc ("fs: export anon_inode_make_secure_inode() and fix
> secretmem LSM bypass") prevents any access to secret memory pages from other
> kernel subsystems.
>
> Splice operations involving memfd secret are checked within this case.
"Test if splice syscall prevents any access to secret memory pages from
other kernel subsystems."
The linux commit is given via "Reference:" anyway.
>
> Discussed-on: https://lists.linux.it/pipermail/ltp/2025-July/044351.html
> Reference: cbe4134ea4bc ("fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass")
> Signed-off-by: Wei Gao <wegao@suse.com>
> ---
> runtest/syscalls | 1 +
> testcases/kernel/syscalls/splice/.gitignore | 1 +
> testcases/kernel/syscalls/splice/splice10.c | 48 +++++++++++++++++++++
> 3 files changed, 50 insertions(+)
> create mode 100644 testcases/kernel/syscalls/splice/splice10.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index b4a387b28..d6da59bd2 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -1585,6 +1585,7 @@ splice06 splice06
> splice07 splice07
> splice08 splice08
> splice09 splice09
> +splice10 splice10
>
> tee01 tee01
> tee02 tee02
> diff --git a/testcases/kernel/syscalls/splice/.gitignore b/testcases/kernel/syscalls/splice/.gitignore
> index 96b1727a1..5e98981fe 100644
> --- a/testcases/kernel/syscalls/splice/.gitignore
> +++ b/testcases/kernel/syscalls/splice/.gitignore
> @@ -7,3 +7,4 @@
> /splice07
> /splice08
> /splice09
> +/splice10
> diff --git a/testcases/kernel/syscalls/splice/splice10.c b/testcases/kernel/syscalls/splice/splice10.c
> new file mode 100644
> index 000000000..98ee73ef0
> --- /dev/null
> +++ b/testcases/kernel/syscalls/splice/splice10.c
> @@ -0,0 +1,48 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2025 Wei Gao <wegao@suse.com>
> + */
> +
> +/*\
> + * Linux commit cbe4134ea4bc ("fs: export anon_inode_make_secure_inode() and fix
> + * secretmem LSM bypass") prevents any access to secret memory pages from other
> + * kernel subsystems.
> + * This case check splice operations involving memfd secret should return EACCES.
> + */
> +
> +#define _GNU_SOURCE
> +#include "tst_test.h"
> +#include "lapi/syscalls.h"
> +
> +static void verify_splice(void)
> +{
> + char buf[1024];
> + int fd;
> + int pipefd[2];
Since we are testing only a failure, it makes sense to create input
arguments via tst_test.bufs and initialize them in the setup().
> +
> + memset(buf, 0xff, sizeof(buf));
> +
> + if (!tst_selinux_enforcing())
Maybe it's better to use tst_selinux_enabled() after merging:
https://patchwork.ozlabs.org/project/ltp/patch/20250709-xattr_bug_repr-v3-1-379c2c291bb7@suse.com/
> + tst_brk(TCONF, "SELinux not running");
> +
> + fd = syscall(__NR_memfd_secret, 0);
> + if (fd < 0) {
> + tst_brk(TCONF | TERRNO,
> + "Skipping __NR_memfd_secret check");
> + }
> +
> + SAFE_PIPE(pipefd);
> + SAFE_WRITE(1, pipefd[1], buf, sizeof(buf));
> +
> + TST_EXP_FAIL(splice(pipefd[0], NULL, fd, NULL, sizeof(buf), 0), EACCES);
> + TST_EXP_FAIL(splice(fd, NULL, pipefd[1], NULL, sizeof(buf), 0), EACCES);
> +
> + SAFE_CLOSE(pipefd[0]);
> + SAFE_CLOSE(pipefd[1]);
> + SAFE_CLOSE(fd);
And this part will go in the cleanup().
> +}
> +
> +static struct tst_test test = {
> + .test_all = verify_splice,
> + .min_kver = "6.16",
We will need to add the reference to commit cbe4134ea4bc in here.
> +};
- Andrea
More information about the ltp
mailing list