[LTP] [PATCH v2] splice10.c: New splice tests involving memfd secret

Mon Jul 21 16:25:23 CEST 2025

Linux commit cbe4134ea4bc ("fs: export anon_inode_make_secure_inode() and fix
secretmem LSM bypass") prevents any access to secret memory pages from other
kernel subsystems.

Splice operations involving memfd secret are checked within this case.

Discussed-on: https://lists.linux.it/pipermail/ltp/2025-July/044351.html
Reference: cbe4134ea4bc ("fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass")
Signed-off-by: Wei Gao <wegao@suse.com>
---
 runtest/syscalls                            |  1 +
 testcases/kernel/syscalls/splice/.gitignore |  1 +
 testcases/kernel/syscalls/splice/splice10.c | 72 +++++++++++++++++++++
 3 files changed, 74 insertions(+)
 create mode 100644 testcases/kernel/syscalls/splice/splice10.c

diff --git a/runtest/syscalls b/runtest/syscalls
index b4a387b28..d6da59bd2 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -1585,6 +1585,7 @@ splice06 splice06
 splice07 splice07
 splice08 splice08
 splice09 splice09
+splice10 splice10
 
 tee01 tee01
 tee02 tee02
diff --git a/testcases/kernel/syscalls/splice/.gitignore b/testcases/kernel/syscalls/splice/.gitignore
index 96b1727a1..5e98981fe 100644
--- a/testcases/kernel/syscalls/splice/.gitignore
+++ b/testcases/kernel/syscalls/splice/.gitignore
@@ -7,3 +7,4 @@
 /splice07
 /splice08
 /splice09
+/splice10
diff --git a/testcases/kernel/syscalls/splice/splice10.c b/testcases/kernel/syscalls/splice/splice10.c
new file mode 100644
index 000000000..871899b3f
--- /dev/null
+++ b/testcases/kernel/syscalls/splice/splice10.c
@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2025 Wei Gao <wegao@suse.com>
+ */
+
+/*\
+ * Test if splice syscall prevents any access to secret memory pages from
+ * other kernel subsystems.
+ *
+ * Reference kernel commit:
+ * commit cbe4134ea4bc493239786220bd69cb8a13493190
+ * Author: Shivank Garg <shivankg@amd.com>
+ * Date:   Fri Jun 20 07:03:30 2025 +0000
+ *
+ *    fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
+ */
+
+#define _GNU_SOURCE
+#include "tst_test.h"
+#include "lapi/syscalls.h"
+
+static char *buf;
+static int fd = -1;
+static int pipefd[2] = {-1, -1};
+
+static void verify_splice(void)
+{
+	SAFE_WRITE(1, pipefd[1], buf, sizeof(buf));
+
+	TST_EXP_FAIL(splice(pipefd[0], NULL, fd, NULL, sizeof(buf), 0), EACCES);
+	TST_EXP_FAIL(splice(fd, NULL, pipefd[1], NULL, sizeof(buf), 0), EACCES);
+}
+
+static void setup(void)
+{
+	if (!tst_selinux_enforcing())
+		tst_brk(TCONF, "SELinux not running");
+
+	fd = syscall(__NR_memfd_secret, 0);
+	if (fd < 0) {
+		tst_brk(TCONF | TERRNO,
+			"Skipping __NR_memfd_secret check");
+	}
+
+	SAFE_PIPE(pipefd);
+}
+
+static void cleanup(void)
+{
+	for (int i = 0; i < 2; i++) {
+		if (pipefd[i] >= 0)
+			SAFE_CLOSE(pipefd[i]);
+	}
+
+	if (fd >= 0)
+		SAFE_CLOSE(fd);
+}
+
+static struct tst_test test = {
+	.setup = setup,
+	.cleanup = cleanup,
+	.test_all = verify_splice,
+	.min_kver = "6.16",
+	.bufs = (struct tst_buffers []) {
+		{&buf, .size = 1024},
+		{}
+	},
+	.tags = (const struct tst_tag[]) {
+		{"linux-git", "cbe4134ea4b"},
+		{}
+	}
+};
-- 
2.49.0

