[LTP] [PATCH v1 1/1] thp04: Skip when FOLL_FORCE writes are disabled

Cyril Hrubis chrubis@suse.cz
Tue May 26 18:09:38 CEST 2026 

Hi!
> CONFIG_PROC_MEM_NO_FORCE or proc_mem_force_write=0 as a security
> hardening measure.

Looking at the recent kernel commit the default changed from
CONFIG_PROC_MEM_ALWAYS_FORCE to CONFIG_PROC_MEM_FORCE_PTRACE recently
(599bbba5a "proc: make PROC_MEM_FORCE_PTRACE the Kconfig default"). That
means that the test can probably be adjusted to ptrace() itself from a
separate thread that runs the test and it should work with the new
upstream defaults.

> On such systems, thp04 fails with EIO during the /proc/self/mem write.
> This is expected kernel behavior, not a real test failure.
> 
> Add a pre-flight write check in setup() and return TCONF on EIO, with
> an explanation that FOLL_FORCE writes are disabled by kernel hardening.
> 
> This makes thp04 skip on hardened systems instead of reporting a false
> failure.
> 
> Signed-off-by: Jan Polensky <japo@linux.ibm.com>
> ---
>  testcases/kernel/mem/thp/thp04.c | 23 +++++++++++++++++++++++
>  1 file changed, 23 insertions(+)
> 
> diff --git a/testcases/kernel/mem/thp/thp04.c b/testcases/kernel/mem/thp/thp04.c
> index 16d766c349b7..a5748c09cb70 100644
> --- a/testcases/kernel/mem/thp/thp04.c
> +++ b/testcases/kernel/mem/thp/thp04.c
> @@ -73,6 +73,7 @@ static void *alloc_zero_page(void *baseaddr)
>  static void setup(void)
>  {
>  	size_t i;
> +	int test_val = 0;
>  
>  	thp_size = tst_get_hugepage_size();
>  
> @@ -93,6 +94,28 @@ static void setup(void)
>  	writefd = SAFE_OPEN("/proc/self/mem", O_RDWR);
>  	readfd = SAFE_OPEN("/proc/self/mem", O_RDWR);
>  
> +	/*
> +	 * Test if /proc/self/mem write with FOLL_FORCE works. Since kernel commit
> +	 * 41e8149c8892 ("proc: add config & param to block forcing mem writes")
> +	 * (Aug 2024), writes can be blocked by CONFIG_PROC_MEM_NO_FORCE or
> +	 * proc_mem_force_write=0 boot param.
> +	 */
> +	TEST(lseek(writefd, (off_t)write_ptr, SEEK_SET));
> +	if (TST_RET == -1)
> +		tst_brk(TBROK | TTERRNO, "lseek on /proc/self/mem failed");
> +
> +	TEST(write(writefd, &test_val, sizeof(test_val)));
> +	if (TST_RET == -1) {
> +		if (TST_ERR == EIO) {
> +			tst_brk(TCONF,
> +				"/proc/self/mem write with FOLL_FORCE is disabled. "
> +				"This is a kernel security feature (commit 41e8149c8892). "
> +				"To enable: boot with proc_mem_force_write=1 or "

AFAIK there is no proc_mem_force_write there seems to be
proc_mem.force_override that can be set to "always", "ptrace", and
"never" though.

Also LTP has /proc/cmdline and kernel .config parsers hence we can be
smarter that this and actually detect the configuration.

Something as:

        static struct tst_kcmdline_var vars[] = {
                TST_KCMDLINE_INIT("proc_mem.force_override"),
        };

        tst_kcmdline_parse(params, ARRAY_SIZE(vars));

	if (vars[0].found && strcmp(vars[0].value, "always"))
		tst_brk(TCONF, "Writes to /proc/$pid/mem disabled on kernel cmdline");
	else
		tst_brk(TCONF, "Writes to /proc/$pid/mem disabled in kernel .config")

> +				"rebuild kernel with CONFIG_PROC_MEM_FORCE_WRITE=y");
> +		}
> +		tst_brk(TBROK | TTERRNO, "test write to /proc/self/mem failed");
> +	}
> +
>  	fzsync_pair.exec_loops = 100000;
>  	tst_fzsync_pair_init(&fzsync_pair);
>  }
> -- 
> 2.54.0
> 

-- 
Cyril Hrubis
chrubis@suse.cz

More information about the ltp mailing list