On 18.02.23 22:14, Rick Edgecombe wrote:

Add a simple selftest for exercising some shadow stack behavior:
  - map_shadow_stack syscall and pivot
  - Faulting in shadow stack memory
  - Handling shadow stack violations
  - GUP of shadow stack memory
  - mprotect() of shadow stack memory
  - Userfaultfd on shadow stack memory

Since this test exercises a recently added syscall manually, it needs
to find the automatically created __NR_foo defines. Per the selftest
documentation, KHDR_INCLUDES can be used to help the selftest Makefile's
find the headers from the kernel source. This way the new selftest can
be built inside the kernel source tree without installing the headers
to the system. So also add KHDR_INCLUDES as described in the selftest
docs, to facilitate this.

Tested-by: Pengfei Xu <redacted>
Tested-by: John Allen <john.allen@amd.com>
Co-developed-by: Yu-cheng Yu <redacted>
Signed-off-by: Yu-cheng Yu <redacted>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>

---

[...]

+bool gup_write(void *ptr)
+{
+	unsigned long val;
+
+	lseek(fd, (unsigned long)ptr, SEEK_SET);
+	if (write(fd, &val, sizeof(val)) < 0)
+		return 1;

/proc/self/mem is for debug/ptrace access (FOLL_FORCE). I think you 
might also want to add tests for ordinary GUP, checking that we fail to 
obtain a write pin -- and call these tests "gup_ptrace_read" / 
"gup_ptrace_write"

An simple approach would be to trigger a read()/write() on a file opened 
via O_DIRECT, using the shadow stack as buffer. While the write() 
[reading from the page] is expected to work, a read() [writing to the 
page] has to fail.


-- 
Thanks,

David / dhildenb