test_shadow_stack.c source code [linux/tools/testing/selftests/x86/test_shadow_stack.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* This program test's basic kernel shadow stack support. It enables shadow
4	* stack manual via the arch_prctl(), instead of relying on glibc. It's
5	* Makefile doesn't compile with shadow stack support, so it doesn't rely on
6	* any particular glibc. As a result it can't do any operations that require
7	* special glibc shadow stack support (longjmp(), swapcontext(), etc). Just
8	* stick to the basics and hope the compiler doesn't do anything strange.
9	*/
10
11	#define _GNU_SOURCE
12
13	#include <sys/syscall.h>
14	#include <asm/mman.h>
15	#include <sys/mman.h>
16	#include <sys/stat.h>
17	#include <sys/wait.h>
18	#include <stdio.h>
19	#include <stdlib.h>
20	#include <fcntl.h>
21	#include <unistd.h>
22	#include <string.h>
23	#include <errno.h>
24	#include <stdbool.h>
25	#include <x86intrin.h>
26	#include <asm/prctl.h>
27	#include <sys/prctl.h>
28	#include <stdint.h>
29	#include <signal.h>
30	#include <pthread.h>
31	#include <sys/ioctl.h>
32	#include <linux/userfaultfd.h>
33	#include <setjmp.h>
34	#include <sys/ptrace.h>
35	#include <sys/signal.h>
36	#include <linux/elf.h>
37
38	/*
39	* Define the ABI defines if needed, so people can run the tests
40	* without building the headers.
41	*/
42	#ifndef __NR_map_shadow_stack
43	#define __NR_map_shadow_stack 453
44
45	#define SHADOW_STACK_SET_TOKEN (1ULL << 0)
46
47	#define ARCH_SHSTK_ENABLE 0x5001
48	#define ARCH_SHSTK_DISABLE 0x5002
49	#define ARCH_SHSTK_LOCK 0x5003
50	#define ARCH_SHSTK_UNLOCK 0x5004
51	#define ARCH_SHSTK_STATUS 0x5005
52
53	#define ARCH_SHSTK_SHSTK (1ULL << 0)
54	#define ARCH_SHSTK_WRSS (1ULL << 1)
55
56	#define NT_X86_SHSTK 0x204
57	#endif
58
59	#define SS_SIZE 0x200000
60	#define PAGE_SIZE 0x1000
61
62	#if (__GNUC__ < 8) \|\| (__GNUC__ == 8 && __GNUC_MINOR__ < 5)
63	int main(int argc, char *argv[])
64	{
65	printf("[SKIP]\tCompiler does not support CET.\n");
66	return `0`;
67	}
68	#else
69	void write_shstk(unsigned long addr, unsigned* long val)
70	{
71	asm volatile("wrssq %[val], (%[addr])\n"
72	: "=m" (addr)
73	: [addr] "r" (addr), [val] "r" (val));
74	}
75
76	static inline unsigned long __attribute__((always_inline)) get_ssp(void)
77	{
78	unsigned long ret = `0`;
79
80	asm volatile("xor %0, %0; rdsspq %0" : "=r" (ret));
81	return ret;
82	}
83
84	/*
85	* For use in inline enablement of shadow stack.
86	*
87	* The program can't return from the point where shadow stack gets enabled
88	* because there will be no address on the shadow stack. So it can't use
89	* syscall() for enablement, since it is a function.
90	*
91	* Based on code from nolibc.h. Keep a copy here because this can't pull in all
92	* of nolibc.h.
93	*/
94	#define ARCH_PRCTL(arg1, arg2) \
95	({ \
96	long _ret; \
97	register long _num asm("eax") = __NR_arch_prctl; \
98	register long _arg1 asm("rdi") = (long)(arg1); \
99	register long _arg2 asm("rsi") = (long)(arg2); \
100	\
101	asm volatile ( \
102	"syscall\n" \
103	: "=a"(_ret) \
104	: "r"(_arg1), "r"(_arg2), \
105	"0"(_num) \
106	: "rcx", "r11", "memory", "cc" \
107	); \
108	_ret; \
109	})
110
111	void create_shstk(void* *addr)
112	{
113	return (void *)syscall(__NR_map_shadow_stack, addr, SS_SIZE, SHADOW_STACK_SET_TOKEN);
114	}
115
116	void create_normal_mem(void* *addr)
117	{
118	return mmap(addr, SS_SIZE, PROT_READ \| PROT_WRITE,
119	MAP_PRIVATE \| MAP_ANONYMOUS, `0`, `0`);
120	}
121
122	void free_shstk(void *shstk)
123	{
124	munmap(shstk, SS_SIZE);
125	}
126
127	int reset_shstk(void *shstk)
128	{
129	return madvise(shstk, SS_SIZE, MADV_DONTNEED);
130	}
131
132	void try_shstk(unsigned long new_ssp)
133	{
134	unsigned long ssp;
135
136	printf("[INFO]\tnew_ssp = %lx, *new_ssp = %lx\n",
137	new_ssp, ((unsigned* long *)new_ssp));
138
139	ssp = get_ssp();
140	printf("[INFO]\tchanging ssp from %lx to %lx\n", ssp, new_ssp);
141
142	asm volatile("rstorssp (%0)\n":: "r" (new_ssp));
143	asm volatile("saveprevssp");
144	printf("[INFO]\tssp is now %lx\n", get_ssp());
145
146	/ Switch back to original shadow stack /
147	ssp -= `8`;
148	asm volatile("rstorssp (%0)\n":: "r" (ssp));
149	asm volatile("saveprevssp");
150	}
151
152	int test_shstk_pivot(void)
153	{
154	void *shstk = create_shstk(`0`);
155
156	if (shstk == MAP_FAILED) {
157	printf("[FAIL]\tError creating shadow stack: %d\n", errno);
158	return `1`;
159	}
160	try_shstk((unsigned long)shstk + SS_SIZE - `8`);
161	free_shstk(shstk);
162
163	printf("[OK]\tShadow stack pivot\n");
164	return `0`;
165	}
166
167	int test_shstk_faults(void)
168	{
169	unsigned long *shstk = create_shstk(`0`);
170
171	/ Read shadow stack, test if it's zero to not get read optimized out /
172	if (*shstk != `0`)
173	goto err;
174
175	/ Wrss memory that was already read. /
176	write_shstk(shstk, `1`);
177	if (*shstk != `1`)
178	goto err;
179
180	/ Page out memory, so we can wrss it again. /
181	if (reset_shstk((void *)shstk))
182	goto err;
183
184	write_shstk(shstk, `1`);
185	if (*shstk != `1`)
186	goto err;
187
188	printf("[OK]\tShadow stack faults\n");
189	return `0`;
190
191	err:
192	return `1`;
193	}
194
195	unsigned long saved_ssp;
196	unsigned long saved_ssp_val;
197	volatile bool segv_triggered;
198
199	void __attribute__((noinline)) violate_ss(void)
200	{
201	saved_ssp = get_ssp();
202	saved_ssp_val = (unsigned* long *)saved_ssp;
203
204	/ Corrupt shadow stack /
205	printf("[INFO]\tCorrupting shadow stack\n");
206	write_shstk((void *)saved_ssp, `0`);
207	}
208
209	void segv_handler(int signum, siginfo_t si, void* *uc)
210	{
211	printf("[INFO]\tGenerated shadow stack violation successfully\n");
212
213	segv_triggered = true;
214
215	/ Fix shadow stack /
216	write_shstk((void *)saved_ssp, saved_ssp_val);
217	}
218
219	int test_shstk_violation(void)
220	{
221	struct sigaction sa = {};
222
223	sa.sa_sigaction = segv_handler;
224	sa.sa_flags = SA_SIGINFO;
225	if (sigaction(SIGSEGV, &sa, NULL))
226	return `1`;
227
228	segv_triggered = false;
229
230	/ Make sure segv_triggered is set before violate_ss() /
231	asm volatile("" : : : "memory");
232
233	violate_ss();
234
235	signal(SIGSEGV, SIG_DFL);
236
237	printf("[OK]\tShadow stack violation test\n");
238
239	return !segv_triggered;
240	}
241
242	/ Gup test state /
243	#define MAGIC_VAL 0x12345678
244	bool is_shstk_access;
245	void *shstk_ptr;
246	int fd;
247
248	void reset_test_shstk(void *addr)
249	{
250	if (shstk_ptr)
251	free_shstk(shstk_ptr);
252	shstk_ptr = create_shstk(addr);
253	}
254
255	void test_access_fix_handler(int signum, siginfo_t si, void* *uc)
256	{
257	printf("[INFO]\tViolation from %s\n", is_shstk_access ? "shstk access" : "normal write");
258
259	segv_triggered = true;
260
261	/ Fix shadow stack /
262	if (is_shstk_access) {
263	reset_test_shstk(shstk_ptr);
264	return;
265	}
266
267	free_shstk(shstk_ptr);
268	create_normal_mem(shstk_ptr);
269	}
270
271	bool test_shstk_access(void *ptr)
272	{
273	is_shstk_access = true;
274	segv_triggered = false;
275	write_shstk(ptr, MAGIC_VAL);
276
277	asm volatile("" : : : "memory");
278
279	return segv_triggered;
280	}
281
282	bool test_write_access(void *ptr)
283	{
284	is_shstk_access = false;
285	segv_triggered = false;
286	(unsigned* long *)ptr = MAGIC_VAL;
287
288	asm volatile("" : : : "memory");
289
290	return segv_triggered;
291	}
292
293	bool gup_write(void *ptr)
294	{
295	unsigned long val;
296
297	lseek(fd, (unsigned long)ptr, SEEK_SET);
298	if (write(fd, &val, sizeof(val)) < `0`)
299	return `1`;
300
301	return `0`;
302	}
303
304	bool gup_read(void *ptr)
305	{
306	unsigned long val;
307
308	lseek(fd, (unsigned long)ptr, SEEK_SET);
309	if (read(fd, &val, sizeof(val)) < `0`)
310	return `1`;
311
312	return `0`;
313	}
314
315	int test_gup(void)
316	{
317	struct sigaction sa = {};
318	int status;
319	pid_t pid;
320
321	sa.sa_sigaction = test_access_fix_handler;
322	sa.sa_flags = SA_SIGINFO;
323	if (sigaction(SIGSEGV, &sa, NULL))
324	return `1`;
325
326	segv_triggered = false;
327
328	fd = open("/proc/self/mem", O_RDWR);
329	if (fd == -`1`)
330	return `1`;
331
332	reset_test_shstk(`0`);
333	if (gup_read(shstk_ptr))
334	return `1`;
335	if (test_shstk_access(shstk_ptr))
336	return `1`;
337	printf("[INFO]\tGup read -> shstk access success\n");
338
339	reset_test_shstk(`0`);
340	if (gup_write(shstk_ptr))
341	return `1`;
342	if (test_shstk_access(shstk_ptr))
343	return `1`;
344	printf("[INFO]\tGup write -> shstk access success\n");
345
346	reset_test_shstk(`0`);
347	if (gup_read(shstk_ptr))
348	return `1`;
349	if (!test_write_access(shstk_ptr))
350	return `1`;
351	printf("[INFO]\tGup read -> write access success\n");
352
353	reset_test_shstk(`0`);
354	if (gup_write(shstk_ptr))
355	return `1`;
356	if (!test_write_access(shstk_ptr))
357	return `1`;
358	printf("[INFO]\tGup write -> write access success\n");
359
360	close(fd);
361
362	/ COW/gup test /
363	reset_test_shstk(`0`);
364	pid = fork();
365	if (!pid) {
366	fd = open("/proc/self/mem", O_RDWR);
367	if (fd == -`1`)
368	exit(`1`);
369
370	if (gup_write(shstk_ptr)) {
371	close(fd);
372	exit(`1`);
373	}
374	close(fd);
375	exit(`0`);
376	}
377	waitpid(pid, &status, `0`);
378	if (WEXITSTATUS(status)) {
379	printf("[FAIL]\tWrite in child failed\n");
380	return `1`;
381	}
382	if ((unsigned* long *)shstk_ptr == MAGIC_VAL) {
383	printf("[FAIL]\tWrite in child wrote through to shared memory\n");
384	return `1`;
385	}
386
387	printf("[INFO]\tCow gup write -> write access success\n");
388
389	free_shstk(shstk_ptr);
390
391	signal(SIGSEGV, SIG_DFL);
392
393	printf("[OK]\tShadow gup test\n");
394
395	return `0`;
396	}
397
398	int test_mprotect(void)
399	{
400	struct sigaction sa = {};
401
402	sa.sa_sigaction = test_access_fix_handler;
403	sa.sa_flags = SA_SIGINFO;
404	if (sigaction(SIGSEGV, &sa, NULL))
405	return `1`;
406
407	segv_triggered = false;
408
409	/ mprotect a shadow stack as read only /
410	reset_test_shstk(`0`);
411	if (mprotect(shstk_ptr, SS_SIZE, PROT_READ) < `0`) {
412	printf("[FAIL]\tmprotect(PROT_READ) failed\n");
413	return `1`;
414	}
415
416	/ try to wrss it and fail /
417	if (!test_shstk_access(shstk_ptr)) {
418	printf("[FAIL]\tShadow stack access to read-only memory succeeded\n");
419	return `1`;
420	}
421
422	/*
423	* The shadow stack was reset above to resolve the fault, make the new one
424	* read-only.
425	*/
426	if (mprotect(shstk_ptr, SS_SIZE, PROT_READ) < `0`) {
427	printf("[FAIL]\tmprotect(PROT_READ) failed\n");
428	return `1`;
429	}
430
431	/ then back to writable /
432	if (mprotect(shstk_ptr, SS_SIZE, PROT_WRITE \| PROT_READ) < `0`) {
433	printf("[FAIL]\tmprotect(PROT_WRITE) failed\n");
434	return `1`;
435	}
436
437	/ then wrss to it and succeed /
438	if (test_shstk_access(shstk_ptr)) {
439	printf("[FAIL]\tShadow stack access to mprotect() writable memory failed\n");
440	return `1`;
441	}
442
443	free_shstk(shstk_ptr);
444
445	signal(SIGSEGV, SIG_DFL);
446
447	printf("[OK]\tmprotect() test\n");
448
449	return `0`;
450	}
451
452	char zero[`4096`];
453
454	static void uffd_thread(void* *arg)
455	{
456	struct uffdio_copy req;
457	int uffd = (int* *)arg;
458	struct uffd_msg msg;
459	int ret;
460
461	while (`1`) {
462	ret = read(uffd, &msg, sizeof(msg));
463	if (ret > `0`)
464	break;
465	else if (errno == EAGAIN)
466	continue;
467	return (void *)`1`;
468	}
469
470	req.dst = msg.arg.pagefault.address;
471	req.src = (__u64)zero;
472	req.len = `4096`;
473	req.mode = `0`;
474
475	if (ioctl(uffd, UFFDIO_COPY, &req))
476	return (void *)`1`;
477
478	return (void *)`0`;
479	}
480
481	int test_userfaultfd(void)
482	{
483	struct uffdio_register uffdio_register;
484	struct uffdio_api uffdio_api;
485	struct sigaction sa = {};
486	pthread_t thread;
487	void *res;
488	int uffd;
489
490	sa.sa_sigaction = test_access_fix_handler;
491	sa.sa_flags = SA_SIGINFO;
492	if (sigaction(SIGSEGV, &sa, NULL))
493	return `1`;
494
495	uffd = syscall(__NR_userfaultfd, O_CLOEXEC \| O_NONBLOCK);
496	if (uffd < `0`) {
497	printf("[SKIP]\tUserfaultfd unavailable.\n");
498	return `0`;
499	}
500
501	reset_test_shstk(`0`);
502
503	uffdio_api.api = UFFD_API;
504	uffdio_api.features = `0`;
505	if (ioctl(uffd, UFFDIO_API, &uffdio_api))
506	goto err;
507
508	uffdio_register.range.start = (__u64)shstk_ptr;
509	uffdio_register.range.len = `4096`;
510	uffdio_register.mode = UFFDIO_REGISTER_MODE_MISSING;
511	if (ioctl(uffd, UFFDIO_REGISTER, &uffdio_register))
512	goto err;
513
514	if (pthread_create(&thread, NULL, &uffd_thread, &uffd))
515	goto err;
516
517	reset_shstk(shstk_ptr);
518	test_shstk_access(shstk_ptr);
519
520	if (pthread_join(thread, &res))
521	goto err;
522
523	if (test_shstk_access(shstk_ptr))
524	goto err;
525
526	free_shstk(shstk_ptr);
527
528	signal(SIGSEGV, SIG_DFL);
529
530	if (!res)
531	printf("[OK]\tUserfaultfd test\n");
532	return !!res;
533	err:
534	free_shstk(shstk_ptr);
535	close(uffd);
536	signal(SIGSEGV, SIG_DFL);
537	return `1`;
538	}
539
540	/ Simple linked list for keeping track of mappings in test_guard_gap() /
541	struct node {
542	struct node *next;
543	void *mapping;
544	};
545
546	/*
547	* This tests whether mmap will place other mappings in a shadow stack's guard
548	* gap. The steps are:
549	* 1. Finds an empty place by mapping and unmapping something.
550	* 2. Map a shadow stack in the middle of the known empty area.
551	* 3. Map a bunch of PAGE_SIZE mappings. These will use the search down
552	* direction, filling any gaps until it encounters the shadow stack's
553	* guard gap.
554	* 4. When a mapping lands below the shadow stack from step 2, then all
555	* of the above gaps are filled. The search down algorithm will have
556	* looked at the shadow stack gaps.
557	* 5. See if it landed in the gap.
558	*/
559	int test_guard_gap(void)
560	{
561	void free_area, shstk, test_map = (void* *)`0xFFFFFFFFFFFFFFFF`;
562	struct node head = NULL, cur;
563
564	free_area = mmap(`0`, SS_SIZE * `3`, PROT_READ \| PROT_WRITE,
565	MAP_PRIVATE \| MAP_ANONYMOUS, -`1`, `0`);
566	munmap(free_area, SS_SIZE * `3`);
567
568	shstk = create_shstk(free_area + SS_SIZE);
569	if (shstk == MAP_FAILED)
570	return `1`;
571
572	while (test_map > shstk) {
573	test_map = mmap(`0`, PAGE_SIZE, PROT_READ \| PROT_WRITE,
574	MAP_PRIVATE \| MAP_ANONYMOUS, -`1`, `0`);
575	if (test_map == MAP_FAILED)
576	return `1`;
577	cur = malloc(sizeof(*cur));
578	cur->mapping = test_map;
579
580	cur->next = head;
581	head = cur;
582	}
583
584	while (head) {
585	cur = head;
586	head = cur->next;
587	munmap(cur->mapping, PAGE_SIZE);
588	free(cur);
589	}
590
591	free_shstk(shstk);
592
593	if (shstk - test_map - PAGE_SIZE != PAGE_SIZE)
594	return `1`;
595
596	printf("[OK]\tGuard gap test\n");
597
598	return `0`;
599	}
600
601	/*
602	* Too complicated to pull it out of the 32 bit header, but also get the
603	* 64 bit one needed above. Just define a copy here.
604	*/
605	#define __NR_compat_sigaction 67
606
607	/*
608	* Call 32 bit signal handler to get 32 bit signals ABI. Make sure
609	* to push the registers that will get clobbered.
610	*/
611	int sigaction32(int signum, const struct sigaction *restrict act,
612	struct sigaction *restrict oldact)
613	{
614	register long syscall_reg asm("eax") = __NR_compat_sigaction;
615	register long signum_reg asm("ebx") = signum;
616	register long act_reg asm("ecx") = (long)act;
617	register long oldact_reg asm("edx") = (long)oldact;
618	int ret = `0`;
619
620	asm volatile ("int $0x80;"
621	: "=a"(ret), "=m"(oldact)
622	: "r"(syscall_reg), "r"(signum_reg), "r"(act_reg),
623	"r"(oldact_reg)
624	: "r8", "r9", "r10", "r11"
625	);
626
627	return ret;
628	}
629
630	sigjmp_buf jmp_buffer;
631
632	void segv_gp_handler(int signum, siginfo_t si, void* *uc)
633	{
634	segv_triggered = true;
635
636	/*
637	* To work with old glibc, this can't rely on siglongjmp working with
638	* shadow stack enabled, so disable shadow stack before siglongjmp().
639	*/
640	ARCH_PRCTL(ARCH_SHSTK_DISABLE, ARCH_SHSTK_SHSTK);
641	siglongjmp(jmp_buffer, -`1`);
642	}
643
644	/*
645	* Transition to 32 bit mode and check that a #GP triggers a segfault.
646	*/
647	int test_32bit(void)
648	{
649	struct sigaction sa = {};
650	struct sigaction *sa32;
651
652	/ Create sigaction in 32 bit address range /
653	sa32 = mmap(`0`, `4096`, PROT_READ \| PROT_WRITE,
654	MAP_32BIT \| MAP_PRIVATE \| MAP_ANONYMOUS, `0`, `0`);
655	sa32->sa_flags = SA_SIGINFO;
656
657	sa.sa_sigaction = segv_gp_handler;
658	sa.sa_flags = SA_SIGINFO;
659	if (sigaction(SIGSEGV, &sa, NULL))
660	return `1`;
661
662
663	segv_triggered = false;
664
665	/ Make sure segv_triggered is set before triggering the #GP /
666	asm volatile("" : : : "memory");
667
668	/*
669	* Set handler to somewhere in 32 bit address space
670	*/
671	sa32->sa_handler = (void *)sa32;
672	if (sigaction32(SIGUSR1, sa32, NULL))
673	return `1`;
674
675	if (!sigsetjmp(jmp_buffer, `1`))
676	raise(SIGUSR1);
677
678	if (segv_triggered)
679	printf("[OK]\t32 bit test\n");
680
681	return !segv_triggered;
682	}
683
684	void segv_handler_ptrace(int signum, siginfo_t si, void* *uc)
685	{
686	/ The SSP adjustment caused a segfault. /
687	exit(`0`);
688	}
689
690	int test_ptrace(void)
691	{
692	unsigned long saved_ssp, ssp = `0`;
693	struct sigaction sa= {};
694	struct iovec iov;
695	int status;
696	int pid;
697
698	iov.iov_base = &ssp;
699	iov.iov_len = sizeof(ssp);
700
701	pid = fork();
702	if (!pid) {
703	ssp = get_ssp();
704
705	sa.sa_sigaction = segv_handler_ptrace;
706	sa.sa_flags = SA_SIGINFO;
707	if (sigaction(SIGSEGV, &sa, NULL))
708	return `1`;
709
710	ptrace(PTRACE_TRACEME, NULL, NULL, NULL);
711	/*
712	* The parent will tweak the SSP and return from this function
713	* will #CP.
714	*/
715	raise(SIGTRAP);
716
717	exit(`1`);
718	}
719
720	while (waitpid(pid, &status, `0`) != -`1` && WSTOPSIG(status) != SIGTRAP);
721
722	if (ptrace(PTRACE_GETREGSET, pid, NT_X86_SHSTK, &iov)) {
723	printf("[INFO]\tFailed to PTRACE_GETREGS\n");
724	goto out_kill;
725	}
726
727	if (!ssp) {
728	printf("[INFO]\tPtrace child SSP was 0\n");
729	goto out_kill;
730	}
731
732	saved_ssp = ssp;
733
734	iov.iov_len = `0`;
735	if (!ptrace(PTRACE_SETREGSET, pid, NT_X86_SHSTK, &iov)) {
736	printf("[INFO]\tToo small size accepted via PTRACE_SETREGS\n");
737	goto out_kill;
738	}
739
740	iov.iov_len = sizeof(ssp) + `1`;
741	if (!ptrace(PTRACE_SETREGSET, pid, NT_X86_SHSTK, &iov)) {
742	printf("[INFO]\tToo large size accepted via PTRACE_SETREGS\n");
743	goto out_kill;
744	}
745
746	ssp += `1`;
747	if (!ptrace(PTRACE_SETREGSET, pid, NT_X86_SHSTK, &iov)) {
748	printf("[INFO]\tUnaligned SSP written via PTRACE_SETREGS\n");
749	goto out_kill;
750	}
751
752	ssp = `0xFFFFFFFFFFFF0000`;
753	if (!ptrace(PTRACE_SETREGSET, pid, NT_X86_SHSTK, &iov)) {
754	printf("[INFO]\tKernel range SSP written via PTRACE_SETREGS\n");
755	goto out_kill;
756	}
757
758	/*
759	* Tweak the SSP so the child with #CP when it resumes and returns
760	* from raise()
761	*/
762	ssp = saved_ssp + `8`;
763	iov.iov_len = sizeof(ssp);
764	if (ptrace(PTRACE_SETREGSET, pid, NT_X86_SHSTK, &iov)) {
765	printf("[INFO]\tFailed to PTRACE_SETREGS\n");
766	goto out_kill;
767	}
768
769	if (ptrace(PTRACE_DETACH, pid, NULL, NULL)) {
770	printf("[INFO]\tFailed to PTRACE_DETACH\n");
771	goto out_kill;
772	}
773
774	waitpid(pid, &status, `0`);
775	if (WEXITSTATUS(status))
776	return `1`;
777
778	printf("[OK]\tPtrace test\n");
779	return `0`;
780
781	out_kill:
782	kill(pid, SIGKILL);
783	return `1`;
784	}
785
786	int main(int argc, char *argv[])
787	{
788	int ret = `0`;
789
790	if (ARCH_PRCTL(ARCH_SHSTK_ENABLE, ARCH_SHSTK_SHSTK)) {
791	printf("[SKIP]\tCould not enable Shadow stack\n");
792	return `1`;
793	}
794
795	if (ARCH_PRCTL(ARCH_SHSTK_DISABLE, ARCH_SHSTK_SHSTK)) {
796	ret = `1`;
797	printf("[FAIL]\tDisabling shadow stack failed\n");
798	}
799
800	if (ARCH_PRCTL(ARCH_SHSTK_ENABLE, ARCH_SHSTK_SHSTK)) {
801	printf("[SKIP]\tCould not re-enable Shadow stack\n");
802	return `1`;
803	}
804
805	if (ARCH_PRCTL(ARCH_SHSTK_ENABLE, ARCH_SHSTK_WRSS)) {
806	printf("[SKIP]\tCould not enable WRSS\n");
807	ret = `1`;
808	goto out;
809	}
810
811	/ Should have succeeded if here, but this is a test, so double check. /
812	if (!get_ssp()) {
813	printf("[FAIL]\tShadow stack disabled\n");
814	return `1`;
815	}
816
817	if (test_shstk_pivot()) {
818	ret = `1`;
819	printf("[FAIL]\tShadow stack pivot\n");
820	goto out;
821	}
822
823	if (test_shstk_faults()) {
824	ret = `1`;
825	printf("[FAIL]\tShadow stack fault test\n");
826	goto out;
827	}
828
829	if (test_shstk_violation()) {
830	ret = `1`;
831	printf("[FAIL]\tShadow stack violation test\n");
832	goto out;
833	}
834
835	if (test_gup()) {
836	ret = `1`;
837	printf("[FAIL]\tShadow shadow stack gup\n");
838	goto out;
839	}
840
841	if (test_mprotect()) {
842	ret = `1`;
843	printf("[FAIL]\tShadow shadow mprotect test\n");
844	goto out;
845	}
846
847	if (test_userfaultfd()) {
848	ret = `1`;
849	printf("[FAIL]\tUserfaultfd test\n");
850	goto out;
851	}
852
853	if (test_guard_gap()) {
854	ret = `1`;
855	printf("[FAIL]\tGuard gap test\n");
856	goto out;
857	}
858
859	if (test_ptrace()) {
860	ret = `1`;
861	printf("[FAIL]\tptrace test\n");
862	}
863
864	if (test_32bit()) {
865	ret = `1`;
866	printf("[FAIL]\t32 bit test\n");
867	goto out;
868	}
869
870	return ret;
871
872	out:
873	/*
874	* Disable shadow stack before the function returns, or there will be a
875	* shadow stack violation.
876	*/
877	if (ARCH_PRCTL(ARCH_SHSTK_DISABLE, ARCH_SHSTK_SHSTK)) {
878	ret = `1`;
879	printf("[FAIL]\tDisabling shadow stack failed\n");
880	}
881
882	return ret;
883	}
884	#endif
885

source code of linux/tools/testing/selftests/x86/test_shadow_stack.c