cheribsdtest: Fix malloc cheribsdtest when revocation is disabled.

 - Skip additional tests when security.cheri.runtime_revocation_default=0
 - Skip malloc_double_free test when revocation is disabled.
 - Fix rallocx_aligned test to never pass NULL to rallocx. This is
   not allowed by the upstream rallocx() interface and it is an mrs-specific
   extension. Add an assertion to MRS to catch this if used.

Author: qwattash

bin/cheribsdtest/cheribsdtest.h

@@ -349,6 +349,7 @@ extern ptraddr_t find_address_space_gap(size_t len, size_t align);
 extern pid_t cheribsdtest_spawn_child(enum spawn_child_mode mode);
 
 const char *skip_need_cheri_revoke(const struct cheri_test *ctp);
+const char *skip_need_default_cheri_revoke(const struct cheri_test *ctp);
 
 const char *cheribsdtest_get_helper_path(void);
 const char *cheribsdtest_skip_no_helper(const struct cheri_test *ctp);

bin/cheribsdtest/cheribsdtest_malloc.c

@@ -45,9 +45,18 @@
 extern volatile void *eptr;
 volatile void *eptr;
 
+static const char *
+skip_malloc_revocation_disabled(const struct cheri_test *ctp __unused)
+{
+	if (malloc_revoke_enabled())
+		return (NULL);
+	return ("malloc quarantine disabled");
+}
+
 CHERIBSDTEST(malloc_double_free, "malloc aborts on double free",
     .ct_flags = CT_FLAG_SIGEXIT,
-    .ct_signum = SIGABRT)
+    .ct_signum = SIGABRT,
+    .ct_check_skip = skip_malloc_revocation_disabled)
 {
 	volatile void *ptr;
 
@@ -60,14 +69,6 @@ CHERIBSDTEST(malloc_double_free, "malloc aborts on double free",
 	cheribsdtest_failure_errx("malloc() did not abort");
 }
 
-static const char *
-skip_malloc_revocation_disabled(const struct cheri_test *ctp __unused)
-{
-	if (malloc_revoke_enabled())
-		return (NULL);
-	return ("malloc quarantine disabled");
-}
-
 CHERIBSDTEST(malloc_revoke_basic,
     "verify that a free'd pointer is revoked by malloc_revoke",
     .ct_check_skip = skip_malloc_revocation_disabled)
@@ -257,7 +258,7 @@ malloc_revocation_ctl_common(const char *progname, bool should_be_revoking)
 
 CHERIBSDTEST(malloc_revocation_ctl_baseline,
     "A base binary reports revocation is enabled",
-    .ct_check_skip = skip_need_cheri_revoke)
+    .ct_check_skip = skip_need_default_cheri_revoke)
 {
 	malloc_revocation_ctl_common("malloc_revoke_enabled", true);
 }
@@ -300,7 +301,7 @@ CHERIBSDTEST(malloc_revocation_ctl_elfnote_enable_protctl_disable,
 
 CHERIBSDTEST(malloc_revocation_ctl_suid_baseline,
     "A suid binary reports revocation is enabled",
-    .ct_check_skip = skip_need_cheri_revoke)
+    .ct_check_skip = skip_need_default_cheri_revoke)
 {
 	malloc_revocation_ctl_common("malloc_revoke_enabled_suid", true);
 }
@@ -396,7 +397,7 @@ CHERIBSDTEST(mallocx_alignment, "Check that mallocx aligns allocations")
 static void
 check_rallocx(size_t size)
 {
-	static void *data = NULL;
+	void *data = malloc(1);
 
 	data = rallocx(data, size, MALLOCX_ALIGN(size));
 	CHERIBSDTEST_VERIFY2(__builtin_is_aligned(data, size),

bin/cheribsdtest/cheribsdtest_util.c

@@ -135,3 +135,19 @@ skip_need_cheri_revoke(const struct cheri_test *ctp __unused)
 		return ("Kernel does not support revocation");
 	return (NULL);
 }
+
+const char *
+skip_need_default_cheri_revoke(const struct cheri_test *ctp __unused)
+{
+	int value = 0;
+	size_t len = sizeof(value);
+
+	if (sysctlbyname("security.cheri.runtime_revocation_default",
+	    &value, &len, NULL, 0)) {
+		return (NULL);
+	}
+	if (value == 0) {
+		return ("System disables revocation");
+	}
+	return (NULL);
+}

lib/libc/stdlib/malloc/mrs/mrs.c

@@ -1824,6 +1824,7 @@ mrs_rallocx(void *ptr, size_t size, int flags)
 	if (!quarantining)
 		return (mrs_real_rallocx(ptr, size, flags));
 
+	assert(ptr != NULL);
 	old_size = cheri_getlen(ptr);
 
 	mrs_debug_printf("%s: called ptr %p ptr size %zu new size %zu\n",