From patchwork Thu Dec 14 12:50:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13493008 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E763C4332F for ; Thu, 14 Dec 2023 12:52:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B26F98D00B2; Thu, 14 Dec 2023 07:51:52 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A37088D00B1; Thu, 14 Dec 2023 07:51:52 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 83C7C8D00B2; Thu, 14 Dec 2023 07:51:52 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 51FA68D00B1 for ; Thu, 14 Dec 2023 07:51:52 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 1E08E120B9D for ; Thu, 14 Dec 2023 12:51:52 +0000 (UTC) X-FDA: 81565410864.23.B8D2E9D Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by imf23.hostedemail.com (Postfix) with ESMTP id 4E2B214001D for ; Thu, 14 Dec 2023 12:51:50 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=O7bMR8Yj; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf23.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1702558310; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TyrHpozxlKgTFPeXDtkYdtWnntKkuOFgibrMNmUzOUE=; b=GYw9RS+NGW83tMmcmC1uhJWaWuBc1XOuG4i0FIoZbJTF81UJmB7qqH+e+QOcw2oN0AU/FV xsxsJnKMY3xca6DvsGIFGgRPgnS46POVlqc/BT98TODG2MMAYo2pWxLDoBU2BFcel3nJtu gu7groFsZA+d53i4Uk3F1kIRnKXaUr8= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=O7bMR8Yj; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf23.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1702558310; a=rsa-sha256; cv=none; b=HFkt9B/sQeji94H0/obqzaKwkkXItLamL2VzbA8uqZSshrsIykUGOKEsxsbUp197M0UAM8 2XWpY8xHKvCmAIqQK4ant3PD4l3vljedBU3BlV+DGQO9DVJWJG6MvWcI4X7WXxO3f25iun gF6CYj3DZVP0of4BaoepKyEMsu/YMDk= Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1d08a924fcfso76477345ad.2 for ; Thu, 14 Dec 2023 04:51:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702558309; x=1703163109; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TyrHpozxlKgTFPeXDtkYdtWnntKkuOFgibrMNmUzOUE=; b=O7bMR8Yj3de+I1avy+HQOYjzv+WRMhnMz8fsPCkLxXKkgNnBKofNJRsryDSBvzTh73 mHhmg+ozQMxNRQCJ9RRGutEh6KRQklIMj0SThu7mWiL3e2JR4l8z24Jfkeinxx7LV86t EcRMnubl8paXxvc095R4CiW1enJdGEjbCQmxt7JZWEUDmbAkbDcc4a5UV87bLrBVHKZJ Y6UyIz5D/4aJsAVzMlYDtKOWu6pLtFPQKSfIccnuZTkdZJV5Re3JafHe3rpxV9C43Dpg FpJr8RvTqU8yZir1HV+Hj9IxOTlEL+nvdpcLaGVS6X6jt8TLlc3VJ5VFl6lKjzlhpYWi qZ1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558309; x=1703163109; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TyrHpozxlKgTFPeXDtkYdtWnntKkuOFgibrMNmUzOUE=; b=fVebuEtx8QC81RaoEOTZIr7NDf8TZm2vga2RvhFrueRGXDSiPR5WoWSDSqxgoBAo4l lZ0Q9F/Utq5c8WI2neAIdgfAm/MoxustTB5ca2sCi2NU5/vjc1l8vr1d/IuC1m0SvmSo OPTsw6gnePqhRHCFZb4Q7jADCRNx13GxnROvJAIVsxR0p9ySnjrfCvLkXzUGG4DSzsA3 0/JeqPDimzuaeNbeL8533PvBgJ84gr2L8yM1vNZ/N345SWidjxlvJIMc8DutFCgF2P9e gbdSuG6n1L9dQmsHtOLdoNuxl1eJVPgb65qn9BIgjmu+wEE621+ztbShxTH5c/Y8D5o3 UQ5A== X-Gm-Message-State: AOJu0YxB6dhVqOm/OSKJeJsNFK+KR3JRcwD/Fjj6yigCfWEF67CiPk8h P8DOqKsy+33Zjbm0MYEWRjU= X-Google-Smtp-Source: AGHT+IHKABTJfb+UE9Rl0k944YTPHTs0rNUemBBzZ7HjNhQ1RB6o1I8s72VFPWyQj+fYjdmi8hT7kw== X-Received: by 2002:a17:902:ebcd:b0:1d0:c906:f5e0 with SMTP id p13-20020a170902ebcd00b001d0c906f5e0mr11350823plg.72.1702558309099; Thu, 14 Dec 2023 04:51:49 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id jj17-20020a170903049100b001d36b2e3dddsm1184528plb.192.2023.12.14.04.51.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:51:48 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, casey@schaufler-ca.com, kpsingh@kernel.org, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v5 bpf-next 5/5] selftests/bpf: Add selftests for set_mempolicy with a lsm prog Date: Thu, 14 Dec 2023 12:50:33 +0000 Message-Id: <20231214125033.4158-6-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231214125033.4158-1-laoar.shao@gmail.com> References: <20231214125033.4158-1-laoar.shao@gmail.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4E2B214001D X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: g997i65w4h3z5pxw597wb6cgh7zfx74m X-HE-Tag: 1702558310-26461 X-HE-Meta: U2FsdGVkX182eD0LLBJA2kHr5U1fAEtrHnfY8YO6Brws8d+s9XKeqapiDKik8AeXAlsuXG6gYtStp1g2lLbxZpDu+egI+Lh97ofmLpZZAZ7dk8/+9SsFz1s9BQEZdLUxnaL6GsiTaGK1a2CWiwt3pkcVskCc4Y5JYhevDlYSEyl8/+Wp4ezpHnZBZtKl/8/CVgnDKWE0VLv2NGHIyw20D9oe8my2XBnwMMyAXzaAF5FWTTzADPZ09QhfXNGTl/0p38vyWLYgakLmLJ1jd/dLpl9ylv1JR7zr70U2YCM2mQMO7AsMVSDgC9WI8XXfcy0ibVI3SfLwSYRRBth0HPW4XrglRzgP7QqXTcsvevkz9e+Fhrj3GAQjhUXBzqa+zqlA4HggIk5vMvcQV8R2Q0j+Q3fF9jtdWZ069y/bBQ1qzLO8XVN14hFF6Kt0s/r2MMyrJIksoPnDe8p0cOmbfQyF2ca2HkSDnEiJtfHl24czIV36lGSJNFll8/8kmW6bdU89hFwgf3yTNTWdF/4Ql2jfSJ7ZCFcB4De6bBhP4+j1Q3TsmI96Lyqz11+1a6CO5W/R2LEwVH8BEhM+57iT9qoBH7HnhU2MyAEngbK357EeUV3XlJhXStkxsaZA/VNAtQxM3b2X9YLm0/S6Kr0OVAhpE1DI86CFpMHunLbSk/hhoCbm3D1oDpv47Zguuh56A0QC2cRsaMhf/f2K32LLH2qIvYja0tFCYBE4XxsM/NxoGwMIgqWRcEizLffsaC7qsT+z9lEDlNv1U/Ul4IYwvJqTJciMItoB0lef9SQTtFvl7JrHRui5n5CWDjFggh+ALN3m1EZBmBJu7W5kOafS7BpUUYXTt2dLs7bITZSU49woFfS3LQZ/7QUPlwmpl931HpLEoCgpvNNPRxFeozm4+s8XOSSwCfMCShpqOjrhJjxEZhHnyHSImibVuW0ldwf7P5qoUKiuvOE0JZgoFraAkDP EEkY8CG1 ySioflSZFl8xxABlj86BHVuDYqzG8Bm7J5ko5ULboD+WNXbEzFIy+iEXZlaO3TBPWxyGLLB8T/B+1e6LYJeV5dAJjRR81LqkHM1YaMzDbPEB06sjBS/p0W3TQJYkALAT27879jfCjh72mH3cAzWdL0pMqVgFl7EjKD6oVfXTAfDgeUmL6uNPYWu/K8BFidzyML9T3Yb1tJA1Ei79gOA7MlU2+Q42dWGS/srwroRVQvxy+57NtgI62fSbEvnl3DF5RGV6aYHzsBkNPaAPtiBoRWtA0vB84X/qzewahuRrP1G06zsFghZfvebrKsWBpUjmR0gnlldrb19VJ7sAlzzQKEzD9pCFTNg/m3dvO4nJnp4Vj+CskqfLdtVKc5C1T4EcaCXh0G3Z9oz1YxHgX6DcdyS8+2jl/vbcouWqKvZ1pGxdlBlIlC2QQrJHJsClYkJ1c5wL0orXAju9fGjW3S62ANOFHse2uVw6x4NOnfQXbK7rcwVjRg4GeTHWjOVOtvwl3pQ5X101RfEBPjdoNphKkh7Let8zM11zlbuJx9/UPOg+x+4HobvGT0o0kKjamNOCofcZbtBOtavYNW/ul2Gzg022PrnTTnpMk3piLYtfd9i60zJ9nBOS6rSQN2Tuoed5e8Sxi X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In the straightforward LSM prog, it denies the use of mbind(2) with the mode MPOL_BIND and permits other modes. Consequently: - Absent the LSM prog, mbind(2) should invariably succeed regardless of the mode #263/1 set_mempolicy/MPOL_BIND_without_lsm:OK #263/2 set_mempolicy/MPOL_DEFAULT_without_lsm:OK - With the LSM prog - mbind(2) with the mode MPOL_BIND should result in failure #263/3 set_mempolicy/MPOL_BIND_with_lsm:OK - mbind(2) with the mode MPOL_DEFAULT should succeed #263/4 set_mempolicy/MPOL_DEFAULT_with_lsm:OK - Summary #263 set_mempolicy:OK Summary: 1/4 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Yafang Shao --- .../selftests/bpf/prog_tests/set_mempolicy.c | 84 ++++++++++++++++++++++ .../selftests/bpf/progs/test_set_mempolicy.c | 28 ++++++++ 2 files changed, 112 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/set_mempolicy.c create mode 100644 tools/testing/selftests/bpf/progs/test_set_mempolicy.c diff --git a/tools/testing/selftests/bpf/prog_tests/set_mempolicy.c b/tools/testing/selftests/bpf/prog_tests/set_mempolicy.c new file mode 100644 index 0000000..4d3fe1d --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/set_mempolicy.c @@ -0,0 +1,84 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 Yafang Shao */ + +#include +#include +#include +#include +#include +#include "test_set_mempolicy.skel.h" + +#define SIZE 4096 + +static void mempolicy_bind(bool success) +{ + unsigned long mask = 1; + char *addr; + int err; + + addr = mmap(NULL, SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (!ASSERT_OK_PTR(addr, "mmap")) + return; + + /* -lnuma is required by mbind(2), so use __NR_mbind to avoid the dependency. */ + err = syscall(__NR_mbind, addr, SIZE, MPOL_BIND, &mask, sizeof(mask), 0); + if (success) + ASSERT_OK(err, "mbind_success"); + else + ASSERT_ERR(err, "mbind_fail"); + + munmap(addr, SIZE); +} + +static void mempolicy_default(void) +{ + char *addr; + int err; + + addr = mmap(NULL, SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (!ASSERT_OK_PTR(addr, "mmap")) + return; + + err = syscall(__NR_mbind, addr, SIZE, MPOL_DEFAULT, NULL, 0, 0); + ASSERT_OK(err, "mbind_success"); + + munmap(addr, SIZE); +} + +void test_set_mempolicy(void) +{ + struct test_set_mempolicy *skel; + int err; + + skel = test_set_mempolicy__open(); + if (!ASSERT_OK_PTR(skel, "open")) + return; + + skel->bss->target_pid = getpid(); + + err = test_set_mempolicy__load(skel); + if (!ASSERT_OK(err, "load")) + goto destroy; + + /* Without LSM, mbind(2) should succeed regardless of the mode. */ + if (test__start_subtest("MPOL_BIND_without_lsm")) + mempolicy_bind(true); + if (test__start_subtest("MPOL_DEFAULT_without_lsm")) + mempolicy_default(); + + /* Attach LSM prog, in which it will deny MPOL_BIND */ + err = test_set_mempolicy__attach(skel); + if (!ASSERT_OK(err, "attach")) + goto destroy; + + /* MPOL_BIND should fail. */ + if (test__start_subtest("MPOL_BIND_with_lsm")) + mempolicy_bind(false); + + /* MPOL_DEFAULT should succeed. */ + if (test__start_subtest("MPOL_DEFAULT_with_lsm")) + mempolicy_default(); + +destroy: + test_set_mempolicy__destroy(skel); +} diff --git a/tools/testing/selftests/bpf/progs/test_set_mempolicy.c b/tools/testing/selftests/bpf/progs/test_set_mempolicy.c new file mode 100644 index 0000000..b5356d5 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_set_mempolicy.c @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 Yafang Shao */ + +#include "vmlinux.h" +#include +#include + +int target_pid; + +static int mem_policy_adjustment(u64 mode) +{ + struct task_struct *task = bpf_get_current_task_btf(); + + if (task->pid != target_pid) + return 0; + + if (mode != MPOL_BIND) + return 0; + return -1; +} + +SEC("lsm/set_mempolicy") +int BPF_PROG(setmempolicy, u64 mode, u16 mode_flags, nodemask_t *nmask, u32 flags) +{ + return mem_policy_adjustment(mode); +} + +char _license[] SEC("license") = "GPL";