From patchwork Sun Nov 12 07:34:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13453307 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A37EC4167D for ; Sun, 12 Nov 2023 07:35:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229441AbjKLHfJ (ORCPT ); Sun, 12 Nov 2023 02:35:09 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51666 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229588AbjKLHfI (ORCPT ); Sun, 12 Nov 2023 02:35:08 -0500 Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE43330C2; Sat, 11 Nov 2023 23:35:05 -0800 (PST) Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-1cc5b7057d5so30587405ad.2; Sat, 11 Nov 2023 23:35:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699774505; x=1700379305; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TF16udhUX0adXTLrLbh6IbPub7a4ZNSYXitVXWKEGdk=; b=RvTisVucAWu5NecdOBh3/1u+8/7q44e5vMH89JlX1C/qC+ecV2ZEJeVxbznEZFxL+S x2oKVhn1jqOB7dN+bjLtt7jnaPWMY6wzb87bGYfsZvx2x6K4PJS6WG0k9A5nhAlUZuz6 xOPF1Ayze4QlfwwYX7dfx/beikQgzQSfkZ6EIGklIq83UgPbA7DfV/iFUJLezxPIkjPr TcVx2SN5wS0e1S+zguJAVYqgAbvYmBt64MWGFe5gVTqW92edBdBKrfmV0w7rgkVSkOZ8 2HgkYPX4VPySlXCoTezqB+NwIZ9FYNtA7PpIhZwf+iJPIkaJT2eg1G/elpU+mj3QWNuO 213w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699774505; x=1700379305; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TF16udhUX0adXTLrLbh6IbPub7a4ZNSYXitVXWKEGdk=; b=VPi/3TqE9rN3lXr5sqVe6JvJe/TTHCcmKnumrm/9ubd7rsELFREI41Ioe2eAZr5bvu z3USPzXld075tCcG4aGb7/CKIh/ARikm5DD1yGlQUWgxW0EQ3oMeDSqxvcCgSgh8m4jf yg/uSZ83mwmrCpfJOyFGRiLsQQ6YTFvqI2v3GVwc0e+xY11d4ZH/WNF7UGwWTeRqdTk+ MaruPztMahK0Hf+WLqc1Mlkov2FrgIRnvt5wnWb/3VO8VUIwwOUHTMl20qzAMY5jOVgt gLY3w74aWWwvhjjUBAEaD6TI4veVJhzCagy5jYf0n0L7rNC1gBNOgwkJEplbgc7gHP2g V2Wg== X-Gm-Message-State: AOJu0YyiH1dt8tvlloYGbrJCQhGo+OIKaVmDOUxXJqxYSvQTxD1lC0Nl mNbs5bXvgiHBkGsQ75LzSNc= X-Google-Smtp-Source: AGHT+IFRF+p6A6m+6oYptnt4iKcO5Ngi/6FUUkp6zcOzgdCiab8IHnyyrYPQ8+IHM1LVXHOf4XGC1w== X-Received: by 2002:a17:902:f646:b0:1cc:40eb:79ae with SMTP id m6-20020a170902f64600b001cc40eb79aemr5284483plg.63.1699774505378; Sat, 11 Nov 2023 23:35:05 -0800 (PST) Received: from vultr.guest ([2001:19f0:ac00:49b3:5400:4ff:fea5:2304]) by smtp.gmail.com with ESMTPSA id 6-20020a170902c10600b001ca4c20003dsm2217394pli.69.2023.11.11.23.35.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 Nov 2023 23:35:04 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, mhocko@suse.com, Yafang Shao Subject: [RFC PATCH -mm 1/4] mm, security: Add lsm hook for mbind(2) Date: Sun, 12 Nov 2023 07:34:21 +0000 Message-Id: <20231112073424.4216-2-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231112073424.4216-1-laoar.shao@gmail.com> References: <20231112073424.4216-1-laoar.shao@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: In container environment, we don't want users to bind their memory to a specific numa node, while we want to unit control memory resource with kubelet. Therefore, add a new lsm hook for mbind(2), then we can enforce fine-grained control over memory policy adjustment by the tasks in a container. Signed-off-by: Yafang Shao --- include/linux/lsm_hook_defs.h | 4 ++++ include/linux/security.h | 10 ++++++++++ mm/mempolicy.c | 4 ++++ security/security.c | 7 +++++++ 4 files changed, 25 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 99b8176..b1b5e3a 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -419,3 +419,7 @@ LSM_HOOK(int, 0, uring_sqpoll, void) LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd) #endif /* CONFIG_IO_URING */ + +LSM_HOOK(int, 0, mbind, unsigned long start, unsigned long len, + unsigned long mode, const unsigned long __user *nmask, + unsigned long maxnode, unsigned int flags) diff --git a/include/linux/security.h b/include/linux/security.h index 1d1df326..9f87543 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -484,6 +484,9 @@ int security_setprocattr(const char *lsm, const char *name, void *value, int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int security_mbind(unsigned long start, unsigned long len, + unsigned long mode, const unsigned long __user *nmask, + unsigned long maxnode, unsigned int flags); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1395,6 +1398,13 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } + +static inline int security_mbind(unsigned long start, unsigned long len, + unsigned long mode, const unsigned long __user *nmask, + unsigned long maxnode, unsigned int flags) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 10a590e..98a378c 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1483,6 +1483,10 @@ static long kernel_mbind(unsigned long start, unsigned long len, if (err) return err; + err = security_mbind(start, len, mode, nmask, maxnode, flags); + if (err) + return err; + return do_mbind(start, len, lmode, mode_flags, &nodes, flags); } diff --git a/security/security.c b/security/security.c index dcb3e70..425ec1c 100644 --- a/security/security.c +++ b/security/security.c @@ -5337,3 +5337,10 @@ int security_uring_cmd(struct io_uring_cmd *ioucmd) return call_int_hook(uring_cmd, 0, ioucmd); } #endif /* CONFIG_IO_URING */ + +int security_mbind(unsigned long start, unsigned long len, + unsigned long mode, const unsigned long __user *nmask, + unsigned long maxnode, unsigned int flags) +{ + return call_int_hook(mbind, 0, start, len, mode, nmask, maxnode, flags); +} From patchwork Sun Nov 12 07:34:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13453308 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 21956C4332F for ; Sun, 12 Nov 2023 07:35:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230198AbjKLHfO (ORCPT ); Sun, 12 Nov 2023 02:35:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51680 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230106AbjKLHfJ (ORCPT ); Sun, 12 Nov 2023 02:35:09 -0500 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 06C262D61; Sat, 11 Nov 2023 23:35:07 -0800 (PST) Received: by mail-pj1-x102c.google.com with SMTP id 98e67ed59e1d1-2809414efa9so2807122a91.1; Sat, 11 Nov 2023 23:35:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699774506; x=1700379306; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xYdTWpyOP7c7R9n9smRutRRnuRGusrKmaHsoBCdqEUQ=; b=co/wzYauKRvgg2aZ2evl03J5YXNh6Uh+91uut8t/qsN6vEbgQgpmWyETHOrRtsAs8Q El9rDmUsLZiYmoxA2JXvA6g7wWezXAJvDO6wWT+ayb9jXMRNYn80r8ue9WmtUDtgMrkk lN4/xeTBaPgMV0xjgv8y8ssV4Bcu7i9XTgvU5shOeQSa7xLAVovKgsDv34EviqizoRhB L9ws22nl6oA8UxLj8bfSvE1lM74YAFRNBhmMi+mF3yBSwRrYEibfTvPtkOWzrU3c6nmA cHCQ/t3LcLPqjIaAdpT3rQyMYLYCBM8cuPXrh5oK/2SdGAwcfgjzp1uKc1uBGQq+NSfd OUaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699774506; x=1700379306; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xYdTWpyOP7c7R9n9smRutRRnuRGusrKmaHsoBCdqEUQ=; b=Qk2bJcZUKjACeBPSyCvqdApMsUvvbmg0yec7XqIpEm+EgxQkiglVQGe5CQLNkTaFXG roI+bEeA1AXyQ0ALFFVy7thYhlMw2jrSKYdCn4UQ8CXUq37mT6UAc6JUDDraExPBJuEw tvT3lke8A/G2D1ULMLxTJ//aZeSIqLECSsDpF0EEr//OG1FCHl3l24nn6Q71bD1KAhvg lgLeAuk0VtLQJmgxZfNSm7qPNiltJ1ZGHWF7wYk68zXZOjuT0+2bhA3/C63NJYCwh88t bONZJlyKBQ7huF0l+24yjK7Qnj4glOLwfCRDp0aZ2CVXM0/X3v3rIDm+HPe6vv2UNV+/ GeSA== X-Gm-Message-State: AOJu0YztO74OkLullIecMpziHp+wRbhLNmTLC5GG8POiGkRpySlUFihB mnedCrrwvg9vtWP4PBJHtNo= X-Google-Smtp-Source: AGHT+IHjlVvRXpoL792rjf7RUUS52eXc/ptj/2L/sng6wD12M2FPp02r4/UYbl9EPmrQlc3ZHvc0Tw== X-Received: by 2002:a17:90b:4b0b:b0:281:b37:2038 with SMTP id lx11-20020a17090b4b0b00b002810b372038mr2194799pjb.1.1699774506515; Sat, 11 Nov 2023 23:35:06 -0800 (PST) Received: from vultr.guest ([2001:19f0:ac00:49b3:5400:4ff:fea5:2304]) by smtp.gmail.com with ESMTPSA id 6-20020a170902c10600b001ca4c20003dsm2217394pli.69.2023.11.11.23.35.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 Nov 2023 23:35:06 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, mhocko@suse.com, Yafang Shao Subject: [RFC PATCH -mm 2/4] mm, security: Add lsm hook for set_mempolicy(2) Date: Sun, 12 Nov 2023 07:34:22 +0000 Message-Id: <20231112073424.4216-3-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231112073424.4216-1-laoar.shao@gmail.com> References: <20231112073424.4216-1-laoar.shao@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: In container environment, we don't want users to bind their memory to a specific numa node, while we want to unit control memory resource with kubelet. Therefore, add a new lsm hook for set_mempolicy(2), then we can enforce fine-grained control over memory policy adjustment by the tasks in a container. Signed-off-by: Yafang Shao --- include/linux/lsm_hook_defs.h | 2 ++ include/linux/security.h | 8 ++++++++ mm/mempolicy.c | 4 ++++ security/security.c | 5 +++++ 4 files changed, 19 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index b1b5e3a..725a03d 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -423,3 +423,5 @@ LSM_HOOK(int, 0, mbind, unsigned long start, unsigned long len, unsigned long mode, const unsigned long __user *nmask, unsigned long maxnode, unsigned int flags) +LSM_HOOK(int, 0, set_mempolicy, int mode, const unsigned long __user *nmask, + unsigned long maxnode) diff --git a/include/linux/security.h b/include/linux/security.h index 9f87543..93c91b6a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -487,6 +487,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, int security_mbind(unsigned long start, unsigned long len, unsigned long mode, const unsigned long __user *nmask, unsigned long maxnode, unsigned int flags); +int security_set_mempolicy(int mode, const unsigned long __user *nmask, + unsigned long maxnode); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1405,6 +1407,12 @@ static inline int security_mbind(unsigned long start, unsigned long len, { return 0; } + +static inline int security_set_mempolicy(int mode, const unsigned long __user *nmask, + unsigned long maxnode) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 98a378c..0a76cd2 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1581,6 +1581,10 @@ static long kernel_set_mempolicy(int mode, const unsigned long __user *nmask, if (err) return err; + err = security_set_mempolicy(mode, nmask, maxnode); + if (err) + return err; + return do_set_mempolicy(lmode, mode_flags, &nodes); } diff --git a/security/security.c b/security/security.c index 425ec1c..79ae17d 100644 --- a/security/security.c +++ b/security/security.c @@ -5344,3 +5344,8 @@ int security_mbind(unsigned long start, unsigned long len, { return call_int_hook(mbind, 0, start, len, mode, nmask, maxnode, flags); } + +int security_set_mempolicy(int mode, const unsigned long __user *nmask, unsigned long maxnode) +{ + return call_int_hook(set_mempolicy, 0, mode, nmask, maxnode); +} From patchwork Sun Nov 12 07:34:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13453309 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF20FC4167B for ; Sun, 12 Nov 2023 07:35:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230106AbjKLHfO (ORCPT ); Sun, 12 Nov 2023 02:35:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42900 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229588AbjKLHfL (ORCPT ); Sun, 12 Nov 2023 02:35:11 -0500 Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5D16C2D7C; Sat, 11 Nov 2023 23:35:08 -0800 (PST) Received: by mail-ot1-x32e.google.com with SMTP id 46e09a7af769-6d30d9f4549so2142101a34.0; Sat, 11 Nov 2023 23:35:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699774507; x=1700379307; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZM+z4PYBGo1mm2pkGctatP2LhDD0LXLs8IszYhVAzsM=; b=B5h7uHtSA9M/kKuywos28JAXq5L80oz71JP+sxo5ad5TX1NM5utneDp+bkuJTYJZ2a aDZ4LHfLwnYFy/4mW9wWy9MX3tMp60qAds0gNDeRos5zFW86TjsbgFxThmnaZcPZ8LpY JeGJU2jf3+UzKyqR1vmnCipT4YWneagOGL9+mliGza/EshYYDYerQTy5VbOPf68yk9wJ iiuPW4AYCOhASiBf2VMpreUUBVoucHlq2jGapnkkmUHVeceezw5F1p1fQdoHjrt3Qdao wB0dAKvvxCH5Gcyuc/t0DqWHpj3Wj4j8hg6lPnSSvPc44R7w03r11LKIu/qoltASsNgs 54/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699774507; x=1700379307; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZM+z4PYBGo1mm2pkGctatP2LhDD0LXLs8IszYhVAzsM=; b=Ibkj6/QdeRBHxM0BuTfZcdSmwkX6UBuytNoRx0KKApmC+W/LxoUHqcmNTaol+o/6FD VvhzDBlk46d5famwWAf4kgDxEFwCc59VVQTynWA0OpriZ9y2003OpgMtguH50vwUgXP5 3846IF96cNk+ZkJ8MYO3am9+T7UZ1AaU5jppywuIfT+PdrzGVjALUry48hz8GVoEOMRd vfJ/Qu1Xo3GN+x89xyL1rbUzahRrasdj21e+Zn6GfI+qeDTqyAChCECLzgafEnzWEJsx TqwZpw3KMm1lHlgdnipVf3WByb/ntonIdEqTaxUaLzIixKIjCt8JaCXeoZW5QpSvmUGR fDWg== X-Gm-Message-State: AOJu0YwtTXF8KzdMWLgpTraY7ZCBW3qX5lfqQDfJGfFJT2LoEWXtshvh 4FnHinyFWnjIj9lBIqUqycwngeezzZbYTmFzEHs= X-Google-Smtp-Source: AGHT+IEjrQA3GC8YAYZ605VpsU18IZ6mMsKqu+CCJxCxJoo10R6PPum6k2MxheaGhmm8FC2lWjmU5g== X-Received: by 2002:a05:6830:16ca:b0:6d3:e5c:768f with SMTP id l10-20020a05683016ca00b006d30e5c768fmr4341945otr.11.1699774507662; Sat, 11 Nov 2023 23:35:07 -0800 (PST) Received: from vultr.guest ([2001:19f0:ac00:49b3:5400:4ff:fea5:2304]) by smtp.gmail.com with ESMTPSA id 6-20020a170902c10600b001ca4c20003dsm2217394pli.69.2023.11.11.23.35.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 Nov 2023 23:35:07 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, mhocko@suse.com, Yafang Shao Subject: [RFC PATCH -mm 3/4] mm, security: Add lsm hook for set_mempolicy_home_node(2) Date: Sun, 12 Nov 2023 07:34:23 +0000 Message-Id: <20231112073424.4216-4-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231112073424.4216-1-laoar.shao@gmail.com> References: <20231112073424.4216-1-laoar.shao@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: In container environment, we don't want users to bind their memory to a specific numa node, while we want to unit control memory resource with kubelet. Therefore, add a new lsm hook for set_mempolicy_home_node(2), then we can enforce fine-grained control over memory policy adjustment by the tasks in a container. Signed-off-by: Yafang Shao --- include/linux/lsm_hook_defs.h | 2 ++ include/linux/security.h | 8 ++++++++ mm/mempolicy.c | 5 +++++ security/security.c | 7 +++++++ 4 files changed, 22 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 725a03d..109883e 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -425,3 +425,5 @@ unsigned long maxnode, unsigned int flags) LSM_HOOK(int, 0, set_mempolicy, int mode, const unsigned long __user *nmask, unsigned long maxnode) +LSM_HOOK(int, 0, set_mempolicy_home_node, unsigned long start, unsigned long len, + unsigned long home_node, unsigned long flags) diff --git a/include/linux/security.h b/include/linux/security.h index 93c91b6a..7b7096f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -489,6 +489,8 @@ int security_mbind(unsigned long start, unsigned long len, unsigned long maxnode, unsigned int flags); int security_set_mempolicy(int mode, const unsigned long __user *nmask, unsigned long maxnode); +int security_set_mempolicy_home_node(unsigned long start, unsigned long len, + unsigned long home_node, unsigned long flags); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1413,6 +1415,12 @@ static inline int security_set_mempolicy(int mode, const unsigned long __user *n { return 0; } + +static inline int security_set_mempolicy_home_node(unsigned long start, unsigned long len, + unsigned long home_node, unsigned long flags) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 0a76cd2..54106e1 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1523,6 +1523,11 @@ static long kernel_mbind(unsigned long start, unsigned long len, return -EINVAL; if (end == start) return 0; + + err = security_set_mempolicy_home_node(start, len, home_node, flags); + if (err) + return err; + mmap_write_lock(mm); prev = vma_prev(&vmi); for_each_vma_range(vmi, vma, end) { diff --git a/security/security.c b/security/security.c index 79ae17d..0a2e062 100644 --- a/security/security.c +++ b/security/security.c @@ -5349,3 +5349,10 @@ int security_set_mempolicy(int mode, const unsigned long __user *nmask, unsigned { return call_int_hook(set_mempolicy, 0, mode, nmask, maxnode); } + +int security_set_mempolicy_home_node(unsigned long start, unsigned long len, + unsigned long home_node, unsigned long flags) +{ + + return call_int_hook(set_mempolicy_home_node, 0, start, len, home_node, flags); +} From patchwork Sun Nov 12 07:34:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13453310 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F31BC072AB for ; Sun, 12 Nov 2023 07:35:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229588AbjKLHfP (ORCPT ); Sun, 12 Nov 2023 02:35:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42910 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230195AbjKLHfM (ORCPT ); Sun, 12 Nov 2023 02:35:12 -0500 Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F09530C2; Sat, 11 Nov 2023 23:35:09 -0800 (PST) Received: by mail-pf1-x435.google.com with SMTP id d2e1a72fcca58-6b20577ef7bso2898931b3a.3; Sat, 11 Nov 2023 23:35:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699774509; x=1700379309; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=50vht9sq3pC6AQ0DqKDnr2Ivz9GlP8f6LKYeDBUf3lU=; b=HBXXigIErt/LXDvGHvWXujgiBgFiWHIJs9mZOJ4W4ZNHD8xLa9HEkH3oVhBD+XN+24 7p/W3GMYv+lZcEuQzxHvhBOvbxCrKsgyJiV9dGpKp448VmGx6rudS2a86SBm/m8lviAz DkpT5zPXVg3ULy6pAbwa4vHdLilQU/kKpSiH6f4gOmOUWsBEFOYJtpAuXkDlSQyo5E8I 4vM7y1MiYSfut/jzBwdyQ5jLojgwEU3swMsLE26thaAUshQK3bpmkawJQSp+6gDTp3KW r8KzWtJ0AHUrQ1rYLj3GDgkgJP/+Gt9Hwk/r2jHCihwPhQHAY2bbEkvDAxXtOWUavqvO Gk0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699774509; x=1700379309; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=50vht9sq3pC6AQ0DqKDnr2Ivz9GlP8f6LKYeDBUf3lU=; b=vEu6Oj3Hoh3YcHjray3/PZXLU7uGK9u6godqJY8ZBHvs+ZgfpqlOExEtLTVjp+7nhu atREzt3g8fkIoS0DaDHoT9V7TI/RZJWKOQdC7Onn7a7hFoJ04WTUxn3nGyBJveFgvZQZ /ONLqrWQdmoD/LKfgBrwEhGV13NfXXI7JeEH9WV6yyfuvGCwgo9z3TDAFn6XWwO/ELWL Zzq5K819bUj7SVpdl5gteBjxlm+vNbz+qCplocPkwbPtkojnFZtllrc2FQX1p9+dsKYz ByLB82DN6cH1KTEVWJegVQaj1V+Pf6PrG/0b3rAgq3CXojWbfgudH1DzZz72BbzxfPls JE0Q== X-Gm-Message-State: AOJu0YzO+3whrRkwFR5Kc3+XFfpVeYKesnzWqr6oHu2ZTi5ORn0zPNzv UArEeQpaj5XhwXfi9wcJ1uk= X-Google-Smtp-Source: AGHT+IGH2gtxhjldYT1quj3TLtuuVLLB6B2UrqBde4ZiVUZJi/ui1uancDFmFfDtAVJ0Dgb6cAfDkQ== X-Received: by 2002:a17:902:a985:b0:1cc:5549:aabd with SMTP id bh5-20020a170902a98500b001cc5549aabdmr2353792plb.8.1699774508821; Sat, 11 Nov 2023 23:35:08 -0800 (PST) Received: from vultr.guest ([2001:19f0:ac00:49b3:5400:4ff:fea5:2304]) by smtp.gmail.com with ESMTPSA id 6-20020a170902c10600b001ca4c20003dsm2217394pli.69.2023.11.11.23.35.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 Nov 2023 23:35:08 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, mhocko@suse.com, Yafang Shao Subject: [RFC PATCH -mm 4/4] selftests/bpf: Add selftests for mbind(2) with lsm prog Date: Sun, 12 Nov 2023 07:34:24 +0000 Message-Id: <20231112073424.4216-5-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231112073424.4216-1-laoar.shao@gmail.com> References: <20231112073424.4216-1-laoar.shao@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: The result as follows, #142/1 mempolicy/MPOL_BIND_with_lsm:OK #142/2 mempolicy/MPOL_DEFAULT_with_lsm:OK #142/3 mempolicy/MPOL_BIND_without_lsm:OK #142/4 mempolicy/MPOL_DEFAULT_without_lsm:OK #142 mempolicy:OK Signed-off-by: Yafang Shao --- tools/testing/selftests/bpf/prog_tests/mempolicy.c | 79 ++++++++++++++++++++++ tools/testing/selftests/bpf/progs/test_mempolicy.c | 29 ++++++++ 2 files changed, 108 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/mempolicy.c create mode 100644 tools/testing/selftests/bpf/progs/test_mempolicy.c diff --git a/tools/testing/selftests/bpf/prog_tests/mempolicy.c b/tools/testing/selftests/bpf/prog_tests/mempolicy.c new file mode 100644 index 0000000..e0dfb18 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/mempolicy.c @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 Yafang Shao */ + +#include +#include +#include +#include +#include +#include "test_mempolicy.skel.h" + +#define SIZE 4096 + +static void mempolicy_bind(bool success) +{ + unsigned long mask = 1; + char *addr; + int err; + + addr = mmap(NULL, SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (!ASSERT_OK_PTR(addr, "mmap")) + return; + + err = mbind(addr, SIZE, MPOL_BIND, &mask, sizeof(mask), 0); + if (success) + ASSERT_OK(err, "mbind_success"); + else + ASSERT_ERR(err, "mbind_fail"); + + munmap(addr, SIZE); +} + +static void mempolicy_default(void) +{ + char *addr; + int err; + + addr = mmap(NULL, SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (!ASSERT_OK_PTR(addr, "mmap")) + return; + + err = mbind(addr, SIZE, MPOL_DEFAULT, NULL, 0, 0); + ASSERT_OK(err, "mbind_success"); + + munmap(addr, SIZE); +} +void test_mempolicy(void) +{ + struct test_mempolicy *skel; + int err; + + skel = test_mempolicy__open(); + if (!ASSERT_OK_PTR(skel, "open")) + return; + + skel->bss->target_pid = getpid(); + + err = test_mempolicy__load(skel); + if (!ASSERT_OK(err, "load")) + goto destroy; + + /* Attach LSM prog first */ + err = test_mempolicy__attach(skel); + if (!ASSERT_OK(err, "attach")) + goto destroy; + + /* syscall to adjust memory policy */ + if (test__start_subtest("MPOL_BIND_with_lsm")) + mempolicy_bind(false); + if (test__start_subtest("MPOL_DEFAULT_with_lsm")) + mempolicy_default(); + +destroy: + test_mempolicy__destroy(skel); + + if (test__start_subtest("MPOL_BIND_without_lsm")) + mempolicy_bind(true); + if (test__start_subtest("MPOL_DEFAULT_without_lsm")) + mempolicy_default(); +} diff --git a/tools/testing/selftests/bpf/progs/test_mempolicy.c b/tools/testing/selftests/bpf/progs/test_mempolicy.c new file mode 100644 index 0000000..2fe8c99 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_mempolicy.c @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 Yafang Shao */ + +#include "vmlinux.h" +#include +#include +#include + +int target_pid; + +static int mem_policy_adjustment(u64 mode) +{ + struct task_struct *task = bpf_get_current_task_btf(); + + if (task->pid != target_pid) + return 0; + + if (mode != MPOL_BIND) + return 0; + return -1; +} + +SEC("lsm/mbind") +int BPF_PROG(mbind_run, u64 start, u64 len, u64 mode, const u64 *nmask, u64 maxnode, u32 flags) +{ + return mem_policy_adjustment(mode); +} + +char _license[] SEC("license") = "GPL";