From patchwork Thu Dec 14 12:50:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13493004 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC2D6C4167B for ; Thu, 14 Dec 2023 12:51:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 31A908D00AE; Thu, 14 Dec 2023 07:51:46 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2954B8D00A2; Thu, 14 Dec 2023 07:51:46 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1359E8D00AE; Thu, 14 Dec 2023 07:51:46 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id EF7308D00A2 for ; Thu, 14 Dec 2023 07:51:45 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id D278D40203 for ; Thu, 14 Dec 2023 12:51:45 +0000 (UTC) X-FDA: 81565410570.23.832ED92 Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by imf30.hostedemail.com (Postfix) with ESMTP id 017DD80017 for ; Thu, 14 Dec 2023 12:51:43 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b="EkLTR/rt"; spf=pass (imf30.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.214.176 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1702558304; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5FXGf9L1hz/wQQ/jUv0sNTidQzM378s4gfN4y5IQE/M=; b=H/O7i93YSYh82eB/47CkGYTZxmPR9/idbdr7efPZrjsIQ1LSmCJA9LQ4axec/M1/L5Ajpb thctt3OMzG04TFLZQTex/L1HVqR4NgI+nc5KcyRx1vQ3uHM4nJ42CmjkxWyyqYIP7kIDbe ETfsRmgPX8WB6Rx+Ev2YoixQBkHQfS8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1702558304; a=rsa-sha256; cv=none; b=gmvaGav0oRJqtD9Ak/iDRWevtgwGiLfpY4D7yqmDA/Pd9/Zxs99qxwMHcwTTGGhNorM0rf zukh5LG2F1MV47WwL3SvjdPLJ9PUE1rifMsLC8OFc/OmW5wonCp1x5EqDfsxPPkFMKiHuW LG36DEHAels2z2RXkNs6HCNHLRQJeq8= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b="EkLTR/rt"; spf=pass (imf30.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.214.176 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-1d04c097e34so4635155ad.0 for ; Thu, 14 Dec 2023 04:51:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702558303; x=1703163103; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5FXGf9L1hz/wQQ/jUv0sNTidQzM378s4gfN4y5IQE/M=; b=EkLTR/rto/OE6s431A9AUk2yPzCRqxhTuKz1nNEZTxYe+eHpSh5myJKfIpthHsJOy2 uIcEbz3Qte0faCt8Z0b29SddAxlLKCifjIcJXzkBr5oMT3K2q7WVWie6jdSr/pkxk5iC UNlxTbmvPUG7m+mfXz9fIQyB/nBmOR6VDpvZ8tfZEQIEJDJPLGHouPMr+et83BVVDXOq v5+tMjHt6xKbVhI5ZN0dg93Y8s/pj7F91G0SgUN6aSIS+xtG6OGlf5IX7TmD0feouIfT rh2C7QxQWv2yD0cU2+YH0eHR9iRkHDBK1J7/VY6PAYwoCpc0uz/nvW2RmXP/PcO3+FXd ejIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558303; x=1703163103; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5FXGf9L1hz/wQQ/jUv0sNTidQzM378s4gfN4y5IQE/M=; b=ozk3X5J6H3eidnIszsCT5KN0RaXIQl4GmZUypSoOJaPt0GEw8qNwNyYpYeS1ntjJ4q Bv06FvfWT7jrf/LUzbPi/DcJqXA233l574rQFrM+vPusfV/nWA+mwGlga2Op6hCEmzre oda9oAoa/DlrgJ1CjM6g9mFY6NBZzPWZTNdzrI7yy+VnMefXt8NDdT1CmElu8Q3mj7ri dvARCb2uar7QRDkX5XVp86BJnWwkAEURbCr7qHBnZAbp2xlGFwRA5SlciIdp4uIYoDS1 OECRtMvPVX8UQqYL3ON8naiCUuHnty2NvQa81AHm8g+pTRd7fhvCq0e4MZpw5jRQoSzx khXg== X-Gm-Message-State: AOJu0Yy9MV0BBpFIxM7FLBy+cYHsZky6DMv0nzB0NbLeV4hAyIr5bkrr +rkp+eBDxm4LRBHaFW156B0= X-Google-Smtp-Source: AGHT+IGun9zwMBNgulopQ02olJANVXRIqTshnpV14IXmUgWVJbUSdBEHOhQ1kCfxytlwL/jT6XC2+A== X-Received: by 2002:a17:902:c98a:b0:1d3:71dc:b3f with SMTP id g10-20020a170902c98a00b001d371dc0b3fmr434698plc.36.1702558302859; Thu, 14 Dec 2023 04:51:42 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id jj17-20020a170903049100b001d36b2e3dddsm1184528plb.192.2023.12.14.04.51.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:51:42 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, casey@schaufler-ca.com, kpsingh@kernel.org, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v5 bpf-next 1/5] mm, doc: Add doc for MPOL_F_NUMA_BALANCING Date: Thu, 14 Dec 2023 12:50:29 +0000 Message-Id: <20231214125033.4158-2-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231214125033.4158-1-laoar.shao@gmail.com> References: <20231214125033.4158-1-laoar.shao@gmail.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 017DD80017 X-Rspam-User: X-Stat-Signature: 6f8ditdgkaow9p17jrtoswhqhybwm9dm X-Rspamd-Server: rspam03 X-HE-Tag: 1702558303-203883 X-HE-Meta: U2FsdGVkX1+o/OagF6ef4b1oHackgFPa3b8ejYiviI4RvY43FuH6SF7St3/F5aLyBGBcqw6gYcsh7FWZGcygkDRlDG9zC+xMnF7qznNUCUPh3ndWOh7jtIRCWnD24mGvJZXG1ytb4zAcFGPcu4IMnW+R/Ylf2zzPldM//q06xcZW2QKOwyOPKc/XqJe+I0roGT2hfvcIPWtZKF2N2493BGC2Umx/5qFWfHMBUJTfSo7QX9X2gA2EzO/lXrXR1+gl6ovJ5kXVoIH1MuciylI6ghkc+phIew8FvfI0TrqTaBEpkyfOg9oHwTud5GAsbV9youNYRSzRGlcLqpKokE2Qwdy3yYQ/sf4lu3n0bOehRvEKuwcVgfvBV2uqpnItVz+F5LftcSaih99agpMqEl+O+SH6thy6f3aDMPCqpnevIq9YT/D8nvoufCMwb+IlMTD3/4CIewyJAqzOw4OlQwsa+g020bsMLPP4htySYu30uQr4wSkykTLgaezVxdPsMmsnO2FqUlzZW6AwqgYDCSo9J235QR/8uZIIc/gbiHlkI1fn8xVjXw+XOop41NnbPO1vbABBu1mtaTqafM26ObvHyVXARmCFN26GqBFCEyusTGHKb2ACGhRxVrohkDgpWaW3GGIdWuWNEaHLKesUtIxOWF4A9vyneHWCcSJtB5LhKpYeZDAKjJeu4Bk8/aYOhSLWKE+AWKTKXYc51eELFM947A40sZSnuTbd85l/6Npy4D+hPTczNt8rvasECzDOFCGD8Vpq/2MBCZfQtOLUnklp3Xw3aRspxi5UHLl2jj4Lc2iRAOE18o2oJw8KbQmEPIhwl37rRlWZkQQBlnv+3yzL9xviW0nZ6fU8HjhpBnNNMYs5epT5kYrhMDd4JqnGpktmgd+u2KBVqJQcRouK2Os1kUpaNvGSiColr3L8lEMKal9INS9S0qE4yyV5eY4BqYEj4vHd6+iF1j67rlMDoOL OBOj2i7Z sAgzU5+b1gWtnMyIbZW2Kq9g0fJUOKQKWSZKy+3IzzmF5TTCNSkWwLL8Nn0Y/221PyVI3tE7SkctHf/phXYfmZYFGgmXvUyOauorA9iMuglcacExCsre4WPbrOqX4DNsBmeQOArx0Ijgnl7fQpaH7XrKJDqaTIAp//Y5apJF4+oQ2+W2wFgwnC/AL4psnDxQR+jN88O9Mr7VvwCeV0R2E6KJPPpA6aFt6o2w4LcXnbq9ERk0MOo03A/JGuQHsXqm/0GJx/zWpMQSEd8ozDBL0D7zuqm7Ozb6aEiZDvoM+8ALc6K99WhW+SRMN8PIQVCoh9VIEdQxV0harieJ23eh+3SeREOfufpeT+jee3PvNUA9gN32cNbUKfRqPlCpzfVn/GQ7nUWXTW79MComh+lJZkhO+FpGkdZKxeIxSuBNenoP1YWesbJGabWOVvo1Akq7OsHREK7RjHTesaMEdQTD9pU1odZwSTPRRBYO8bbmlaTf13SNNhmy01WatjGLKuL2jNUNGFet6oloSV+BY7FNago+q18/+yBtJKavylmD88/ph4RsCgvHjcm/GJCDIAELDOfUb+FVm1dN4qN+cqGxLgg7mz7GU5amnSAallTvUbJJ9t3M= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000007, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The document on MPOL_F_NUMA_BALANCING was missed in the initial commit The MPOL_F_NUMA_BALANCING document was inadvertently omitted from the initial commit bda420b98505 ("numa balancing: migrate on fault among multiple bound nodes") Let's ensure its inclusion. Signed-off-by: Yafang Shao Reviewed-by: "Huang, Ying" --- .../admin-guide/mm/numa_memory_policy.rst | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/Documentation/admin-guide/mm/numa_memory_policy.rst b/Documentation/admin-guide/mm/numa_memory_policy.rst index eca38fa..19071b71 100644 --- a/Documentation/admin-guide/mm/numa_memory_policy.rst +++ b/Documentation/admin-guide/mm/numa_memory_policy.rst @@ -332,6 +332,33 @@ MPOL_F_RELATIVE_NODES MPOL_PREFERRED policies that were created with an empty nodemask (local allocation). +MPOL_F_NUMA_BALANCING (since Linux 5.12) + When operating in MPOL_BIND mode, enables NUMA balancing for tasks, + contingent upon kernel support. This feature optimizes page + placement within the confines of the specified memory binding + policy. The addition of the MPOL_F_NUMA_BALANCING flag augments the + control mechanism for NUMA balancing: + + - The sysctl knob numa_balancing governs global activation or + deactivation of NUMA balancing. + + - Even if sysctl numa_balancing is enabled, NUMA balancing remains + disabled by default for memory areas or applications utilizing + explicit memory policies. + + - The MPOL_F_NUMA_BALANCING flag facilitates NUMA balancing + activation for applications employing explicit memory policies + (MPOL_BIND). + + This flags enables various optimizations for page placement through + NUMA balancing. For instance, when an application's memory is bound + to multiple nodes (MPOL_BIND), the hint page fault handler attempts + to migrate accessed pages to reduce cross-node access if the + accessing node aligns with the policy nodemask. + + If the flag isn't supported by the kernel, or is used with mode + other than MPOL_BIND, -1 is returned and errno is set to EINVAL. + Memory Policy Reference Counting ================================ From patchwork Thu Dec 14 12:50:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13493005 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B02BC4332F for ; Thu, 14 Dec 2023 12:51:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B97048D00AF; Thu, 14 Dec 2023 07:51:47 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id B464E8D00A2; Thu, 14 Dec 2023 07:51:47 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9C24F8D00AF; Thu, 14 Dec 2023 07:51:47 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 824348D00A2 for ; Thu, 14 Dec 2023 07:51:47 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 4D10314033E for ; Thu, 14 Dec 2023 12:51:47 +0000 (UTC) X-FDA: 81565410654.07.9DABA43 Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by imf14.hostedemail.com (Postfix) with ESMTP id 804AF10001F for ; Thu, 14 Dec 2023 12:51:45 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Fr0JwBBu; spf=pass (imf14.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.214.181 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1702558305; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=xHJ+KYyJ1jZcwPU6L/9C8DimrQ09bt4oL7onSyu8iGg=; b=O0OEq/j1/oWDAolYjazR9LZkqdGPMhTdMoBLXcr4q/g2JJrnxNWLFJE9Nfuj/toWePD55R lruceOEITGGy1jr1JTtCqYOl0kZVm4E2qCkJGCcYitgzJHljcRhMAdEo0riCeoLLZ0eehz J+55JlgwxSo8PMLvj2urffiEXW5dE1I= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1702558305; a=rsa-sha256; cv=none; b=VmAV1OSMI2O+jprH1hwkuFiNfXLLkV4ASHfR6AEPKxN6kJWjzZCpnT8LtyVWRR5Qklys4U 3qIuhpbVTq0fS/brKJjjF1eiek7sPz+0ipJPuLb8geT767/EZTo+VpEzfUZX0VnH5kdt9y cYEErg1N8a62obzTRtWezDv14jsgfjc= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Fr0JwBBu; spf=pass (imf14.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.214.181 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-1d331f12f45so20323045ad.2 for ; Thu, 14 Dec 2023 04:51:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702558304; x=1703163104; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xHJ+KYyJ1jZcwPU6L/9C8DimrQ09bt4oL7onSyu8iGg=; b=Fr0JwBBuzlz4dxfk/53YCSYaYnaChGMpS8AMlg3z4zhHbjWsyL0hdfLRS3dDi68nhf 0cT/dx2Kqxebq6lid6WLUcPsvzAwu/3TeCrRVO06vZVZOPaP8mDqw2AQdDh2gf03pZmr Eekx0b7oJx/lCVtS/4/BJgJfBSRLck186uDXlo0I2kZ2OPVStawS2uZhlDeTOEKkyzV1 saVocXQ4p6zVnneQpsJQgK6Z4GjpdCq2sQXMS+kqfvB4N2OaK1zCCnaa0iRBmJChJxcp PCUYL+PwZFRT6AaP69BehN9KKFQ5Pm5gF8eSzh/dP9w10u6alI43AzR+mDs3Ix0CP1Pz zCFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558304; x=1703163104; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xHJ+KYyJ1jZcwPU6L/9C8DimrQ09bt4oL7onSyu8iGg=; b=LK2TIs5XDosoM8TJhNNGabIi0v7NRstgftAuNrZmILR/z0iea/JXrW79lomA5I+nwj 1Vpp5e6k7bNJHxzNWN0BUfLSBvbsBac5BNIKwR+qobmtVGQ29FEx/OKXc2BF1zdP4krX 6SuAQvNtMhlkrzul4Qvsuef6TRQ+q9Z53E+qonJScUduZoSZWrcPSLk0yG+ZIUnvlUsh +aRoO9HI9QP6L9EMFd3nXw5Szz0nWCRWbL08+6yp8xc9+QMSwHD0SXwsHg0WUkME14lX BqgnQTeCLN+QVAfmeSBXZQAMnoPEvNzPgqTZ+mevdj2salkmMoWjJjwCsW4F+ODqH2ln eRzA== X-Gm-Message-State: AOJu0YxBvT4y+gsVpD2zFH83Po5YgiBkUXxyUErc/wnKDY10QYCMSiRo cFix21+xselMtsfcguRcYQs= X-Google-Smtp-Source: AGHT+IHJCfmGa/OQsAmV/JJqlMOqa+7hR321uAICGK3vb14T4CyiXYT6mtyWpONo4B+Q9E+Y2wuXOA== X-Received: by 2002:a17:903:2441:b0:1cf:aff5:8934 with SMTP id l1-20020a170903244100b001cfaff58934mr5418252pls.48.1702558304467; Thu, 14 Dec 2023 04:51:44 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id jj17-20020a170903049100b001d36b2e3dddsm1184528plb.192.2023.12.14.04.51.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:51:43 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, casey@schaufler-ca.com, kpsingh@kernel.org, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao , Eric Dumazet Subject: [PATCH v5 bpf-next 2/5] mm: mempolicy: Revise comment regarding mempolicy mode flags Date: Thu, 14 Dec 2023 12:50:30 +0000 Message-Id: <20231214125033.4158-3-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231214125033.4158-1-laoar.shao@gmail.com> References: <20231214125033.4158-1-laoar.shao@gmail.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 804AF10001F X-Rspam-User: X-Stat-Signature: xw7qirga3zx8airc65ws7qtu83ehrbbh X-Rspamd-Server: rspam03 X-HE-Tag: 1702558305-918292 X-HE-Meta: U2FsdGVkX1/Dhac0QfSbszgjJPwy0qssht9PBoffw9WSpElZpdxhhcZq8KmJNsIcDZX85QSfEHO5jUUTP+jMOrBq6SGnyv7/l1KOS7sODgCyAN/XAzY33wwP8ladyETTtTQQDDnwfxewbidYpXShiSaSibl36Xzs4pEzE8LME/TpFm6zKM1y/HwnikjRfaYk56PErifQhGC+qD32yY9Ka26oUtMnRYIv2h/KdKBciqP57rfEgWcqDfBuPHB328sMvoWQV8YLsRp3lIieuklSrmiINHUX/mfMw3fC+Qk5XN9pSeFKJ7rRA3R160lgNDT/XyDmVTWHwZibIwCFpvpeCUnrNfEZN0EVisftcJa0rMsSlne5Go1O4SYKSA1WToMYAGytHOKWIB9h4uVr+195s/rrKYmPQ2nytBiVi2EFqoKFFCjRmuxtBGYLrUkSLf6X1PZBqEG6WZRHrQL8RV4217uQR7Hr1gISp8KmArTd8r+0bjHCBbQo4Pw6zSJuw9tKABaPD93gjrHXRTE8vrkrWrN3WjPtKW7iG2F4PFwrber4zAdEffW/N2t9v6yBcLGw2/Z18cxYKg5Y54rCwmQExRqHJ5Xz2QpaaN364lFALBj0RUI0xcxlRu34nKiEe4BFkWr4bKJ348tkT5VAYfU4voFoOa9ZPc1TzMadsR3cgT1AVAM/p4KUqW/cIAl9UrN4vKWZdsZGnbRL+1B0+TJrsQB05djrwsTOUFEb25YjfrHoCTA8/0uUx/vRiu+cwPYAo3ZZil+c9JfHAnISTxRw6BbiUbvKXqox7+CAXOcqqF/pJfViqw0kmTjqmP3o5UyKLkkAhubPt1yehC6sRmHNkVjj65auBwXZJuRf+rbjfkl3pHsIyU9R1/5vJc8hSturbJTdVWvK+JqGodhrRrYNJxk9qlA6M2yKsMgJYAg6frmQ/2sFL/yCVpBDRPeygKGWrJLmFy74jJXaobtO2NY c6CO0LPD jyzoNqo8x6O3+LaLYsK6djd6HoQjehwf8RCQpDU7VQwfY0yzQLWEa5/YOJmKA3lLjvqhZUPUu0m/brQKzl7MxevzvY7RVY71O7nHufuWcfjbq4uX7ZLftS9gNMwl9B/moF7y2C+Hmhy1SPNpkXjTbUX368tMN/tZ4epTD1iqe5Wv13htfOJfjNizCuKML6j4yTR++PlCSGohm7U1dNc8ZG01zxjNg2Df/hkUsFrr7qk9D5erMIrtTt1BqevkRYvFb0TqOITm8OfIQ63DS5EqJa4bY9MNB4akvYcGDMBjP+oFtehzkgisJ7jU/tqAL3O3SNpZmzMKwUtWBKuCJsyJUeVE6CWmy2gUVE7BACaIT6M/wJ6uSkY7Zhc5cw7gdxXW8qqqR0Xl2rZidab0HR7WSwBgsblBkFrhY1gjzm4RLTrNspLcJNMABLIfaPnLQNJqjMSby9iR87jGOrITSZ2SYw8hU9lXB/jWYvbwDyi8LCfW4jppgBQaWlu1GU1EhTyGgUXPkmAb3KbIDk6Ml19FIqQYINHteCK2cn25nks7IbMySN30k0mdSYb0McW4x1XQDpVcHv/FpVgbqrj+Bj/+AsDdB/g== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: MPOL_F_STATIC_NODES, MPOL_F_RELATIVE_NODES, and MPOL_F_NUMA_BALANCING are mode flags applicable to both set_mempolicy(2) and mbind(2) system calls. It's worth noting that MPOL_F_NUMA_BALANCING was initially introduced in commit bda420b98505 ("numa balancing: migrate on fault among multiple bound nodes") exclusively for set_mempolicy(2). However, it was later made a shared flag for both set_mempolicy(2) and mbind(2) following commit 6d2aec9e123b ("mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind()"). This revised version aims to clarify the details regarding the mode flags. Signed-off-by: Yafang Shao Reviewed-by: "Huang, Ying" Cc: Eric Dumazet --- include/uapi/linux/mempolicy.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/uapi/linux/mempolicy.h b/include/uapi/linux/mempolicy.h index a8963f7..afed4a4 100644 --- a/include/uapi/linux/mempolicy.h +++ b/include/uapi/linux/mempolicy.h @@ -26,7 +26,7 @@ enum { MPOL_MAX, /* always last member of enum */ }; -/* Flags for set_mempolicy */ +/* Flags for set_mempolicy() or mbind() */ #define MPOL_F_STATIC_NODES (1 << 15) #define MPOL_F_RELATIVE_NODES (1 << 14) #define MPOL_F_NUMA_BALANCING (1 << 13) /* Optimize with NUMA balancing if possible */ From patchwork Thu Dec 14 12:50:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13493006 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBF1AC4167B for ; Thu, 14 Dec 2023 12:51:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2E4EB8D00B0; Thu, 14 Dec 2023 07:51:49 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 246C18D00A2; Thu, 14 Dec 2023 07:51:49 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F3F728D00B0; Thu, 14 Dec 2023 07:51:48 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id DFBBB8D00A2 for ; Thu, 14 Dec 2023 07:51:48 -0500 (EST) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id BD5F3A226F for ; Thu, 14 Dec 2023 12:51:48 +0000 (UTC) X-FDA: 81565410696.22.5520E01 Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by imf24.hostedemail.com (Postfix) with ESMTP id EF99918000D for ; Thu, 14 Dec 2023 12:51:46 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=QjrKy23M; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf24.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.214.175 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1702558307; a=rsa-sha256; cv=none; b=TcP/7yo13+kaeaEAH4nqLiHIROZ4aTia/ywSouSrifGwaQ7XUjjsLgxTzO+ei1ot1oSO73 bKVkWTKmw2yqxzLjbmEMdVe5ua2CwhBn2Ojzp4ANRajSVMbf1V7Wk4r3AfAaFpFI+8GTA0 gnrT2yr/5iptx3bqgNt4aSFyE7oSRmc= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=QjrKy23M; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf24.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.214.175 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1702558307; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=F5jNCiht2qhfhgmL/0QXVPaECx4NcLPjGSo+ppuw/OE=; b=mH6HmINOtzS54eBfX3QHPCe4ddABCcqp/Fiwgc7YTR+YQYGnmz7gqRdMFFTjO+46+EClQ6 SuW5Vnpj//5jxVXLwNnE/Hhs803kK4r+NyrlD/bBcRwveRquJTU5l69sc5f9TQsCV6iMKY K4v6b6b7WbZgk8LhEddWtbG83f1BicU= Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1d350dff621so16431575ad.1 for ; Thu, 14 Dec 2023 04:51:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702558306; x=1703163106; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=F5jNCiht2qhfhgmL/0QXVPaECx4NcLPjGSo+ppuw/OE=; b=QjrKy23MCgBs1kmE3GvjUhSzBZmogR42mz0Oab5+y2wv9yQy/NV0tnMl3w11W+kSVE 0T/ZZtrCK0ucJFjYGZ5C1UcyWsmHfa/gUittEwzT7vgLzqIEMSg5q4UNmdwjDuzsRExc MVPcG2PwgC11yGNCaU8FyxulVoSxnkdh78BygkHqH3tmz6F8Cgzs4W4v4KQk3s3/uYqy 6Do5Ks0/TjbOd2kdGwxFUfBG4S1tNOI34MG+jnatkBh5/GXP/q70Cenc8vsbkJuQT38T OUQZq5BlvkE2J1s0OnZPt/Qj3wwH8kvzpuwwjEya6enPKQVJvwpCMTqdCtvZV+dfAUlG uokA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558306; x=1703163106; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=F5jNCiht2qhfhgmL/0QXVPaECx4NcLPjGSo+ppuw/OE=; b=rXYlJdC/qRhSETbMYJllN/etBTHcC4HwVgP9MCQSC07+T5+0PQDmysZUw8AbirWci2 OncX2ch6gtRxOaY2EcfSnjRKG8gup97XW/9x3JVsV4zsbf+XNSERqsKlSpa8Q5Q7xjn0 A8Wi99nJYlVGn1nGhzA69Qq5Wnax0BpjQsNBJ+/D/ThR/9I+WyO6YYo1Dj9WsNbuJwsy aCibqF2sOM0+IEuRhY5J3hCp0ku6Yu5gC4mnlo8TUHdxmJj6ezC4Zqh4+kACf/WO9eU5 toxagtWzL0KQBrErHucMMFKUQ61M3OetypPHFRtIfNzJuYSI274P3SjIRpxkvt/rOVF1 Qtvg== X-Gm-Message-State: AOJu0YxAfpxEmPN2MB5TRQhp3TxkK8H47Mzh7KO3QQNIdVS2MGC0KHGx 2jP5UTlhA/d+uyyv2oh6+vE= X-Google-Smtp-Source: AGHT+IGpqBwIV6/Z1bJz2uXsgixmwbGfGPBUTyaTQL8gEPBIKToLlEPZWt43poMVRrkjwahDoJ6KPg== X-Received: by 2002:a17:903:22c1:b0:1d0:6ffd:9e2a with SMTP id y1-20020a17090322c100b001d06ffd9e2amr10329616plg.124.1702558305872; Thu, 14 Dec 2023 04:51:45 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id jj17-20020a170903049100b001d36b2e3dddsm1184528plb.192.2023.12.14.04.51.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:51:45 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, casey@schaufler-ca.com, kpsingh@kernel.org, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v5 bpf-next 3/5] mm, security: Add lsm hook for memory policy adjustment Date: Thu, 14 Dec 2023 12:50:31 +0000 Message-Id: <20231214125033.4158-4-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231214125033.4158-1-laoar.shao@gmail.com> References: <20231214125033.4158-1-laoar.shao@gmail.com> MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: EF99918000D X-Stat-Signature: cgs1ueqdcnubf6xs7tft1g1a3qrswmer X-HE-Tag: 1702558306-844448 X-HE-Meta: U2FsdGVkX19MaQD+O2i2X1+0j7tidS/LTqNjf0hyd/KO1KwvCxHQ7De2q8/Vy/UMb/GmMm1lHuZekbqP7IAHW+9YYALQnVLrjcoMTDD8ePiUV6ww2Gc1anf3lVUcMKfgCujPLN1XR8d0+5IurGF1PMADhi91QQmKMJhCS58fdN3r0H+uN4vnWG92q8ilDloRSdKVAlpiqE4Thza9/vn3ZZGRGy6RXgIJ1TFvJXc1RYE6hlL1YFt4F7vOLG4nQZphZF8C8De4zMyHUC76Bm/PEvMWCk4rVrDzmOtM9i4R3pzbvgTCGjn87dmTTaCIfgKb9BjRi0P3/8aZPaLmdxRtPLJCbXoXkgQnDaF6ApjSoZoCKMHBiW3pZiS4gxvYQULbwMKOwN1zOGa3goXmKfeSJtsAx3BhCcL5F+oyn42qcqIq0U+ZZl0yNQEA+rvQqPFXqfkstjhi0yJrhXorawwfN8xFFtTnz6+P6UmpBGVGgBkTqSPNcNzbusIshqIbLo5YI1ON5epFwfTm95aHpmneDhguZsHaPcmxJzCfwzEHfY1a8oYBChtTTBYOa70hVQ4cGARj8r3673qmrslxbCZPqT9CeoTANAxnvFN+NUF7jGk9HVvoivCq9eN6Fqni4dCMg+X+RgWCbtGh62Dz7InW92U+N/s1JtXa/3xjR43HbEjPXDllN8fJUfiWmfyrl22ure5n68lqMZGOz8E7q0cWvoulfn451O33SQpPXSxMAdEHK05o78e8/wtW6tPRrCfmQdCBO0TiKzNGqSx75PKFT+PthYtF1JeGBeyijWzz2Undnb30xtDDADrfVR+bQJs0EXyMvzQfwmspjbXmNCMfG9jMlL82FewiycGfwdofTzyDqx/FZUtbC3KKopCbiyGR/8YsaZWtnqJ6Q+MgyjcJ1sAgId7ELP3SLXlI4Y4lII5abrh0iUsRSyYkvJ5yFxsmHHP3/R+6Amw8ijnhDa8 9lXqzsgs zrJ9h+pq8ebtJ6q4ezvyrcWiMNRwCVFszhlVxtyY21uxeDYmZjdagi/+a6PgK4qnBPKVg6xxd5avBJYhp3bGmMoGWN0vC2LnDNi9F4RJHc/KPNp9hLoEbG7po9tIu08GEz2424Nn/cyG7G2/ozz5N+Zyz/QgaSkjrvSGmL5SVjtXLb2U5gc8B14w+KvVlGUIZOXNiLU0CYz7MUS6U0I82ELe7Wr7r+DS67Uv/Go55lDVtWvJeVv9TUy5UL7KXJDOKrzWcLE+wuTbrjfnskjBjshGhVmk7L2VZ1NMrCqr4FhwbyjZdtolI3J+inAdrqt7AtDvc+83jTX0+oT6HYjZ0Y657/nku5ArykhXDBR/u3rFeBpyTzImuS+h3mpQRCybkd8ZI9q2QyqPWAI5b3P6WRjpkibJlLIUQYbVYwQA1xS0oxM7RwBePVSdz3o2M4gKz+Tuv7gAtKZ0alik+iD5x92OYFaqH5pAphsI0c3/zuRkldZKwaADiAwE087AsaJ6f6aZDd6FNEU0tCoA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In a containerized environment, independent memory binding by a user can lead to unexpected system issues or disrupt tasks being run by other users on the same server. If a user genuinely requires memory binding, we will allocate dedicated servers to them by leveraging kubelet deployment. At present, users have the capability to bind their memory to a specific node without explicit agreement or authorization from us. Consequently, a new LSM hook is introduced to mitigate this. This implementation allows us to exercise fine-grained control over memory policy adjustments within our container environment Signed-off-by: Yafang Shao --- include/linux/lsm_hook_defs.h | 3 +++ include/linux/security.h | 9 +++++++++ mm/mempolicy.c | 8 ++++++++ security/security.c | 13 +++++++++++++ 4 files changed, 33 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index ff217a5..5580127 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -419,3 +419,6 @@ LSM_HOOK(int, 0, uring_sqpoll, void) LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd) #endif /* CONFIG_IO_URING */ + +LSM_HOOK(int, 0, set_mempolicy, unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) diff --git a/include/linux/security.h b/include/linux/security.h index 1d1df326..cc4a19a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -484,6 +484,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int security_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1395,6 +1397,13 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } + +static inline int +security_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 10a590e..9535d9e 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1483,6 +1483,10 @@ static long kernel_mbind(unsigned long start, unsigned long len, if (err) return err; + err = security_set_mempolicy(lmode, mode_flags, &nodes, flags); + if (err) + return err; + return do_mbind(start, len, lmode, mode_flags, &nodes, flags); } @@ -1577,6 +1581,10 @@ static long kernel_set_mempolicy(int mode, const unsigned long __user *nmask, if (err) return err; + err = security_set_mempolicy(lmode, mode_flags, &nodes, 0); + if (err) + return err; + return do_set_mempolicy(lmode, mode_flags, &nodes); } diff --git a/security/security.c b/security/security.c index dcb3e70..685ad79 100644 --- a/security/security.c +++ b/security/security.c @@ -5337,3 +5337,16 @@ int security_uring_cmd(struct io_uring_cmd *ioucmd) return call_int_hook(uring_cmd, 0, ioucmd); } #endif /* CONFIG_IO_URING */ + +/** + * security_set_mempolicy() - Check if memory policy can be adjusted + * @mode: The memory policy mode to be set + * @mode_flags: optional mode flags + * @nmask: modemask to which the mode applies + * @flags: mode flags for mbind(2) only + */ +int security_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) +{ + return call_int_hook(set_mempolicy, 0, mode, mode_flags, nmask, flags); +} From patchwork Thu Dec 14 12:50:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13493007 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E664BC4332F for ; Thu, 14 Dec 2023 12:51:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2BE118D00A2; Thu, 14 Dec 2023 07:51:51 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1AE456B0129; Thu, 14 Dec 2023 07:51:51 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DE15D8D00A2; Thu, 14 Dec 2023 07:51:50 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id BF1356B010F for ; Thu, 14 Dec 2023 07:51:50 -0500 (EST) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 926A140C2D for ; Thu, 14 Dec 2023 12:51:50 +0000 (UTC) X-FDA: 81565410780.06.493FC3D Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by imf26.hostedemail.com (Postfix) with ESMTP id A9EFC14001B for ; Thu, 14 Dec 2023 12:51:48 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=UqarjMYY; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf26.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.215.173 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1702558308; a=rsa-sha256; cv=none; b=0AkKaCVJ1bb0cebVyXKS+kfBI0COzr1mmDsHBavHnb5/6aQGTV2CscSfzxAKiqZnECz88M Fp//Dl0S1euk4YFe/nT3UeFI28nxsn721cI4PDHH518UR9fOibmJlxDjWE1Jj0ec1Mn94M eCER7gFcGZ+IuOXgnqXajMqfPzGyppg= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=UqarjMYY; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf26.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.215.173 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1702558308; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6NLQupAZumzbZoKpNAG12sWAtAVUuthZdQhUM0QKlyo=; b=hlMPssETx+b6TKU9VflLIjLzxIefFvXcW8ato6Flr+lLhZxSLFNO/LtEbyeodRFBWQHbtV +tk6jfX4H4cej1V4WxaXKfvA2tsKJhpcbovEFJo4rlH5cZ62aIBl8GDUwXwUDaIcrjrLyt hhAAfXHr0E3Der3vuY6+oDxy4F/ZBUk= Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-5be30d543c4so4584503a12.2 for ; Thu, 14 Dec 2023 04:51:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702558307; x=1703163107; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6NLQupAZumzbZoKpNAG12sWAtAVUuthZdQhUM0QKlyo=; b=UqarjMYY4+ADVEDJYJWiW+RbPPxx2Q8b6kgSZuY6pfZxEq1pJw1Truz1MS+A0lDYhq hSTd0JUDznTebnlKGVnllVzi9r8ZHFIuYlceBJI94zAFvYWQwi5DVTjxg8OP7prSca7s I7bQocnacNKRTifY/AVyQ+H6lhRKd03QRNZBjUx+DF2mU8JP/suO1zbJQ9JOjSZst71w qWIPORdMtRYExhsPt2t9/tcYthmZB+53SS243iSmeNT4JGNZwPGGl9Bc9Ascv2v5slUi 2xF3ylI45Q7ufwv7GHlVrj3XMBo4SUaaBHyQyTlVB9p+MyEwVBQ4JpKSTrrNrOwJ0c0q RfjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558307; x=1703163107; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6NLQupAZumzbZoKpNAG12sWAtAVUuthZdQhUM0QKlyo=; b=BvnZfHS4MplzJygCGmi2N+3kyCypz6sJQzUq9vXdfQWK2bUmql6o39TkfX9oEu6P0y wXzc+8Ov/22lUslcep24cYYXx5MkPqyGVST7z3hMqtktA78w/bDKnZWqnQvkbhaowwDg +JublgGUGy3uohuSyytR/d58rrqiWzXFMccdYkrne5Ko3SC+/r+JC5EK5EZbQy0OVz9+ 8tBQGFW3d3E8ZYblu8z/LSERuQhPFP65hrVZlcaIJas20/M6zDLG+AQx33QpP3v2a1FW Y3DJeihVL+zgaqkScuPatCCJNKKqMH9LWJpN4DUDTbpzSAc7nozlbazce1OmkgQeRk9Q j+3w== X-Gm-Message-State: AOJu0Ywh1MMKK79T5XKr0mb5V2hRIhaUH1xTkZrfIevNcs8ktwnnbUA6 WGjP7CPWgTrQ3I/j2899T+0= X-Google-Smtp-Source: AGHT+IFyrMV98A56t+dmpjQI6o3tD3UVYHPGWsTpR7EYC7ExrRnRkFX6PbWwWnOn+9SdsmHBpk2UrQ== X-Received: by 2002:a05:6a20:13cc:b0:190:2c2f:7df9 with SMTP id ho12-20020a056a2013cc00b001902c2f7df9mr4835222pzc.64.1702558307403; Thu, 14 Dec 2023 04:51:47 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id jj17-20020a170903049100b001d36b2e3dddsm1184528plb.192.2023.12.14.04.51.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:51:46 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, casey@schaufler-ca.com, kpsingh@kernel.org, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v5 bpf-next 4/5] security: selinux: Implement set_mempolicy hook Date: Thu, 14 Dec 2023 12:50:32 +0000 Message-Id: <20231214125033.4158-5-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231214125033.4158-1-laoar.shao@gmail.com> References: <20231214125033.4158-1-laoar.shao@gmail.com> MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: A9EFC14001B X-Stat-Signature: p1oa5rugtdkgf5nnoah9uqcahuanuap3 X-HE-Tag: 1702558308-753111 X-HE-Meta: U2FsdGVkX18bJM2mMbY6MVF8n9aox0SpddlccDYepxSDqXF7IIaEQ4ueqZjpuVcR8KnlRADHe19K6BKgx/EDibWagbvKLfRheQIQnJ9SJ2FQGlLYAutAnocna0h+aJoS2gYHRauYQsU/ImqqQHbYg/cFazDKDayebr1R2LAJ6unzmWE1UfPrH0Y2pOYld0ac0mzP96UNTTxbuW28h83hQbROFmJUr7zASvnpVn2t3feiSjpWhjcVK9rqLSqb3Jtp6UuQRE/2lfHm6SBQ1d14SMj0vS0GiagKETS5NjWXIbyM3ecfiFhTpoLSowQ/ofZnAz2Iw8JuoAbcHGYFN8s1f+Z1jHrDNoT7kcnI1U6x9dik6vcaDy4eE7IyniyZdsUFofJuJcUzLYYCSwlcyAa6Ecqx3otXOudlFpVOnmWrOVWEWVK8887A8myJ3LxihBq+EBZ2phPgdrRgveCN3W4+u1kXiYHhZPlohTTt8FfHH9oEUOzi34Ct9j+YL/QX5UPKpixtVHiF7Js82MFhnwuYkGfWyLD7eZmUYQQ6Yr6mLP2k+EwYbd5Vyt0TPEIPlWyJeirC/02Jv92jeC8FuwBj3LoDpAzgxAvoh8yUDENZsJnF8s6abZLoOrrcA6hI9Oqgs9XMoKQUCxk8VCcBwLJmJ0JIUU2uQR1dw8I6dhTmiFFFThiCkWMSYpdGdud3UPUWMOskQVZSUnRr/ta+K9Ttjpu6Pnq6UI+GsVf4K+8cA/Re/ENF7t9vDLlGjUGxydnq3F935oPQyvdgeHxuYpZgHJDTgWtnWvW1/4cKcVSZKqKRsV/cD66rWhqgb+4KVYkXkcZp6GsutLls3eSDSkhZb4eQvseRlnfhiBFh7Zoa2DfkrqFIdhQc785iTZ0K/tREK7aPnkT/6lMSCDHoCAaxAQpZwHpzY/m65yVnOD00FlC5B1GK/Ay6WRFJ5PK1OxuL907F937HBjjicGMeNdk XNuUjgQR CLRYJm9gZ6kayW9qFHfO3rjBr9YkSLGOEvNJ540KkqXTD72C+L4vE6yGawIO9FfpsICPTRz5pAvwpwWLOOofvsEMzVrMk8f9QFALdRplX28m05yoD5fNxib0o/AoEN34fehLY21IAmazU2x4ivgTGgyGO8EDI07DBXWSsnhP4FMJHCA4Jt8qg61pSjCi2tWJr/WPumC7uJOgPnAzeeFvwZmaka4M2i6eZGkTySiqWTGQG8CHXySp15MS6sDPdiUc7BDC9fZLha5fncXPkOHKE7Ubse0fGiDaxn9S5kOHJ8KVSG6dTL8lD+E8PnY18qLnyVNKM/tLAqdtwMY8GvtpYwlA0egfDcQBFmWIJr+F0JIUkJVe5Z+5oh0wfp8XNu+RAozqE9d2Bfqr2I6Gb84HEYMs9T5UIgX+FrHvH8pFw2CUpLI3or2dqkkhBMemEDEf4sd5A/hpryoMiN94qb96uNYxEXm9v2Z5Uj8j4RVk+eABoNxdkF/qUec1DdvYYNzy5VmtrOrc6+f1ovx3KXX/PzuPpciIQy11egobree4jvj9kMd+AiZEzid3Z0uAj/TK5iAUVEgCAmncaU0tCegKCW9ooNQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a SELinux access control for the newly introduced set_mempolicy lsm hook. A new permission "setmempolicy" is defined under the "process" class for it. Signed-off-by: Yafang Shao --- security/selinux/hooks.c | 8 ++++++++ security/selinux/include/classmap.h | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index feda711..1528d4d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4238,6 +4238,13 @@ static int selinux_userns_create(const struct cred *cred) USER_NAMESPACE__CREATE, NULL); } +static int selinux_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) +{ + return avc_has_perm(current_sid(), task_sid_obj(current), SECCLASS_PROCESS, + PROCESS__SETMEMPOLICY, NULL); +} + /* Returns error only if unable to parse addresses */ static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct common_audit_data *ad, u8 *proto) @@ -7072,6 +7079,7 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) LSM_HOOK_INIT(task_kill, selinux_task_kill), LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode), LSM_HOOK_INIT(userns_create, selinux_userns_create), + LSM_HOOK_INIT(set_mempolicy, selinux_set_mempolicy), LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission), LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index a3c3807..c280d92 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -51,7 +51,7 @@ "getattr", "setexec", "setfscreate", "noatsecure", "siginh", "setrlimit", "rlimitinh", "dyntransition", "setcurrent", "execmem", "execstack", "execheap", "setkeycreate", - "setsockcreate", "getrlimit", NULL } }, + "setsockcreate", "getrlimit", "setmempolicy", NULL } }, { "process2", { "nnp_transition", "nosuid_transition", NULL } }, { "system", From patchwork Thu Dec 14 12:50:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13493008 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E763C4332F for ; Thu, 14 Dec 2023 12:52:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B26F98D00B2; Thu, 14 Dec 2023 07:51:52 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A37088D00B1; Thu, 14 Dec 2023 07:51:52 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 83C7C8D00B2; Thu, 14 Dec 2023 07:51:52 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 51FA68D00B1 for ; Thu, 14 Dec 2023 07:51:52 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 1E08E120B9D for ; Thu, 14 Dec 2023 12:51:52 +0000 (UTC) X-FDA: 81565410864.23.B8D2E9D Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by imf23.hostedemail.com (Postfix) with ESMTP id 4E2B214001D for ; Thu, 14 Dec 2023 12:51:50 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=O7bMR8Yj; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf23.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1702558310; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TyrHpozxlKgTFPeXDtkYdtWnntKkuOFgibrMNmUzOUE=; b=GYw9RS+NGW83tMmcmC1uhJWaWuBc1XOuG4i0FIoZbJTF81UJmB7qqH+e+QOcw2oN0AU/FV xsxsJnKMY3xca6DvsGIFGgRPgnS46POVlqc/BT98TODG2MMAYo2pWxLDoBU2BFcel3nJtu gu7groFsZA+d53i4Uk3F1kIRnKXaUr8= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=O7bMR8Yj; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf23.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1702558310; a=rsa-sha256; cv=none; b=HFkt9B/sQeji94H0/obqzaKwkkXItLamL2VzbA8uqZSshrsIykUGOKEsxsbUp197M0UAM8 2XWpY8xHKvCmAIqQK4ant3PD4l3vljedBU3BlV+DGQO9DVJWJG6MvWcI4X7WXxO3f25iun gF6CYj3DZVP0of4BaoepKyEMsu/YMDk= Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1d08a924fcfso76477345ad.2 for ; Thu, 14 Dec 2023 04:51:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702558309; x=1703163109; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TyrHpozxlKgTFPeXDtkYdtWnntKkuOFgibrMNmUzOUE=; b=O7bMR8Yj3de+I1avy+HQOYjzv+WRMhnMz8fsPCkLxXKkgNnBKofNJRsryDSBvzTh73 mHhmg+ozQMxNRQCJ9RRGutEh6KRQklIMj0SThu7mWiL3e2JR4l8z24Jfkeinxx7LV86t EcRMnubl8paXxvc095R4CiW1enJdGEjbCQmxt7JZWEUDmbAkbDcc4a5UV87bLrBVHKZJ Y6UyIz5D/4aJsAVzMlYDtKOWu6pLtFPQKSfIccnuZTkdZJV5Re3JafHe3rpxV9C43Dpg FpJr8RvTqU8yZir1HV+Hj9IxOTlEL+nvdpcLaGVS6X6jt8TLlc3VJ5VFl6lKjzlhpYWi qZ1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558309; x=1703163109; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TyrHpozxlKgTFPeXDtkYdtWnntKkuOFgibrMNmUzOUE=; b=fVebuEtx8QC81RaoEOTZIr7NDf8TZm2vga2RvhFrueRGXDSiPR5WoWSDSqxgoBAo4l lZ0Q9F/Utq5c8WI2neAIdgfAm/MoxustTB5ca2sCi2NU5/vjc1l8vr1d/IuC1m0SvmSo OPTsw6gnePqhRHCFZb4Q7jADCRNx13GxnROvJAIVsxR0p9ySnjrfCvLkXzUGG4DSzsA3 0/JeqPDimzuaeNbeL8533PvBgJ84gr2L8yM1vNZ/N345SWidjxlvJIMc8DutFCgF2P9e gbdSuG6n1L9dQmsHtOLdoNuxl1eJVPgb65qn9BIgjmu+wEE621+ztbShxTH5c/Y8D5o3 UQ5A== X-Gm-Message-State: AOJu0YxB6dhVqOm/OSKJeJsNFK+KR3JRcwD/Fjj6yigCfWEF67CiPk8h P8DOqKsy+33Zjbm0MYEWRjU= X-Google-Smtp-Source: AGHT+IHKABTJfb+UE9Rl0k944YTPHTs0rNUemBBzZ7HjNhQ1RB6o1I8s72VFPWyQj+fYjdmi8hT7kw== X-Received: by 2002:a17:902:ebcd:b0:1d0:c906:f5e0 with SMTP id p13-20020a170902ebcd00b001d0c906f5e0mr11350823plg.72.1702558309099; Thu, 14 Dec 2023 04:51:49 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id jj17-20020a170903049100b001d36b2e3dddsm1184528plb.192.2023.12.14.04.51.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:51:48 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, casey@schaufler-ca.com, kpsingh@kernel.org, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v5 bpf-next 5/5] selftests/bpf: Add selftests for set_mempolicy with a lsm prog Date: Thu, 14 Dec 2023 12:50:33 +0000 Message-Id: <20231214125033.4158-6-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231214125033.4158-1-laoar.shao@gmail.com> References: <20231214125033.4158-1-laoar.shao@gmail.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4E2B214001D X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: g997i65w4h3z5pxw597wb6cgh7zfx74m X-HE-Tag: 1702558310-26461 X-HE-Meta: U2FsdGVkX182eD0LLBJA2kHr5U1fAEtrHnfY8YO6Brws8d+s9XKeqapiDKik8AeXAlsuXG6gYtStp1g2lLbxZpDu+egI+Lh97ofmLpZZAZ7dk8/+9SsFz1s9BQEZdLUxnaL6GsiTaGK1a2CWiwt3pkcVskCc4Y5JYhevDlYSEyl8/+Wp4ezpHnZBZtKl/8/CVgnDKWE0VLv2NGHIyw20D9oe8my2XBnwMMyAXzaAF5FWTTzADPZ09QhfXNGTl/0p38vyWLYgakLmLJ1jd/dLpl9ylv1JR7zr70U2YCM2mQMO7AsMVSDgC9WI8XXfcy0ibVI3SfLwSYRRBth0HPW4XrglRzgP7QqXTcsvevkz9e+Fhrj3GAQjhUXBzqa+zqlA4HggIk5vMvcQV8R2Q0j+Q3fF9jtdWZ069y/bBQ1qzLO8XVN14hFF6Kt0s/r2MMyrJIksoPnDe8p0cOmbfQyF2ca2HkSDnEiJtfHl24czIV36lGSJNFll8/8kmW6bdU89hFwgf3yTNTWdF/4Ql2jfSJ7ZCFcB4De6bBhP4+j1Q3TsmI96Lyqz11+1a6CO5W/R2LEwVH8BEhM+57iT9qoBH7HnhU2MyAEngbK357EeUV3XlJhXStkxsaZA/VNAtQxM3b2X9YLm0/S6Kr0OVAhpE1DI86CFpMHunLbSk/hhoCbm3D1oDpv47Zguuh56A0QC2cRsaMhf/f2K32LLH2qIvYja0tFCYBE4XxsM/NxoGwMIgqWRcEizLffsaC7qsT+z9lEDlNv1U/Ul4IYwvJqTJciMItoB0lef9SQTtFvl7JrHRui5n5CWDjFggh+ALN3m1EZBmBJu7W5kOafS7BpUUYXTt2dLs7bITZSU49woFfS3LQZ/7QUPlwmpl931HpLEoCgpvNNPRxFeozm4+s8XOSSwCfMCShpqOjrhJjxEZhHnyHSImibVuW0ldwf7P5qoUKiuvOE0JZgoFraAkDP EEkY8CG1 ySioflSZFl8xxABlj86BHVuDYqzG8Bm7J5ko5ULboD+WNXbEzFIy+iEXZlaO3TBPWxyGLLB8T/B+1e6LYJeV5dAJjRR81LqkHM1YaMzDbPEB06sjBS/p0W3TQJYkALAT27879jfCjh72mH3cAzWdL0pMqVgFl7EjKD6oVfXTAfDgeUmL6uNPYWu/K8BFidzyML9T3Yb1tJA1Ei79gOA7MlU2+Q42dWGS/srwroRVQvxy+57NtgI62fSbEvnl3DF5RGV6aYHzsBkNPaAPtiBoRWtA0vB84X/qzewahuRrP1G06zsFghZfvebrKsWBpUjmR0gnlldrb19VJ7sAlzzQKEzD9pCFTNg/m3dvO4nJnp4Vj+CskqfLdtVKc5C1T4EcaCXh0G3Z9oz1YxHgX6DcdyS8+2jl/vbcouWqKvZ1pGxdlBlIlC2QQrJHJsClYkJ1c5wL0orXAju9fGjW3S62ANOFHse2uVw6x4NOnfQXbK7rcwVjRg4GeTHWjOVOtvwl3pQ5X101RfEBPjdoNphKkh7Let8zM11zlbuJx9/UPOg+x+4HobvGT0o0kKjamNOCofcZbtBOtavYNW/ul2Gzg022PrnTTnpMk3piLYtfd9i60zJ9nBOS6rSQN2Tuoed5e8Sxi X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In the straightforward LSM prog, it denies the use of mbind(2) with the mode MPOL_BIND and permits other modes. Consequently: - Absent the LSM prog, mbind(2) should invariably succeed regardless of the mode #263/1 set_mempolicy/MPOL_BIND_without_lsm:OK #263/2 set_mempolicy/MPOL_DEFAULT_without_lsm:OK - With the LSM prog - mbind(2) with the mode MPOL_BIND should result in failure #263/3 set_mempolicy/MPOL_BIND_with_lsm:OK - mbind(2) with the mode MPOL_DEFAULT should succeed #263/4 set_mempolicy/MPOL_DEFAULT_with_lsm:OK - Summary #263 set_mempolicy:OK Summary: 1/4 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Yafang Shao --- .../selftests/bpf/prog_tests/set_mempolicy.c | 84 ++++++++++++++++++++++ .../selftests/bpf/progs/test_set_mempolicy.c | 28 ++++++++ 2 files changed, 112 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/set_mempolicy.c create mode 100644 tools/testing/selftests/bpf/progs/test_set_mempolicy.c diff --git a/tools/testing/selftests/bpf/prog_tests/set_mempolicy.c b/tools/testing/selftests/bpf/prog_tests/set_mempolicy.c new file mode 100644 index 0000000..4d3fe1d --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/set_mempolicy.c @@ -0,0 +1,84 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 Yafang Shao */ + +#include +#include +#include +#include +#include +#include "test_set_mempolicy.skel.h" + +#define SIZE 4096 + +static void mempolicy_bind(bool success) +{ + unsigned long mask = 1; + char *addr; + int err; + + addr = mmap(NULL, SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (!ASSERT_OK_PTR(addr, "mmap")) + return; + + /* -lnuma is required by mbind(2), so use __NR_mbind to avoid the dependency. */ + err = syscall(__NR_mbind, addr, SIZE, MPOL_BIND, &mask, sizeof(mask), 0); + if (success) + ASSERT_OK(err, "mbind_success"); + else + ASSERT_ERR(err, "mbind_fail"); + + munmap(addr, SIZE); +} + +static void mempolicy_default(void) +{ + char *addr; + int err; + + addr = mmap(NULL, SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (!ASSERT_OK_PTR(addr, "mmap")) + return; + + err = syscall(__NR_mbind, addr, SIZE, MPOL_DEFAULT, NULL, 0, 0); + ASSERT_OK(err, "mbind_success"); + + munmap(addr, SIZE); +} + +void test_set_mempolicy(void) +{ + struct test_set_mempolicy *skel; + int err; + + skel = test_set_mempolicy__open(); + if (!ASSERT_OK_PTR(skel, "open")) + return; + + skel->bss->target_pid = getpid(); + + err = test_set_mempolicy__load(skel); + if (!ASSERT_OK(err, "load")) + goto destroy; + + /* Without LSM, mbind(2) should succeed regardless of the mode. */ + if (test__start_subtest("MPOL_BIND_without_lsm")) + mempolicy_bind(true); + if (test__start_subtest("MPOL_DEFAULT_without_lsm")) + mempolicy_default(); + + /* Attach LSM prog, in which it will deny MPOL_BIND */ + err = test_set_mempolicy__attach(skel); + if (!ASSERT_OK(err, "attach")) + goto destroy; + + /* MPOL_BIND should fail. */ + if (test__start_subtest("MPOL_BIND_with_lsm")) + mempolicy_bind(false); + + /* MPOL_DEFAULT should succeed. */ + if (test__start_subtest("MPOL_DEFAULT_with_lsm")) + mempolicy_default(); + +destroy: + test_set_mempolicy__destroy(skel); +} diff --git a/tools/testing/selftests/bpf/progs/test_set_mempolicy.c b/tools/testing/selftests/bpf/progs/test_set_mempolicy.c new file mode 100644 index 0000000..b5356d5 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_set_mempolicy.c @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 Yafang Shao */ + +#include "vmlinux.h" +#include +#include + +int target_pid; + +static int mem_policy_adjustment(u64 mode) +{ + struct task_struct *task = bpf_get_current_task_btf(); + + if (task->pid != target_pid) + return 0; + + if (mode != MPOL_BIND) + return 0; + return -1; +} + +SEC("lsm/set_mempolicy") +int BPF_PROG(setmempolicy, u64 mode, u16 mode_flags, nodemask_t *nmask, u32 flags) +{ + return mem_policy_adjustment(mode); +} + +char _license[] SEC("license") = "GPL";