From patchwork Fri Dec 1 09:46:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13475556 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E985C4167B for ; Fri, 1 Dec 2023 09:47:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1D6876B0444; Fri, 1 Dec 2023 04:47:17 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0BD4A6B0452; Fri, 1 Dec 2023 04:47:16 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C808C6B0447; Fri, 1 Dec 2023 04:47:16 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id B2C006B044D for ; Fri, 1 Dec 2023 04:47:16 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 4B34D40186 for ; Fri, 1 Dec 2023 09:47:14 +0000 (UTC) X-FDA: 81517771188.08.420F0A0 Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by imf15.hostedemail.com (Postfix) with ESMTP id 57ED0A001A for ; Fri, 1 Dec 2023 09:47:12 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=lb7UxtTp; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf15.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1701424032; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+x2gW85qXpDm39JWWNR8xOYWTSjKi1NE52O+Y4CVIzE=; b=W9xIkRwMsWPtf05RBDksdUZ2Jr8iq7tn2HBbidhzKJgvgJLmeuPgr4qWzCV5bJaX/S5pmq vxD6XzJkav1HKgfzLj0HNdR7BZ6DG7hTLB7EBB3YDrTituh6a+S3tqQXhb2TTzc6AT3zeY 3yXJWks98amgRBJ9PE/KX8AdAtkXzZw= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=lb7UxtTp; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf15.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1701424032; a=rsa-sha256; cv=none; b=Pkhs8xQXlhkYKe1d7gE6avv5wgYpk1c6PlVcpslWQJfjfztQovwn2tRySTsSCXeLi+lLKI p49ETQjprqv1Q4Ei6rJAC7l3QpO9SdBDdvK6n29XYQFyb751ZntkrcDMg8SkRGo+07c4Dt qju2XAz90jjhIYYCgLeOs8vVnFt1ulk= Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1cfc34b6890so2631195ad.1 for ; Fri, 01 Dec 2023 01:47:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701424031; x=1702028831; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+x2gW85qXpDm39JWWNR8xOYWTSjKi1NE52O+Y4CVIzE=; b=lb7UxtTphPiY85cl+r+kos3i8apqbWzwuJJGraecm/O2qPJ2wooRkJpVQdyBOsj7ds he1mL+gK6bdLKAiXtPSSPrpM+U7WOe7tA0k4BeKziyDWET80nbOifEgMqKdav/CXE5z5 8KNYW8YC9QMq897jFFrApyJ8s3I9EnjdJrS4Y5S+/gN+tibRpbj0QYdI2EU3CGPS5E+D cX/hxaNICtu8lK2nFzc+7nPnDboQV4/fPIb28mKFHkSSJqXFwGgb2sikhGatP/D95scF PzSPHkKJi6bkGd/EPpjTdUo+l/PY+6FZY2kA/cw0Utth8+AedwOl5yxUnMrFHVyFHH3v Zn1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701424031; x=1702028831; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+x2gW85qXpDm39JWWNR8xOYWTSjKi1NE52O+Y4CVIzE=; b=Hi/AkZpA7Top6LBhv4OxDk6KdO7ibQnMu7lWXPjPYk+eTIHab2v373LW/VRmdwqo97 5lsUGz8IluW7gGQqJkky+P+Xpw24mUF0unvIl8jUAxhJu2nd9wIls0dXzXiuLTulU3CL 5awzKSTyIt+L2tLqjl0Ojer4cPoPtnx9UOYVg6pBFxXAIgMXHTO5ijcL1YRVl52awPoa svE0URQ8A4S2VZ3NMYynM6wJt2SJ8joBaLG9SvmMnYZFY81hcIexYcuGWSw8e0mJ0TE4 R25pPZYLDDWMkafD2eGp04EXhdUQmyYiBL1NaT2Lenst3cxalK752tCqwo11kP7sKY24 Wc3A== X-Gm-Message-State: AOJu0YxMyPqoqcfvwfpZItH8LhFRxC4gmDTc/r0MXYIou8AHt3HiBs6L ldL017rljw3FAw8FAgrVQpY= X-Google-Smtp-Source: AGHT+IEfi8CntkWgmrNALbbEki4QUlWGaiYFcUK8uZQCNPbFfdkSpNYq2ORQNXwcZZsO/tOOLRY9fA== X-Received: by 2002:a17:903:447:b0:1d0:5302:4642 with SMTP id iw7-20020a170903044700b001d053024642mr1803858plb.16.1701424031283; Fri, 01 Dec 2023 01:47:11 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id e6-20020a170902b78600b001bdd7579b5dsm2875534pls.240.2023.12.01.01.47.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Dec 2023 01:47:10 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v3 4/7] mm, security: Add lsm hook for memory policy adjustment Date: Fri, 1 Dec 2023 09:46:33 +0000 Message-Id: <20231201094636.19770-5-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231201094636.19770-1-laoar.shao@gmail.com> References: <20231201094636.19770-1-laoar.shao@gmail.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 57ED0A001A X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: sshgpsmqu8jezguggohjagqahs9bpknx X-HE-Tag: 1701424032-45221 X-HE-Meta: U2FsdGVkX191jMt2/9Q5fukFNwIpnHKcQvSQ0MF8b238MtotgcMe6EnWTh1zYgYYQqRxV47K+pf0g2MneA1j6XaERVaZ+3aOaPA5yVkbwjJMoerCSVieWK9T2BaR74ufKm6fFF7qnSH/96n5LMf5Cpw7PwCqgfzacvnjWVSBBIIvzgCahTZf2rBAaNuFjziIG98AmFd/2an/QhA/F4ML7H8VKHLWUKstQqE9eTbuPB8YS3TiUKbc/WP+S1SIjxJfHHPF1WEGn4SRebxtRt1n5v/+c7WNJ6D7PfT4J/b4k0lJH+tPX7uBso7yrMQRgzMJwccg+7WR/hpPI3DGVW9mo2r2CgNnsCABmdQ/0+r5vUdRx9/70s3kU06yEhTbf7ATS+dJ1A6WRt8T2yBEXuYkf/67lpU6gVl92a17CZdf+3QT+jMa1qUkRFY+ypV0uGmtyi6ydoyRz4Az7tqHkY2Wz7W30q9nUjHSzbNby7s0+2wIcgmUifpGPpTteV/ZXKK7/XiGGE8BMJ2MS2fcCLVob8uU28FXqgYXmbB1AUGiDhfeSr7EfyPe7xpyrr8bUJ8t5BVzq4jB5mIeth9yMZECuJQ7V8RPSeiyhnFKU76Zd69F+mWm75T1CO8EnAnIxdixXt0eOPoCTtuM30KaAXiZTVVLD5+g04XnlR5t/Q4a9sYvbZi6oXJMBD5Xy+8K7P1wljjAd0WBWzzrCReqSegP17diZffG9iu0L5AsIrk3PiO72xLYfyxZ2pHU6djpzpj8Qf3Zwqn/RH8AWwM+AUKE4zSSnonNyGnZeo5VtAA811ClVlh8EWiSSpj15s/6v6p7UXeRzDMhGAn8kd91ks0sOjyflzJ/7OKtVF5vExaZdQHsm3fKH8FL2S0DiNerHjrzEidUu1Ne9h7zsTi8wUaiLfT2FsZqnExXnkqu4IiC8lgNX3K/m76VJETr18EeYT5zMHtqVlN/mctR3mcqGkd DoFsXxuZ vZswYBJb5+XIX/WDLkeqwmdiRbkNnM4FQshHYCOn+rmXafd6TdNMayYu2p01gPLFOiIJzFhAWM3XGlaUPtZceA5x6sQhGMKrEAY7k9AYHivzZPqzQzFdIKVExD7yAeVZ0ue7rSUnzEJIfMntENfJaj7FxAP+a1DuAd96PT44jVgYULBsyhEr4nhfJeuvbCfnZVFnsqL8Rk+0JOw1n5tI4dCf+oP/DLs+CFZg9yls45ziGLKHQBEZ6GUyWfvCP03+PFCW5Ig7igJMMzQt3Sy5161DNMQ1RjSbqBj+1QjwBNQ3TZX/kKNEs75EQeT15B4Lb8uZe5SlaY1QdNadYGifm9RKOxkLQgMgp7YPTq28GT+VwOwoUGeJ76Kj2bJAqFtf/U8sY5irFdpejG99ckP8bamXPcgysTYgGLuWiwqiW6Oh6VQp6/F1ZldFIjjl590iuz8k2H9extI6UGv1cvOGHEt/tQCHUhOODV5VLI3gyRptTraa1GNIMO0ZbrOxQlgUyVftsoRNMpc7iRfuvT5wrONZ67EVlG1da67AtO2UE+HIazpI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In a containerized environment, independent memory binding by a user can lead to unexpected system issues or disrupt tasks being run by other users on the same server. If a user genuinely requires memory binding, we will allocate dedicated servers to them by leveraging kubelet deployment. At present, users have the capability to bind their memory to a specific node without explicit agreement or authorization from us. Consequently, a new LSM hook is introduced to mitigate this. This implementation allows us to exercise fine-grained control over memory policy adjustments within our container environment Signed-off-by: Yafang Shao --- include/linux/lsm_hook_defs.h | 3 +++ include/linux/security.h | 9 +++++++++ mm/mempolicy.c | 8 ++++++++ security/security.c | 13 +++++++++++++ 4 files changed, 33 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index ff217a5ce552..558012719f98 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -419,3 +419,6 @@ LSM_HOOK(int, 0, uring_override_creds, const struct cred *new) LSM_HOOK(int, 0, uring_sqpoll, void) LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd) #endif /* CONFIG_IO_URING */ + +LSM_HOOK(int, 0, set_mempolicy, unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) diff --git a/include/linux/security.h b/include/linux/security.h index 1d1df326c881..cc4a19a0888c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -484,6 +484,8 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int security_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1395,6 +1397,13 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } + +static inline int +security_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 1eafe81d782e..9a260dd24a4b 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1495,6 +1495,10 @@ static long kernel_mbind(unsigned long start, unsigned long len, if (err) return err; + err = security_set_mempolicy(lmode, mode_flags, &nodes, flags); + if (err) + return err; + return do_mbind(start, len, lmode, mode_flags, &nodes, flags); } @@ -1589,6 +1593,10 @@ static long kernel_set_mempolicy(int mode, const unsigned long __user *nmask, if (err) return err; + err = security_set_mempolicy(lmode, mode_flags, &nodes, 0); + if (err) + return err; + return do_set_mempolicy(lmode, mode_flags, &nodes); } diff --git a/security/security.c b/security/security.c index dcb3e7014f9b..685ad7993753 100644 --- a/security/security.c +++ b/security/security.c @@ -5337,3 +5337,16 @@ int security_uring_cmd(struct io_uring_cmd *ioucmd) return call_int_hook(uring_cmd, 0, ioucmd); } #endif /* CONFIG_IO_URING */ + +/** + * security_set_mempolicy() - Check if memory policy can be adjusted + * @mode: The memory policy mode to be set + * @mode_flags: optional mode flags + * @nmask: modemask to which the mode applies + * @flags: mode flags for mbind(2) only + */ +int security_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) +{ + return call_int_hook(set_mempolicy, 0, mode, mode_flags, nmask, flags); +}