From patchwork Thu Dec 14 12:50:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13493010 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TjzxaWeZ" Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 700DB113; Thu, 14 Dec 2023 04:51:43 -0800 (PST) Received: by mail-pl1-x631.google.com with SMTP id d9443c01a7336-1d375714590so1598745ad.1; Thu, 14 Dec 2023 04:51:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702558303; x=1703163103; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5FXGf9L1hz/wQQ/jUv0sNTidQzM378s4gfN4y5IQE/M=; b=TjzxaWeZGlzHHr1y6n5UQSd7RwqTk/x6G9Ek/Bnk6qvhX41w3dJ4tWNuc8S2hppQhs vqGNR4OEvcl4JAJJzmjyEXfs/zcPDdzMGqjunCpW1zR0cz9wdoZiF/vx9v/DABYSekKA 7F+gxXQFOlA/e8DflC0l5llm8hQwOlf3tdVY54wfB3yK5grweE4VZBsIiDG91a4C39ET RL+PURY0zioQ8VseRxRa+7bmlgZwIiDJgTNHgsj2bcGrqw0VBCl4wOACJCKsmLab30YK NWJQR4ewiH5avOtmXrCnWLgcYj8bSSOP3UVIk9lg35gOiOGInq7LwbRagtbn0eppAzsc Pe7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558303; x=1703163103; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5FXGf9L1hz/wQQ/jUv0sNTidQzM378s4gfN4y5IQE/M=; b=IttHJDU0OFCzRUHqAFzqEASRqZ2GwphIFK/LzUwnU3fMZ0iFXNQP9QcHUIQwIjWPSH GQ+j+NwFNEC97c/KA0qVVLuakqicEGp0BrSSkRyiN9QlmvOGEd0HboM7zs1Mt4k4ZyeS YX+pcH0lavFBOuS4SFyxEedVuoCLv3q3h0yJNjPBRqF4vXNp0ZcBqAfrzBdFkAYvijQR 6fz3WcViZi2L7SRhAgkeRD40fPzPubwOKnTv7y+hCRqi373tBB/EM1VZjVroU1p3o9bN S4lZq51uLKrvicYKtKzNtNQrTgcfydg7G01qlxAItWrP9KOkA2AdEmME/yQaCFYtXci/ 4K6A== X-Gm-Message-State: AOJu0Ywvt27yTuxcjIvhMQPC1tk3wdde8nBX4FhVyNsUHMBeqdCrFJor p6Y4n1XjQEoB/izTFAx5G9c= X-Google-Smtp-Source: AGHT+IGun9zwMBNgulopQ02olJANVXRIqTshnpV14IXmUgWVJbUSdBEHOhQ1kCfxytlwL/jT6XC2+A== X-Received: by 2002:a17:902:c98a:b0:1d3:71dc:b3f with SMTP id g10-20020a170902c98a00b001d371dc0b3fmr434698plc.36.1702558302859; Thu, 14 Dec 2023 04:51:42 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id jj17-20020a170903049100b001d36b2e3dddsm1184528plb.192.2023.12.14.04.51.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:51:42 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, casey@schaufler-ca.com, kpsingh@kernel.org, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v5 bpf-next 1/5] mm, doc: Add doc for MPOL_F_NUMA_BALANCING Date: Thu, 14 Dec 2023 12:50:29 +0000 Message-Id: <20231214125033.4158-2-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231214125033.4158-1-laoar.shao@gmail.com> References: <20231214125033.4158-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The document on MPOL_F_NUMA_BALANCING was missed in the initial commit The MPOL_F_NUMA_BALANCING document was inadvertently omitted from the initial commit bda420b98505 ("numa balancing: migrate on fault among multiple bound nodes") Let's ensure its inclusion. Signed-off-by: Yafang Shao Reviewed-by: "Huang, Ying" --- .../admin-guide/mm/numa_memory_policy.rst | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/Documentation/admin-guide/mm/numa_memory_policy.rst b/Documentation/admin-guide/mm/numa_memory_policy.rst index eca38fa..19071b71 100644 --- a/Documentation/admin-guide/mm/numa_memory_policy.rst +++ b/Documentation/admin-guide/mm/numa_memory_policy.rst @@ -332,6 +332,33 @@ MPOL_F_RELATIVE_NODES MPOL_PREFERRED policies that were created with an empty nodemask (local allocation). +MPOL_F_NUMA_BALANCING (since Linux 5.12) + When operating in MPOL_BIND mode, enables NUMA balancing for tasks, + contingent upon kernel support. This feature optimizes page + placement within the confines of the specified memory binding + policy. The addition of the MPOL_F_NUMA_BALANCING flag augments the + control mechanism for NUMA balancing: + + - The sysctl knob numa_balancing governs global activation or + deactivation of NUMA balancing. + + - Even if sysctl numa_balancing is enabled, NUMA balancing remains + disabled by default for memory areas or applications utilizing + explicit memory policies. + + - The MPOL_F_NUMA_BALANCING flag facilitates NUMA balancing + activation for applications employing explicit memory policies + (MPOL_BIND). + + This flags enables various optimizations for page placement through + NUMA balancing. For instance, when an application's memory is bound + to multiple nodes (MPOL_BIND), the hint page fault handler attempts + to migrate accessed pages to reduce cross-node access if the + accessing node aligns with the policy nodemask. + + If the flag isn't supported by the kernel, or is used with mode + other than MPOL_BIND, -1 is returned and errno is set to EINVAL. + Memory Policy Reference Counting ================================ From patchwork Thu Dec 14 12:50:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13493011 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Q/+tXeXa" Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0317C11B; Thu, 14 Dec 2023 04:51:45 -0800 (PST) Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-1d0ccda19eeso48529555ad.1; Thu, 14 Dec 2023 04:51:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702558304; x=1703163104; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xHJ+KYyJ1jZcwPU6L/9C8DimrQ09bt4oL7onSyu8iGg=; b=Q/+tXeXaKkgpfcse1ngDpsoFbG7qOrPkhMmOP9qgaQazvFZwoAOhA+zORaPOlw5d2u TVG4cHhbPoxqkoU6z01QTgidcZMSGcOFIALU41EsS4B6XfxjUxP1AcbiqjKoZU/yfbmd ZaLCDxmyYfmNimsH+whNHB+Ox9cHTeyQwbCnrxKMV9bh9jgnYNLsQ6FhLaKpMu6myayM 5bTIUIw0/UaI5zZ/7VFtF8b/EHy8JMKpTNsty923bOnrQ54oVmGSpofQDWnx8mdz2ZRl FoSbz5oUforam+LpZCAL0VprF9myubhSZKjQfTtihitwy9m0dh/XQI6Sx6uElufyfoVO 50+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558304; x=1703163104; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xHJ+KYyJ1jZcwPU6L/9C8DimrQ09bt4oL7onSyu8iGg=; b=ZQeFe2jjs63Cmsr7Xl6n3zyVZ9Tv5UKbL6px6IRp1wO+twSdMcamxPtTVAc+X+N0Ka TPXH691YkbXLYk4MkudkHrmN1FzDZtswyOYS+y25shtxlgiQItL8177vk1veYzE34V9d 9TtvyHTQwX4E47p4CiaXqsEBZX6gsAXJtCrVjIWh46sJtOOSMLt3Xky4P9s4VY8L7sLV 89RtRGZd791grzrXuWweRkRGqp2ghWHel9Ii//8OcJ++pPe/sW0+rScmig+VXAFYbCjv /tzekdN24UNOWJ/Fjxa4l8rsuwUNYXFRRrjAf2ZntRlgWHk0SHik+B+I4NC4cAFapLXf oftg== X-Gm-Message-State: AOJu0YwcrbSJlLzWkVBpSySrFfptLS3/0cj0rf7JtCsp/i/BCXWdgfaE R3EUVBjmF3PhnN3yf2UZgNY= X-Google-Smtp-Source: AGHT+IHJCfmGa/OQsAmV/JJqlMOqa+7hR321uAICGK3vb14T4CyiXYT6mtyWpONo4B+Q9E+Y2wuXOA== X-Received: by 2002:a17:903:2441:b0:1cf:aff5:8934 with SMTP id l1-20020a170903244100b001cfaff58934mr5418252pls.48.1702558304467; Thu, 14 Dec 2023 04:51:44 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id jj17-20020a170903049100b001d36b2e3dddsm1184528plb.192.2023.12.14.04.51.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:51:43 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, casey@schaufler-ca.com, kpsingh@kernel.org, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao , Eric Dumazet Subject: [PATCH v5 bpf-next 2/5] mm: mempolicy: Revise comment regarding mempolicy mode flags Date: Thu, 14 Dec 2023 12:50:30 +0000 Message-Id: <20231214125033.4158-3-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231214125033.4158-1-laoar.shao@gmail.com> References: <20231214125033.4158-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 MPOL_F_STATIC_NODES, MPOL_F_RELATIVE_NODES, and MPOL_F_NUMA_BALANCING are mode flags applicable to both set_mempolicy(2) and mbind(2) system calls. It's worth noting that MPOL_F_NUMA_BALANCING was initially introduced in commit bda420b98505 ("numa balancing: migrate on fault among multiple bound nodes") exclusively for set_mempolicy(2). However, it was later made a shared flag for both set_mempolicy(2) and mbind(2) following commit 6d2aec9e123b ("mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind()"). This revised version aims to clarify the details regarding the mode flags. Signed-off-by: Yafang Shao Reviewed-by: "Huang, Ying" Cc: Eric Dumazet --- include/uapi/linux/mempolicy.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/uapi/linux/mempolicy.h b/include/uapi/linux/mempolicy.h index a8963f7..afed4a4 100644 --- a/include/uapi/linux/mempolicy.h +++ b/include/uapi/linux/mempolicy.h @@ -26,7 +26,7 @@ enum { MPOL_MAX, /* always last member of enum */ }; -/* Flags for set_mempolicy */ +/* Flags for set_mempolicy() or mbind() */ #define MPOL_F_STATIC_NODES (1 << 15) #define MPOL_F_RELATIVE_NODES (1 << 14) #define MPOL_F_NUMA_BALANCING (1 << 13) /* Optimize with NUMA balancing if possible */ From patchwork Thu Dec 14 12:50:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13493012 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lbj0UF/c" Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8819511A; Thu, 14 Dec 2023 04:51:46 -0800 (PST) Received: by mail-pl1-x62d.google.com with SMTP id d9443c01a7336-1d098b87eeeso72653015ad.0; Thu, 14 Dec 2023 04:51:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702558306; x=1703163106; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=F5jNCiht2qhfhgmL/0QXVPaECx4NcLPjGSo+ppuw/OE=; b=lbj0UF/czrwp8t93IhuIP3Tp59KiXHHqFe02TFhw9/YTCYda+hcaBy7dRQhn5dIAdO b96mL778dDXIgvvkwxfEUmXe1HS0LEfjvKEebSNjcQV3EgA1ZViL9u0RFpayP03/t5e5 GG38BRpqgShy032YBa6CT45lV5HTEXSj3a1l5pjO7F6uMqgDgvB3J4Z0qdZIOd5rWCrt w30ZZD0k+MBgiiWXRcREvLyMat3beG6eJyDYRMfDvBWsIJKCnqjjt+pMbaHL7nwQX+Gm IYgGm9y1Y3NLn3/l3Q4blg8OO6hct5qVPGOhTb1/aKQGAaaturdOXaO5kica/US+YdRj vGRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558306; x=1703163106; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=F5jNCiht2qhfhgmL/0QXVPaECx4NcLPjGSo+ppuw/OE=; b=ceC9OFq5mwPGzGeaL5xfzLcmDfnve44icPSK2v/K6c5xox7O/KWVvFjzHSS/xmSUZj OP4ZpS3YEdIOAF2D7x448TEgJnYa2UbX3ESl+Bd4H8p5uouM9luZErs2IrQrhWROoa39 i6428L1uQlign26G7uINFdlf26MwiEzf+JsHZiCkqJkVrHyN/zDl+htLH1hsJks0Arp3 bKsJ1eAMeKtHBeIefKrlAQrtvf+ZlW9yujKn+c/hG+2/2WyxJUNeFE1wsddjjG3U/TXH GaXob34tjlkeEM78cVxnOLdVVVhEy8GT8QjCM0l9hESOL5v0bn7Xy1tuWxWaxsCFpqUu EfDQ== X-Gm-Message-State: AOJu0YxKroIB/ljMt6vSOubHyLL/jfYoo9GrcNAjWHL96bRkVYUVWfns hOYzdIcPPh+WAlkBOXdsygw= X-Google-Smtp-Source: AGHT+IGpqBwIV6/Z1bJz2uXsgixmwbGfGPBUTyaTQL8gEPBIKToLlEPZWt43poMVRrkjwahDoJ6KPg== X-Received: by 2002:a17:903:22c1:b0:1d0:6ffd:9e2a with SMTP id y1-20020a17090322c100b001d06ffd9e2amr10329616plg.124.1702558305872; Thu, 14 Dec 2023 04:51:45 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id jj17-20020a170903049100b001d36b2e3dddsm1184528plb.192.2023.12.14.04.51.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:51:45 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, casey@schaufler-ca.com, kpsingh@kernel.org, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v5 bpf-next 3/5] mm, security: Add lsm hook for memory policy adjustment Date: Thu, 14 Dec 2023 12:50:31 +0000 Message-Id: <20231214125033.4158-4-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231214125033.4158-1-laoar.shao@gmail.com> References: <20231214125033.4158-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In a containerized environment, independent memory binding by a user can lead to unexpected system issues or disrupt tasks being run by other users on the same server. If a user genuinely requires memory binding, we will allocate dedicated servers to them by leveraging kubelet deployment. At present, users have the capability to bind their memory to a specific node without explicit agreement or authorization from us. Consequently, a new LSM hook is introduced to mitigate this. This implementation allows us to exercise fine-grained control over memory policy adjustments within our container environment Signed-off-by: Yafang Shao --- include/linux/lsm_hook_defs.h | 3 +++ include/linux/security.h | 9 +++++++++ mm/mempolicy.c | 8 ++++++++ security/security.c | 13 +++++++++++++ 4 files changed, 33 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index ff217a5..5580127 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -419,3 +419,6 @@ LSM_HOOK(int, 0, uring_sqpoll, void) LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd) #endif /* CONFIG_IO_URING */ + +LSM_HOOK(int, 0, set_mempolicy, unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) diff --git a/include/linux/security.h b/include/linux/security.h index 1d1df326..cc4a19a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -484,6 +484,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int security_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1395,6 +1397,13 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } + +static inline int +security_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 10a590e..9535d9e 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1483,6 +1483,10 @@ static long kernel_mbind(unsigned long start, unsigned long len, if (err) return err; + err = security_set_mempolicy(lmode, mode_flags, &nodes, flags); + if (err) + return err; + return do_mbind(start, len, lmode, mode_flags, &nodes, flags); } @@ -1577,6 +1581,10 @@ static long kernel_set_mempolicy(int mode, const unsigned long __user *nmask, if (err) return err; + err = security_set_mempolicy(lmode, mode_flags, &nodes, 0); + if (err) + return err; + return do_set_mempolicy(lmode, mode_flags, &nodes); } diff --git a/security/security.c b/security/security.c index dcb3e70..685ad79 100644 --- a/security/security.c +++ b/security/security.c @@ -5337,3 +5337,16 @@ int security_uring_cmd(struct io_uring_cmd *ioucmd) return call_int_hook(uring_cmd, 0, ioucmd); } #endif /* CONFIG_IO_URING */ + +/** + * security_set_mempolicy() - Check if memory policy can be adjusted + * @mode: The memory policy mode to be set + * @mode_flags: optional mode flags + * @nmask: modemask to which the mode applies + * @flags: mode flags for mbind(2) only + */ +int security_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) +{ + return call_int_hook(set_mempolicy, 0, mode, mode_flags, nmask, flags); +} From patchwork Thu Dec 14 12:50:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13493013 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="J6kiN4Qf" Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 07601128; Thu, 14 Dec 2023 04:51:47 -0800 (PST) Received: by mail-pf1-x429.google.com with SMTP id d2e1a72fcca58-6d089e8b1b2so2981831b3a.3; Thu, 14 Dec 2023 04:51:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702558307; x=1703163107; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6NLQupAZumzbZoKpNAG12sWAtAVUuthZdQhUM0QKlyo=; b=J6kiN4QfixXuDKgDz0tUKRaKWkxF2HGVa13+74hYzIn7jDHWIozSEIfq134WE0/BbA vL+YFIbckugPuoaYmeyGS/GZ9goapr+zqKUoUv+feNL1W0jW7VbHgJG6pAF8+tct8Kzh IZyqCtJaYwAIrejDDIHmhIq2mDvrxQ+65q1k52DsCqKsB+hKxWmKqCgtw4srZ19cbJIL siN3zpXSn4oOTba+VzO+8BeT4dCjWqUcyTkkBjNbnwKDSOaE3FKRtnLwEQd3IhTe9guW dQKPEKSyObjeq52RLYNLvZFPdhogU6shZlx3huMpFnz8na7VHmSKLknKPKKyxfckMBnA s3Nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558307; x=1703163107; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6NLQupAZumzbZoKpNAG12sWAtAVUuthZdQhUM0QKlyo=; b=IjiAhpt1TNsEbCGw9mlKRszWvqAOXoAJDbHQo1v7xMJZG6LHzpQaKRpCs6s1ShU1YR FPgaX+6N52OGO8cIwX2S73oLzRykdaIPnr0WvynjVx3b6C8KG33LXrQLWCCdvSwRKfWq ku8fT+qTgsA7mWxPa970JtZvpKjK+YhziHFRimcSba3AUQwEbjMNMIwWXK86GfkqpGkS mQewr/AP4MT0sIXMzGsHo7ZoLfM3O09czjalR0EP38khWyPGq6Zq3roqsLu2XPFVOsYC u3FQxIToH5h1CG05rhcO91ec/WnDIBCp5hMkFcMdaYt/O68JVeMZ1Xn9ZVv8DzR0Kj34 6RZw== X-Gm-Message-State: AOJu0Yy+43m6MY0DxZ4HPIlfKYPXa2XuU7pG9RDvMUXIoeaZhhaOTVbI 1/3NqBJ33G3eB0Dv3g+DN9I= X-Google-Smtp-Source: AGHT+IFyrMV98A56t+dmpjQI6o3tD3UVYHPGWsTpR7EYC7ExrRnRkFX6PbWwWnOn+9SdsmHBpk2UrQ== X-Received: by 2002:a05:6a20:13cc:b0:190:2c2f:7df9 with SMTP id ho12-20020a056a2013cc00b001902c2f7df9mr4835222pzc.64.1702558307403; Thu, 14 Dec 2023 04:51:47 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id jj17-20020a170903049100b001d36b2e3dddsm1184528plb.192.2023.12.14.04.51.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:51:46 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, casey@schaufler-ca.com, kpsingh@kernel.org, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v5 bpf-next 4/5] security: selinux: Implement set_mempolicy hook Date: Thu, 14 Dec 2023 12:50:32 +0000 Message-Id: <20231214125033.4158-5-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231214125033.4158-1-laoar.shao@gmail.com> References: <20231214125033.4158-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add a SELinux access control for the newly introduced set_mempolicy lsm hook. A new permission "setmempolicy" is defined under the "process" class for it. Signed-off-by: Yafang Shao --- security/selinux/hooks.c | 8 ++++++++ security/selinux/include/classmap.h | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index feda711..1528d4d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4238,6 +4238,13 @@ static int selinux_userns_create(const struct cred *cred) USER_NAMESPACE__CREATE, NULL); } +static int selinux_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) +{ + return avc_has_perm(current_sid(), task_sid_obj(current), SECCLASS_PROCESS, + PROCESS__SETMEMPOLICY, NULL); +} + /* Returns error only if unable to parse addresses */ static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct common_audit_data *ad, u8 *proto) @@ -7072,6 +7079,7 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) LSM_HOOK_INIT(task_kill, selinux_task_kill), LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode), LSM_HOOK_INIT(userns_create, selinux_userns_create), + LSM_HOOK_INIT(set_mempolicy, selinux_set_mempolicy), LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission), LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index a3c3807..c280d92 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -51,7 +51,7 @@ "getattr", "setexec", "setfscreate", "noatsecure", "siginh", "setrlimit", "rlimitinh", "dyntransition", "setcurrent", "execmem", "execstack", "execheap", "setkeycreate", - "setsockcreate", "getrlimit", NULL } }, + "setsockcreate", "getrlimit", "setmempolicy", NULL } }, { "process2", { "nnp_transition", "nosuid_transition", NULL } }, { "system", From patchwork Thu Dec 14 12:50:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13493014 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HIfbfkFQ" Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B2F60115; Thu, 14 Dec 2023 04:51:49 -0800 (PST) Received: by mail-pl1-x62e.google.com with SMTP id d9443c01a7336-1d367e7092eso5218505ad.0; Thu, 14 Dec 2023 04:51:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702558309; x=1703163109; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TyrHpozxlKgTFPeXDtkYdtWnntKkuOFgibrMNmUzOUE=; b=HIfbfkFQeonZbdJmlwW1p7RSjAC/yIFnJB/8NuNTYcUCFHB7YfKydEjO77gFRT3GdK CQdRCz/TllrELmE5OCiENBPxJBKsMjurdilOiBW8mmISBXhyd5efgMacci3+Gye2OcTw Sl+KpVKSz/LqW3Eo5pdm6gnWOsO4WlPhMrklybdV+6mPkTvIDZGvehydJ6i4TaJar7AS xcBctylZqoKYRnNr9MW9UGeIT5nGIuXa0dN8OxoHIsMrYyG8PTeuAOHlvIpsAYcOGZou RtdY3s55JN7AUp64jmkncjRuk973PGEBi/rECw6GHQ8QKm/MBlwKttCKEzGW9t2MuTy7 2JOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558309; x=1703163109; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TyrHpozxlKgTFPeXDtkYdtWnntKkuOFgibrMNmUzOUE=; b=mn6yAvztEZP5OSpf0ZVv4YG24oD5JB0fXTgmZEgIljg8dMVDrqqQHHlMM+PIKNYLBQ PXUOAgJ6eFTPzv2ca1mUq6YBq/vpbnZsrOQBWqjw3HmwmxqudoAefA70vGJRm83eDA/4 LgPLGfiOuISYcB82sTu3xucivGkjWMwNRWZOSch6/UkrX+bFCj3GaqTdlzkpkYYgMnCD uHcSN2bRV5nu2H9SUgtE4vpZvi8ldLAtK3ePn179RkUrI/JW2zfD0qhdg5ZtNxbeu9To z5F23Bd8fBJMHfVc9QIsChYDC0ILCCrQNCH8WvIi7GDvloGBwnJyhwcwJNldL73Iu5c3 bMhA== X-Gm-Message-State: AOJu0YwaCN17r9zsiEYX2yUsw5KiVHTE28XmCSQavg+1XA5Jf8l5/mBH eHECIRcpaS6dBIXc/s7h1Ik= X-Google-Smtp-Source: AGHT+IHKABTJfb+UE9Rl0k944YTPHTs0rNUemBBzZ7HjNhQ1RB6o1I8s72VFPWyQj+fYjdmi8hT7kw== X-Received: by 2002:a17:902:ebcd:b0:1d0:c906:f5e0 with SMTP id p13-20020a170902ebcd00b001d0c906f5e0mr11350823plg.72.1702558309099; Thu, 14 Dec 2023 04:51:49 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id jj17-20020a170903049100b001d36b2e3dddsm1184528plb.192.2023.12.14.04.51.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:51:48 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, casey@schaufler-ca.com, kpsingh@kernel.org, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v5 bpf-next 5/5] selftests/bpf: Add selftests for set_mempolicy with a lsm prog Date: Thu, 14 Dec 2023 12:50:33 +0000 Message-Id: <20231214125033.4158-6-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231214125033.4158-1-laoar.shao@gmail.com> References: <20231214125033.4158-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In the straightforward LSM prog, it denies the use of mbind(2) with the mode MPOL_BIND and permits other modes. Consequently: - Absent the LSM prog, mbind(2) should invariably succeed regardless of the mode #263/1 set_mempolicy/MPOL_BIND_without_lsm:OK #263/2 set_mempolicy/MPOL_DEFAULT_without_lsm:OK - With the LSM prog - mbind(2) with the mode MPOL_BIND should result in failure #263/3 set_mempolicy/MPOL_BIND_with_lsm:OK - mbind(2) with the mode MPOL_DEFAULT should succeed #263/4 set_mempolicy/MPOL_DEFAULT_with_lsm:OK - Summary #263 set_mempolicy:OK Summary: 1/4 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Yafang Shao --- .../selftests/bpf/prog_tests/set_mempolicy.c | 84 ++++++++++++++++++++++ .../selftests/bpf/progs/test_set_mempolicy.c | 28 ++++++++ 2 files changed, 112 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/set_mempolicy.c create mode 100644 tools/testing/selftests/bpf/progs/test_set_mempolicy.c diff --git a/tools/testing/selftests/bpf/prog_tests/set_mempolicy.c b/tools/testing/selftests/bpf/prog_tests/set_mempolicy.c new file mode 100644 index 0000000..4d3fe1d --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/set_mempolicy.c @@ -0,0 +1,84 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 Yafang Shao */ + +#include +#include +#include +#include +#include +#include "test_set_mempolicy.skel.h" + +#define SIZE 4096 + +static void mempolicy_bind(bool success) +{ + unsigned long mask = 1; + char *addr; + int err; + + addr = mmap(NULL, SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (!ASSERT_OK_PTR(addr, "mmap")) + return; + + /* -lnuma is required by mbind(2), so use __NR_mbind to avoid the dependency. */ + err = syscall(__NR_mbind, addr, SIZE, MPOL_BIND, &mask, sizeof(mask), 0); + if (success) + ASSERT_OK(err, "mbind_success"); + else + ASSERT_ERR(err, "mbind_fail"); + + munmap(addr, SIZE); +} + +static void mempolicy_default(void) +{ + char *addr; + int err; + + addr = mmap(NULL, SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (!ASSERT_OK_PTR(addr, "mmap")) + return; + + err = syscall(__NR_mbind, addr, SIZE, MPOL_DEFAULT, NULL, 0, 0); + ASSERT_OK(err, "mbind_success"); + + munmap(addr, SIZE); +} + +void test_set_mempolicy(void) +{ + struct test_set_mempolicy *skel; + int err; + + skel = test_set_mempolicy__open(); + if (!ASSERT_OK_PTR(skel, "open")) + return; + + skel->bss->target_pid = getpid(); + + err = test_set_mempolicy__load(skel); + if (!ASSERT_OK(err, "load")) + goto destroy; + + /* Without LSM, mbind(2) should succeed regardless of the mode. */ + if (test__start_subtest("MPOL_BIND_without_lsm")) + mempolicy_bind(true); + if (test__start_subtest("MPOL_DEFAULT_without_lsm")) + mempolicy_default(); + + /* Attach LSM prog, in which it will deny MPOL_BIND */ + err = test_set_mempolicy__attach(skel); + if (!ASSERT_OK(err, "attach")) + goto destroy; + + /* MPOL_BIND should fail. */ + if (test__start_subtest("MPOL_BIND_with_lsm")) + mempolicy_bind(false); + + /* MPOL_DEFAULT should succeed. */ + if (test__start_subtest("MPOL_DEFAULT_with_lsm")) + mempolicy_default(); + +destroy: + test_set_mempolicy__destroy(skel); +} diff --git a/tools/testing/selftests/bpf/progs/test_set_mempolicy.c b/tools/testing/selftests/bpf/progs/test_set_mempolicy.c new file mode 100644 index 0000000..b5356d5 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_set_mempolicy.c @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 Yafang Shao */ + +#include "vmlinux.h" +#include +#include + +int target_pid; + +static int mem_policy_adjustment(u64 mode) +{ + struct task_struct *task = bpf_get_current_task_btf(); + + if (task->pid != target_pid) + return 0; + + if (mode != MPOL_BIND) + return 0; + return -1; +} + +SEC("lsm/set_mempolicy") +int BPF_PROG(setmempolicy, u64 mode, u16 mode_flags, nodemask_t *nmask, u32 flags) +{ + return mem_policy_adjustment(mode); +} + +char _license[] SEC("license") = "GPL";