From: KP Singh <kpsingh@chromium.org>
To: linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
linux-security-module@vger.kernel.org
Cc: "Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"James Morris" <jmorris@namei.org>,
"Kees Cook" <keescook@chromium.org>,
"Thomas Garnier" <thgarnie@chromium.org>,
"Michael Halcrow" <mhalcrow@google.com>,
"Paul Turner" <pjt@google.com>,
"Brendan Gregg" <brendan.d.gregg@gmail.com>,
"Jann Horn" <jannh@google.com>,
"Matthew Garrett" <mjg59@google.com>,
"Christian Brauner" <christian@brauner.io>,
"Mickaël Salaün" <mic@digikod.net>,
"Florent Revest" <revest@chromium.org>,
"Martin KaFai Lau" <kafai@fb.com>,
"Song Liu" <songliubraving@fb.com>, "Yonghong Song" <yhs@fb.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Mauro Carvalho Chehab" <mchehab+samsung@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Nicolas Ferre" <nicolas.ferre@microchip.com>,
"Stanislav Fomichev" <sdf@google.com>,
"Quentin Monnet" <quentin.monnet@netronome.com>,
"Andrey Ignatov" <rdna@fb.com>, "Joe Stringer" <joe@wand.net.nz>
Subject: [RFC v1 11/14] krsi: Pin argument pages in bprm_check_security hook
Date: Tue, 10 Sep 2019 13:55:24 +0200 [thread overview]
Message-ID: <20190910115527.5235-12-kpsingh@chromium.org> (raw)
In-Reply-To: <20190910115527.5235-1-kpsingh@chromium.org>
From: KP Singh <kpsingh@google.com>
Pin the memory allocated to the the argv + envv for the new
process and passes it in the context to the eBPF programs attached to
the hook.
The get_user_pages_remote cannot be called from an eBPF helper because
the helpers run in atomic context and the get_user_pages_remote function
can sleep.
The following heuristics can be added as an optimization:
- Don't pin the pages if no eBPF programs are attached.
- Don't pin the pages if none of the eBPF programs depend on the
information. This would require introspection of the byte-code and
checking if certain helpers are called.
Signed-off-by: KP Singh <kpsingh@google.com>
---
security/krsi/include/krsi_init.h | 3 ++
security/krsi/krsi.c | 56 +++++++++++++++++++++++++++++++
2 files changed, 59 insertions(+)
diff --git a/security/krsi/include/krsi_init.h b/security/krsi/include/krsi_init.h
index 4e17ecacd4ed..6152847c3b08 100644
--- a/security/krsi/include/krsi_init.h
+++ b/security/krsi/include/krsi_init.h
@@ -16,6 +16,9 @@ extern int krsi_fs_initialized;
struct krsi_bprm_ctx {
struct linux_binprm *bprm;
+ char *arg_pages;
+ unsigned long num_arg_pages;
+ unsigned long max_arg_offset;
};
/*
diff --git a/security/krsi/krsi.c b/security/krsi/krsi.c
index d3a4a361c192..00a7150c1b22 100644
--- a/security/krsi/krsi.c
+++ b/security/krsi/krsi.c
@@ -4,6 +4,8 @@
#include <linux/filter.h>
#include <linux/bpf.h>
#include <linux/binfmts.h>
+#include <linux/highmem.h>
+#include <linux/mm.h>
#include "krsi_init.h"
@@ -17,6 +19,53 @@ struct krsi_hook krsi_hooks_list[] = {
#undef KRSI_HOOK_INIT
};
+static int pin_arg_pages(struct krsi_bprm_ctx *ctx)
+{
+ int ret = 0;
+ char *kaddr;
+ struct page *page;
+ unsigned long i, pos, num_arg_pages;
+ struct linux_binprm *bprm = ctx->bprm;
+ char *buf;
+
+ /*
+ * The bprm->vma_pages does not have the correct count
+ * for execution that is done by a kernel thread using the UMH.
+ * vm_pages is updated in acct_arg_size and bails
+ * out if current->mm is NULL (which is the case for a kernel thread).
+ * It's safer to use vma_pages(struct linux_binprm*) to get the
+ * actual number
+ */
+ num_arg_pages = vma_pages(bprm->vma);
+ if (!num_arg_pages)
+ return -ENOMEM;
+
+ buf = kmalloc_array(num_arg_pages, PAGE_SIZE, GFP_KERNEL);
+ if (!buf)
+ return -ENOMEM;
+
+ for (i = 0; i < num_arg_pages; i++) {
+ pos = ALIGN_DOWN(bprm->p, PAGE_SIZE) + i * PAGE_SIZE;
+ ret = get_user_pages_remote(current, bprm->mm, pos, 1,
+ FOLL_FORCE, &page, NULL, NULL);
+ if (ret <= 0) {
+ kfree(buf);
+ return -ENOMEM;
+ }
+
+ kaddr = kmap(page);
+ memcpy(buf + i * PAGE_SIZE, kaddr, PAGE_SIZE);
+ kunmap(page);
+ put_page(page);
+ }
+
+ ctx->arg_pages = buf;
+ ctx->num_arg_pages = num_arg_pages;
+ ctx->max_arg_offset = num_arg_pages * PAGE_SIZE;
+
+ return 0;
+}
+
static int krsi_process_execution(struct linux_binprm *bprm)
{
int ret;
@@ -26,7 +75,14 @@ static int krsi_process_execution(struct linux_binprm *bprm)
.bprm = bprm,
};
+ ret = pin_arg_pages(&ctx.bprm_ctx);
+ if (ret < 0)
+ goto out_arg_pages;
+
ret = krsi_run_progs(PROCESS_EXECUTION, &ctx);
+ kfree(ctx.bprm_ctx.arg_pages);
+
+out_arg_pages:
return ret;
}
--
2.20.1
next prev parent reply other threads:[~2019-09-10 11:57 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-10 11:55 [RFC v1 00/14] Kernel Runtime Security Instrumentation KP Singh
2019-09-10 11:55 ` [RFC v1 01/14] krsi: Add a skeleton and config options for the KRSI LSM KP Singh
2019-09-10 11:55 ` [RFC v1 02/14] krsi: Introduce types for KRSI eBPF KP Singh
2019-09-10 11:55 ` [RFC v1 03/14] bpf: krsi: sync BPF UAPI header with tools KP Singh
2019-09-10 11:55 ` [RFC v1 04/14] krsi: Add support in libbpf for BPF_PROG_TYPE_KRSI KP Singh
2019-09-14 16:09 ` Yonghong Song
2019-09-10 11:55 ` [RFC v1 05/14] krsi: Initialize KRSI hooks and create files in securityfs KP Singh
2019-09-14 16:26 ` Yonghong Song
2019-09-10 11:55 ` [RFC v1 06/14] krsi: Implement eBPF operations, attachment and execution KP Singh
2019-09-14 16:56 ` Yonghong Song
2019-09-15 0:37 ` Yonghong Song
2019-09-10 11:55 ` [RFC v1 07/14] krsi: Check for premissions on eBPF attachment KP Singh
2019-09-10 11:55 ` [RFC v1 08/14] krsi: Show attached program names in hook read handler KP Singh
2019-09-10 11:55 ` [RFC v1 09/14] krsi: Add a helper function for bpf_perf_event_output KP Singh
2019-09-14 18:23 ` Yonghong Song
2019-09-10 11:55 ` [RFC v1 10/14] krsi: Handle attachment of the same program KP Singh
2019-09-10 11:55 ` KP Singh [this message]
2019-09-10 11:55 ` [RFC v1 12/14] krsi: Add an eBPF helper function to get the value of an env variable KP Singh
2019-09-15 0:16 ` Yonghong Song
2019-09-16 13:00 ` KP Singh
2019-09-17 16:58 ` Yonghong Song
2019-09-17 19:36 ` KP Singh
2019-09-10 11:55 ` [RFC v1 13/14] krsi: Provide an example to read and log environment variables KP Singh
2019-09-15 0:24 ` Yonghong Song
2019-09-10 11:55 ` [RFC v1 14/14] krsi: Pin arg pages only when needed KP Singh
2019-09-15 0:33 ` Yonghong Song
2019-09-15 1:40 ` KP Singh
2019-09-15 19:45 ` Yonghong Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190910115527.5235-12-kpsingh@chromium.org \
--to=kpsingh@chromium.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brendan.d.gregg@gmail.com \
--cc=christian@brauner.io \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=joe@wand.net.nz \
--cc=kafai@fb.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mchehab+samsung@kernel.org \
--cc=mhalcrow@google.com \
--cc=mic@digikod.net \
--cc=mjg59@google.com \
--cc=nicolas.ferre@microchip.com \
--cc=pjt@google.com \
--cc=quentin.monnet@netronome.com \
--cc=rdna@fb.com \
--cc=revest@chromium.org \
--cc=sdf@google.com \
--cc=serge@hallyn.com \
--cc=songliubraving@fb.com \
--cc=thgarnie@chromium.org \
--cc=yhs@fb.com \
--subject='Re: [RFC v1 11/14] krsi: Pin argument pages in bprm_check_security hook' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).