From: Matt Bobrowski <mattbobrowski@google.com>
To: kpsingh@kernel.org, ast@kernel.org, andrii@kernel.org
Cc: revest@chromium.org, jackmanb@chromium.org,
yonghong.song@linux.dev, gnoack@google.com, bpf@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH bpf-next] bpf: add security_file_mprotect() to sleepable_lsm_hooks BTF set
Date: Thu, 1 Feb 2024 13:38:20 +0000 [thread overview]
Message-ID: <ZbuezASA0_Ng2VB9@google.com> (raw)
In-Reply-To: <Zbt16HS-9x8YPZNz@google.com>
On Thu, Feb 01, 2024 at 10:43:52AM +0000, Matt Bobrowski wrote:
> security_file_mprotect() is missing from the sleepable_lsm_hooks BTF
> set. Add it so that operations performed by a BPF program which may
> result in the thread being put to sleep are permitted.
>
> Building a kernel with the DEBUG_ATOMIC_SLEEP confiuration option
> enabled and running reasonable workloads stimulating a BPF program
> attached to security_file_mprotect() which could end up performing an
> operation that could sleep resulted in no splats.
Actually, no, please disregard this patch. It was only a matter of
timing before something had popped up.
This was sent out far too prematurely and I failed to realize that
__bpf_prog_enter_sleepable() calls might_fault() and
security_file_mprotect() is being called from a context whereby a
mmap_lock is already being held. In essence, this also means that it's
not possible to run sleepable BPF programs in contexts where a
mmap_lock is already held as the page fault handler also attempts to
take the mmap_lock, and well all know what happens when you have the
same thread attempting to acquire the same lock whilst already holding
that lock.
> Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>
> ---
> kernel/bpf/bpf_lsm.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c
> index 68240c3c6e7d..da52c955f3ca 100644
> --- a/kernel/bpf/bpf_lsm.c
> +++ b/kernel/bpf/bpf_lsm.c
> @@ -277,10 +277,13 @@ BTF_ID(func, bpf_lsm_bprm_creds_from_file)
> BTF_ID(func, bpf_lsm_capget)
> BTF_ID(func, bpf_lsm_capset)
> BTF_ID(func, bpf_lsm_cred_prepare)
> +
> BTF_ID(func, bpf_lsm_file_ioctl)
> BTF_ID(func, bpf_lsm_file_lock)
> BTF_ID(func, bpf_lsm_file_open)
> BTF_ID(func, bpf_lsm_file_receive)
> +BTF_ID(func, bpf_lsm_mmap_file)
> +BTF_ID(func, bpf_lsm_file_mprotect)
>
> BTF_ID(func, bpf_lsm_inode_create)
> BTF_ID(func, bpf_lsm_inode_free_security)
> @@ -316,7 +319,6 @@ BTF_ID(func, bpf_lsm_path_chown)
> BTF_ID(func, bpf_lsm_key_free)
> #endif /* CONFIG_KEYS */
>
> -BTF_ID(func, bpf_lsm_mmap_file)
> BTF_ID(func, bpf_lsm_netlink_send)
> BTF_ID(func, bpf_lsm_path_notify)
> BTF_ID(func, bpf_lsm_release_secctx)
> --
> 2.43.0.429.g432eaa2c6b-goog
/M
prev parent reply other threads:[~2024-02-01 13:38 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-01 10:43 [PATCH bpf-next] bpf: add security_file_mprotect() to sleepable_lsm_hooks BTF set Matt Bobrowski
2024-02-01 13:38 ` Matt Bobrowski [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZbuezASA0_Ng2VB9@google.com \
--to=mattbobrowski@google.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=gnoack@google.com \
--cc=jackmanb@chromium.org \
--cc=kpsingh@kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=revest@chromium.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.