Re: [PATCH bpf] selftests/bpf: fix memory leak of lsm_cgroup

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: sdf@google.com
To: Wang Yufen <wangyufen@huawei.com>
Cc: linux-security-module@vger.kernel.org, bpf@vger.kernel.org,
	martin.lau@linux.dev, ast@kernel.org, daniel@iogearbox.net,
	andrii@kernel.org, paul@paul-moore.com
Subject: Re: [PATCH bpf] selftests/bpf: fix memory leak of lsm_cgroup
Date: Mon, 14 Nov 2022 09:34:23 -0800	[thread overview]
Message-ID: <Y3J8HyIfhm7rgpvI@google.com> (raw)
In-Reply-To: <1668401942-6309-1-git-send-email-wangyufen@huawei.com>

On 11/14, Wang Yufen wrote:
> kmemleak reports this issue:

> unreferenced object 0xffff88810b7835c0 (size 32):
>    comm "test_progs", pid 270, jiffies 4294969007 (age 1621.315s)
>    hex dump (first 32 bytes):
>      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>      03 00 00 00 03 00 00 00 0f 00 00 00 00 00 00 00  ................
>    backtrace:
>      [<00000000376cdeab>] kmalloc_trace+0x27/0x110
>      [<000000003bcdb3b6>] selinux_sk_alloc_security+0x66/0x110
>      [<000000003959008f>] security_sk_alloc+0x47/0x80
>      [<00000000e7bc6668>] sk_prot_alloc+0xbd/0x1a0
>      [<0000000002d6343a>] sk_alloc+0x3b/0x940
>      [<000000009812a46d>] unix_create1+0x8f/0x3d0
>      [<000000005ed0976b>] unix_create+0xa1/0x150
>      [<0000000086a1d27f>] __sock_create+0x233/0x4a0
>      [<00000000cffe3a73>] __sys_socket_create.part.0+0xaa/0x110
>      [<0000000007c63f20>] __sys_socket+0x49/0xf0
>      [<00000000b08753c8>] __x64_sys_socket+0x42/0x50
>      [<00000000b56e26b3>] do_syscall_64+0x3b/0x90
>      [<000000009b4871b8>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

> The issue occurs in the following scenarios:

> unix_create1()
>    sk_alloc()
>      sk_prot_alloc()
>        security_sk_alloc()
>          call_int_hook()
>            hlist_for_each_entry()
>              entry1->hook.sk_alloc_security
>              <-- selinux_sk_alloc_security() succeeded,
>              <-- sk->security alloced here.
>              entry2->hook.sk_alloc_security
>              <-- bpf_lsm_sk_alloc_security() failed
>        goto out_free;
>          ...    <-- the sk->security not freed, memleak

> The core problem is that the LSM is not yet fully stacked (work is
> actively going on in this space) which means that some LSM hooks do
> not support multiple LSMs at the same time. To fix, skip the
> "EPERM" test when it runs in the environments that already have
> non-bpf lsms installed

> Fixes: dca85aac8895 ("selftests/bpf: lsm_cgroup functional test")
> Signed-off-by: Wang Yufen <wangyufen@huawei.com>
> Cc: Stanislav Fomichev <sdf@google.com>
> ---
>   tools/testing/selftests/bpf/prog_tests/lsm_cgroup.c | 19  
> +++++++++++++++----
>   tools/testing/selftests/bpf/progs/lsm_cgroup.c      |  8 ++++++++
>   2 files changed, 23 insertions(+), 4 deletions(-)

> diff --git a/tools/testing/selftests/bpf/prog_tests/lsm_cgroup.c  
> b/tools/testing/selftests/bpf/prog_tests/lsm_cgroup.c
> index 1102e4f..a927ade 100644
> --- a/tools/testing/selftests/bpf/prog_tests/lsm_cgroup.c
> +++ b/tools/testing/selftests/bpf/prog_tests/lsm_cgroup.c
> @@ -173,10 +173,14 @@ static void test_lsm_cgroup_functional(void)
>   	ASSERT_EQ(query_prog_cnt(cgroup_fd, NULL), 4, "total prog count");
>   	ASSERT_EQ(query_prog_cnt(cgroup_fd2, NULL), 1, "total prog count");

> -	/* AF_UNIX is prohibited. */
> -
>   	fd = socket(AF_UNIX, SOCK_STREAM, 0);
> -	ASSERT_LT(fd, 0, "socket(AF_UNIX)");
> +	if (skel->kconfig->CONFIG_SECURITY_APPARMOR
> +	    || skel->kconfig->CONFIG_SECURITY_SELINUX
> +	    || skel->kconfig->CONFIG_SECURITY_SMACK)

[..]

> +		ASSERT_GE(fd, 0, "socket(AF_UNIX)");

nit: maybe skip this completely instead of having ASSERT_GE+close?

	if (!(skel->kconfig->CONFIG_SECURITY_APPARMOR || _SELINUX || _SMACK)
		/* AF_UNIX is prohibited. */
		ASSERT_LT(fd, 0, "socket(AF_UNIX)");


> +	else
> +		/* AF_UNIX is prohibited. */
> +		ASSERT_LT(fd, 0, "socket(AF_UNIX)");
>   	close(fd);

>   	/* AF_INET6 gets default policy (sk_priority). */
> @@ -233,11 +237,18 @@ static void test_lsm_cgroup_functional(void)

>   	/* AF_INET6+SOCK_STREAM
>   	 * AF_PACKET+SOCK_RAW
> +	 * AF_UNIX+SOCK_RAW if already have non-bpf lsms installed
>   	 * listen_fd
>   	 * client_fd
>   	 * accepted_fd
>   	 */
> -	ASSERT_EQ(skel->bss->called_socket_post_create2, 5, "called_create2");
> +	if (skel->kconfig->CONFIG_SECURITY_APPARMOR
> +	    || skel->kconfig->CONFIG_SECURITY_SELINUX
> +	    || skel->kconfig->CONFIG_SECURITY_SMACK)
> +		/* AF_UNIX+SOCK_RAW if already have non-bpf lsms installed */
> +		ASSERT_EQ(skel->bss->called_socket_post_create2, 6, "called_create2");
> +	else
> +		ASSERT_EQ(skel->bss->called_socket_post_create2, 5, "called_create2");

>   	/* start_server
>   	 * bind(ETH_P_ALL)
> diff --git a/tools/testing/selftests/bpf/progs/lsm_cgroup.c  
> b/tools/testing/selftests/bpf/progs/lsm_cgroup.c
> index 4f2d60b..02c11d1 100644
> --- a/tools/testing/selftests/bpf/progs/lsm_cgroup.c
> +++ b/tools/testing/selftests/bpf/progs/lsm_cgroup.c
> @@ -7,6 +7,10 @@

>   char _license[] SEC("license") = "GPL";

> +extern bool CONFIG_SECURITY_SELINUX __kconfig __weak;
> +extern bool CONFIG_SECURITY_SMACK __kconfig __weak;
> +extern bool CONFIG_SECURITY_APPARMOR __kconfig __weak;
> +
>   #ifndef AF_PACKET
>   #define AF_PACKET 17
>   #endif
> @@ -140,6 +144,10 @@ int BPF_PROG(socket_bind2, struct socket *sock,  
> struct sockaddr *address,
>   int BPF_PROG(socket_alloc, struct sock *sk, int family, gfp_t priority)
>   {
>   	called_socket_alloc++;
> +	/* if already have non-bpf lsms installed, EPERM will cause memory leak  
> of non-bpf lsms */
> +	if (CONFIG_SECURITY_SELINUX || CONFIG_SECURITY_SMACK ||  
> CONFIG_SECURITY_APPARMOR)
> +		return 1;
> +
>   	if (family == AF_UNIX)
>   		return 0; /* EPERM */

> --
> 1.8.3.1

next prev parent reply	other threads:[~2022-11-14 17:34 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-14  4:59 [PATCH bpf] selftests/bpf: fix memory leak of lsm_cgroup Wang Yufen
2022-11-14 17:34 ` sdf [this message]
2022-11-15  3:07   ` wangyufen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y3J8HyIfhm7rgpvI@google.com \
    --to=sdf@google.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=linux-security-module@vger.kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=paul@paul-moore.com \
    --cc=wangyufen@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).