From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F803C4167B for ; Fri, 8 Dec 2023 17:30:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A455F6B00A1; Fri, 8 Dec 2023 12:30:37 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 9F51B6B00A2; Fri, 8 Dec 2023 12:30:37 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8BC9A6B00A3; Fri, 8 Dec 2023 12:30:37 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 7A6B86B00A1 for ; Fri, 8 Dec 2023 12:30:37 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 4D15EA0262 for ; Fri, 8 Dec 2023 17:30:37 +0000 (UTC) X-FDA: 81544340514.23.227FE38 Received: from sonic302-28.consmr.mail.ne1.yahoo.com (sonic302-28.consmr.mail.ne1.yahoo.com [66.163.186.154]) by imf24.hostedemail.com (Postfix) with ESMTP id 1208F180035 for ; Fri, 8 Dec 2023 17:30:34 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=yahoo.com header.s=s2048 header.b=iGkseRuL; dmarc=none; spf=none (imf24.hostedemail.com: domain of casey@schaufler-ca.com has no SPF policy when checking 66.163.186.154) smtp.mailfrom=casey@schaufler-ca.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1702056635; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8zXEHe/Cw3PoTo1fEs/FubOVlk8pu/yyTJ13NPPN9Ec=; b=te0fIjRcJ1HPOWQaIACOYLkRBu7qQQOXMr5RBJXvG61Zu5vINMwsTjkjv8ppQVk7RCbpC8 F2YgYUnMRx8qH8Xj5eJfLR0kJJnRvgEYTOS4iDACTBdHHeRv5ga3ZEoaboVhVIKSOs7/k9 Umm1847pY74Q8/0aHfGgBD4ZUQ36XSw= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=yahoo.com header.s=s2048 header.b=iGkseRuL; dmarc=none; spf=none (imf24.hostedemail.com: domain of casey@schaufler-ca.com has no SPF policy when checking 66.163.186.154) smtp.mailfrom=casey@schaufler-ca.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1702056635; a=rsa-sha256; cv=none; b=RNp/5QQhrjfc7L1a4CdpshMNdiaP22Nce0tWHCarYYvFc3P3o91j00IPk5ID7TnweAM9tc m8wd4Q4eJSt0pvdvbth00zLwzre9DyE/+qIErUch7dqUvV8fYehauAYhWimbzwv74QLqZ2 s152vlx6YwWJOix3VznqUDUXWKpVPOo= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702056634; bh=8zXEHe/Cw3PoTo1fEs/FubOVlk8pu/yyTJ13NPPN9Ec=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From:Subject:Reply-To; b=iGkseRuLHj22MHvdhfafWbjRsCVo/ix0+Rb0oUFSxmWU89TSg2ElmDG5kzTDn8ThvhDfy2BAZ2hU6fZB5D404XErAbeUU3qbuZstm0XvHWyI2Cg/jrL8ME1UTmM+0EVvaY0mgeQd0nCHG+HMesE69noCvkyrnZhaAGrSq4AX6dlohDLcaQEMrqJw5gobZonzoIwxEvqtO3F69fiZR0cUK2rNLsK5mdzkvbHREKoYgXv4eb5Pr8UWVszbgxUfJqe7if9FKe/9FvoZXL8YCGnw/Hbcp4fYqJcAtIlJd0QaNWCP8ATKHMXC1WfERvy/njzxThKQJlZ8bKEwito/uUvVLA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1702056634; bh=EUu8V2DZAdffPTW9zidzI/UYmoOTb6yEguQkWsn+KZ2=; h=X-Sonic-MF:Date:Subject:To:From:From:Subject; b=AmNIfTJPozx3cM30zhfQOI+fc5upKFtwwB530L2Weea2/wq1X4k3RhbgcwMAZrxYCuxEI2gG7tWpRL0/+omiJSozlGK88TN2EHDSFn5ksqHTFQ+3M4BDBtLVzhnGrvOSUwqLGiuwOWBQhhyJabF4RqUgM/XDKQ5rldUtfp2yVC4mw6BGERazrts8/uMfpI2qCN6hqTT+oOB+NscNBdM2Olh4q5ap/wVuUeEMBFPr7disPLi3Y7H7cotDwFa0QOz4zVHndIZCSCQfOSLLdw2NG/QdHm0/DxMTG8R19Mi978b8YlbPVxNL82po+zb/E+WtFEBf2Azq712PqHxQVxHveA== X-YMail-OSG: DmEwDnAVM1lE5G1CkPJRZChenw8a5EkT8bQ1P8PYulGMoKNe1U4ChrwBEi0wGm3 CoHkvpVlITRVU2TVeID3wt_FkMlaOhKtnHsPXNSe_ws0ru7zng2j1n8rhvQNaJpHkFCAYn3_gR6b IKwjeTreEfYAd.6cI0UkqKJWt5inmTbAZXUcNcbmwTx88e92dK9KL6nutiZ0BDR8o3yx.qRUb7DM APD57SjALIJowUD1GMqXgOcOtlTZ8kwxJEAMdeLJK4IqyH6y_0xWmMIAvyWXEDiCMefTVau.uxhZ zJEOIkeYVOrtS_y0dOMUVKmygbORoW6UJxb1qTHQf9CU91DeGxRIAlTaVCmWsFwvhomyiVaYuFVJ O.LJro0zbIZRXXM7q9Jln_frS.7T10W1BKHeyZsat3IhGMsE9WAQbjXvFbwJFTx9jZmkRrlg4S3O ZaMk1lJpcIRW3c7pkqI5I.HgyB54PY4qoijMlwT7bAcuBjDiTK3tqyIHz895o1SDNEZJzt3Y9yLx od_wa2_HMkTjOy7eNEDxEm3N5MPXsCzHjmic.nKaxYNEajV1PoBU9RnTXgKx5xoh74rbAjRnwdJf mlnW1p3FetwgveB2ihqLN4whQ5RtH1m8JDIobzO9iidw8WqNmzTfQ9n7tqyfbZB6Z2KLZUgze2Tx T5weOSt7jjwVPEjqbSqq1WAsjW4o3Pxyn9BbwqgQnS6YPirjhjICStjnePm9KF_fN_ehoo.o55oQ MKKWn67kNYjEwGEjt9SEDTq6ly7m9BCvjcBZQliyJoMt1h7ld51h6mcLFnecdB.7auegWHoDGgwz Ymk8C7SL1OQ.Q6Uvt0kXy5hnssL0OO.DArzPQHo5pNegyD6SneU8Aw6htcWx_yTw3sqU7HsTrOdr WtQfnwgX38Lf2q7X9De40cCPSUsvNYr8CJ8QIWVnhAc7EwHYXeDn8alH0DWf_ux49RsY32YzDsvn MO6MJo3kX_6cIPhtTqrxjnA76YlB.KP43Om2csOMLk6TG75zDgEAxYfDwW.ICrsf26sm11ELJwWo mhlm7sW3BVxNC1OZSzWdTDmFb6uMJmnboN4QoK6Q6SmeVa9i9xE5AdG4WMNt2JBEeFV2yep4ud56 lV5GPqUSqPXIu4DVmkDsdm.VQQ243DHA1mAE3JIeBUCDSqwaQRFcfTVaJ0pVoIVBukvCnVW.PkbU sJHZXlNZpap6Suw.dY2YZkJu50cV6SRuOwhgviWUwuK5MtFkDTTobmM54d29fEQSHQF5XJ.3RRne ZBoi6zuw4Bd47Q_QNuLXBrLbir7ZJKqgu6AOyGy51bhZmcvT8LRAWTMw75IdGTbgp.CFzEDqzCfF b17G8q5o2XhyMRBl_YRNUPhy88Abfc_CIdvF7lKYOtQu0TT2jtrVMktZiHBYiI6bpX83l3no3d6F IsolC_5kyLlrVQN3ZH7hHhJtkwAS1WOmv6kYAeJMvtbpDwdeyGfoUI_4BsxMjZ7Jj21xuwABSlFi XYURYaleDqD8t3ZqIU3vPgvMMGlkoicoCv6uEUQZZnPtwFAvmN7QGL2qiMBPbJIB.wq4je0yh9N1 PSjbdGVUH_eGDb23UrIZXninP5oFitV8ZmwqCBRgbCDtxwyFvMlsp.ucwuesI.Qh5vzuGiXMM_GP wmAvPIAz.74dcdoie_vx0kAcp9XVmr308a8ekhgffNQ57mnTtjutuH1hRt3xo_l0VOAxzGjg0D6g ZlT_y_t3B3N4RpHSiCw0QBmEQ_DFkMca3KwUlUgK4GysSlgG_MuDleoMqzfI9bZs2ks48Ok0TE9w JAseF9uwWzINzj0OCiDK1bWYPHW2LEqkARot50zrJMjETz6gm1BwwRhzRkq.9ziVW8WhGC5tWH9V c467eN2.sQkFJ3ehMYwM7dqRpSuLu5VlBW4m5cqtzrh8wTsWMrB3qKfC9ssKX0NbS8DARXXoyG7V J.7FOEzXBY4U_xia.ntX6xP2WJ1U376FG06fGOi3NJeFf4nAL7OebNbqcWoROCFB4IAySZpRsCNl .jCMRpD9G6St4R3ePkceWRejShrrrye5_HzXTkIHZYaLqUsvsdtlSgMdislktbDRL.u.jdRqnUwy .JrnUZ9n9hQDClBWHoUGJ9QIzf9VZLUJrwxQb5Qru_MVjOD1g3wBE0VlLEl2H1oZO0xsBi.8zp0G NXTOUpD_cB8ddtUdWr9BzJrIAnu36kHKMGsuI38ih41cFwxFGyBrtU22E7e1b3llnbKBWsUINmAD 3OnaleXePEt.4D87BOku1gfqE7vxjfCvPZx5s8VWjcm0LSNADq4Gn5omYaImU.jGLo_jHaMc3a8N DNQ4jCrKNkmwyUVgK X-Sonic-MF: X-Sonic-ID: 3b43dc1b-0d77-4c6e-9a6d-f2561da61665 Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 8 Dec 2023 17:30:34 +0000 Received: by hermes--production-gq1-64499dfdcc-msc64 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 2122410847cde4919653afcb0e474ddf; Fri, 08 Dec 2023 17:30:30 +0000 (UTC) Message-ID: Date: Fri, 8 Dec 2023 09:30:29 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v4 3/5] mm, security: Add lsm hook for memory policy adjustment Content-Language: en-US To: Yafang Shao , akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Casey Schaufler References: <20231208090622.4309-1-laoar.shao@gmail.com> <20231208090622.4309-4-laoar.shao@gmail.com> From: Casey Schaufler In-Reply-To: <20231208090622.4309-4-laoar.shao@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Mailer: WebService/1.1.21943 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo X-Rspamd-Queue-Id: 1208F180035 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: qmxo436wb4569bkhihwwogou3aewimxz X-HE-Tag: 1702056634-450163 X-HE-Meta: U2FsdGVkX18rypCI/VT/s2vQDP0cWQRdtr7OiTwTc+NiVCfn85j10zLSs+zSnZ33G+FWG05a038wM3lA0baogOba962e+N8Xetu6jbwI1263P9jG8pgUr9md39hNRP8MRMmEeICL2Vx9Sn7u3jHXrxwdLNiAc+1cmUAF1ct3MUAwIku9MrYN79KNOkUG4e1ml12gKaa+Ou85h3yOaiQbkJBe+LcDDL4ImBF/2z/AamTk9/Y4WAJ+amMu+qd9efN7HIWymP21Ta7w1K+cS+FKZSRO/N3bSXthvIeEKZTcXNWpbxrWuOBnNhkVS9lO+Cditt+CoB+lPOI3fh9AK159uAC0GqYY66z4ghRzMK99qVvDFU47DMwHXPvhBDhTT3KRyjthMmqS3rD/aiuRQCJioDXSE0Nym0DYFPimxNZ0N0aLpUpdqUXuOOArssUn/oQzgHGBTW8rrQhwivLSWzegPlLbS0yY8GcOPb2fd41agcvfR4Q5hjo7g1I8/xuTwQGFmZvFSPSA8ULhevnfgC/kYtnPVPLek2N3fe7KIiOq3DoOGin5DsgA332wTjmVTFy4rcV6g+RP1oxb1Mv2S+Lr8VexdUFR54oRhqBonsh8y/GirAd79zdmU33YsXKnQoH1dKX9yMX7VMcGfI4JttlIvu8VpMhAC8xJ/P/v2PSz1hmTI1ZNgYqK2DU0aSE9d9M4bFx50HZAtHkCoSb9Ae9lts+lX1U91t7E2ev5rhWzy0xpf+21ereLrgo/bGsO30t/KYb3yopAvw9DuagxMrlax6e6Hs7Ml2H9UdvXMyQ/0NUWDYpJ4ovL9NmXjbLKsaLQC7ODd9P9BsEyv26SXMqm2eykIoXMa2XEij5xsPw8arZ9ThJK1xE3OGUKvIG2Y01RXMLx2h4MGS4OGJZ3SzT+ldMCTXMyg2Oi2kOcnERqb/TAhGzGOmYZMtK59Y7b8pwJ2yCQr9chVU/IgNC5oo1 zPKe4viS 7o1A889jnFDx1D0FNmBotCug+q+2mQQPp1E8RAV00JxBtal9OXZS0nHwmaWMDgBmCHSHClha62D+jKdKc+67VxAMA9deObvFq9cMBhMuRdSk7N7SNe/+OP8WG80Twuoh/uWizbynRPMQmBpE/zJWOSPF2k/io+rRQn9ps0o2PfYaGF99nr/GsSmff6GY19Ro89R1eAdUE6WxnBC4a/hpC5NiNgGvRKEMyvzIXdrKeZXolQMf3q/f4+Pgp8AwW+fdcBm+IN5IgxzoKnj9hMXEB+aptX8SWNr3DAafftIkv1x2XoirL2uTf0Ouc11MZnDb8C0XmDghJBPSSTIQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 12/8/2023 1:06 AM, Yafang Shao wrote: > In a containerized environment, independent memory binding by a user can > lead to unexpected system issues or disrupt tasks being run by other users > on the same server. If a user genuinely requires memory binding, we will > allocate dedicated servers to them by leveraging kubelet deployment. > > At present, users have the capability to bind their memory to a specific > node without explicit agreement or authorization from us. Consequently, a > new LSM hook is introduced to mitigate this. This implementation allows us > to exercise fine-grained control over memory policy adjustments within our > container environment I wonder if security_vm_enough_memory() ought to be reimplemented as an option to security_set_mempolicy(). I'm not convinced either way, but I can argue both. > Signed-off-by: Yafang Shao > --- > include/linux/lsm_hook_defs.h | 3 +++ > include/linux/security.h | 9 +++++++++ > mm/mempolicy.c | 8 ++++++++ > security/security.c | 13 +++++++++++++ > 4 files changed, 33 insertions(+) > > diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h > index ff217a5..5580127 100644 > --- a/include/linux/lsm_hook_defs.h > +++ b/include/linux/lsm_hook_defs.h > @@ -419,3 +419,6 @@ > LSM_HOOK(int, 0, uring_sqpoll, void) > LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd) > #endif /* CONFIG_IO_URING */ > + > +LSM_HOOK(int, 0, set_mempolicy, unsigned long mode, unsigned short mode_flags, > + nodemask_t *nmask, unsigned int flags) > diff --git a/include/linux/security.h b/include/linux/security.h > index 1d1df326..cc4a19a 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -484,6 +484,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, > int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); > int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); > int security_locked_down(enum lockdown_reason what); > +int security_set_mempolicy(unsigned long mode, unsigned short mode_flags, > + nodemask_t *nmask, unsigned int flags); > #else /* CONFIG_SECURITY */ > > static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) > @@ -1395,6 +1397,13 @@ static inline int security_locked_down(enum lockdown_reason what) > { > return 0; > } > + > +static inline int > +security_set_mempolicy(unsigned long mode, unsigned short mode_flags, > + nodemask_t *nmask, unsigned int flags) > +{ > + return 0; > +} > #endif /* CONFIG_SECURITY */ > > #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) > diff --git a/mm/mempolicy.c b/mm/mempolicy.c > index 10a590e..9535d9e 100644 > --- a/mm/mempolicy.c > +++ b/mm/mempolicy.c > @@ -1483,6 +1483,10 @@ static long kernel_mbind(unsigned long start, unsigned long len, > if (err) > return err; > > + err = security_set_mempolicy(lmode, mode_flags, &nodes, flags); > + if (err) > + return err; > + > return do_mbind(start, len, lmode, mode_flags, &nodes, flags); > } > > @@ -1577,6 +1581,10 @@ static long kernel_set_mempolicy(int mode, const unsigned long __user *nmask, > if (err) > return err; > > + err = security_set_mempolicy(lmode, mode_flags, &nodes, 0); > + if (err) > + return err; > + > return do_set_mempolicy(lmode, mode_flags, &nodes); > } > > diff --git a/security/security.c b/security/security.c > index dcb3e70..685ad79 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -5337,3 +5337,16 @@ int security_uring_cmd(struct io_uring_cmd *ioucmd) > return call_int_hook(uring_cmd, 0, ioucmd); > } > #endif /* CONFIG_IO_URING */ > + > +/** > + * security_set_mempolicy() - Check if memory policy can be adjusted > + * @mode: The memory policy mode to be set > + * @mode_flags: optional mode flags > + * @nmask: modemask to which the mode applies > + * @flags: mode flags for mbind(2) only > + */ > +int security_set_mempolicy(unsigned long mode, unsigned short mode_flags, > + nodemask_t *nmask, unsigned int flags) > +{ > + return call_int_hook(set_mempolicy, 0, mode, mode_flags, nmask, flags); > +}