| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Jul 2022 14:58:27 -0700
From: Beau Belgrave <beaub@...ux.microsoft.com>
To: rostedt@...dmis.org, mhiramat@...nel.org,
mathieu.desnoyers@...icios.com
Cc: linux-trace-devel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [RFC PATCH 6/7] tracing/user_events: Enable setting event limit within namespace
When granting non-admin users the ability to register and write data to
user events they should have a limit imposed. Using the namespace
options file, operators can change the limit of the events that are
allowed to be created.
There is also a new line in the user_events_status file to let users
know the current limit (and to ask the operator for more if required).
For example, to limit the namespace to only 256 events:
echo user_events_limit=256 > options
>From within the namespace root:
cat user_events_status
...
Limit: 256
Signed-off-by: Beau Belgrave <beaub@...ux.microsoft.com>
---
kernel/trace/trace_events_user.c | 54 +++++++++++++++++++++++++++++---
1 file changed, 49 insertions(+), 5 deletions(-)
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index ef11706c310f..b3b6f14099fe 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -67,6 +67,7 @@ struct user_event_group {
DECLARE_BITMAP(page_bitmap, MAX_EVENTS);
refcount_t refcnt;
int id;
+ int reg_limit;
};
static DEFINE_HASHTABLE(group_table, 8);
@@ -234,6 +235,9 @@ static struct user_event_group *user_event_group_create(const char *name,
goto error;
}
+ /* Register limit is 1 under max for bitmap logic */
+ group->reg_limit = MAX_EVENTS - 1;
+
group->pages = alloc_pages(GFP_KERNEL | __GFP_ZERO, MAX_PAGE_ORDER);
if (!group->pages)
@@ -1258,8 +1262,7 @@ static int user_event_parse(struct user_event_group *group, char *name,
char *args, char *flags,
struct user_event **newuser)
{
- int ret;
- int index;
+ int ret, index, limit;
u32 key;
struct user_event *user;
@@ -1278,9 +1281,18 @@ static int user_event_parse(struct user_event_group *group, char *name,
return 0;
}
- index = find_first_zero_bit(group->page_bitmap, MAX_EVENTS);
+ /*
+ * Bitmap returns actual max when too big:
+ * We need to add 1 to this limit to ensure proper logic
+ */
+ limit = group->reg_limit + 1;
+
+ if (limit > MAX_EVENTS)
+ return -E2BIG;
+
+ index = find_first_zero_bit(group->page_bitmap, limit);
- if (index == MAX_EVENTS)
+ if (index == limit)
return -EMFILE;
user = kzalloc(sizeof(*user), GFP_KERNEL);
@@ -1813,6 +1825,7 @@ static int user_seq_show(struct seq_file *m, void *p)
seq_printf(m, "Active: %d\n", active);
seq_printf(m, "Busy: %d\n", busy);
seq_printf(m, "Max: %ld\n", MAX_EVENTS);
+ seq_printf(m, "Limit: %d\n", group->reg_limit);
return 0;
}
@@ -1992,13 +2005,44 @@ static int user_event_ns_remove(struct trace_namespace *ns)
return ret;
}
+#define NS_EVENT_LIMIT_PREFIX "user_events_limit="
+
static int user_event_ns_parse(struct trace_namespace *ns, const char *command)
{
- return 0;
+ struct user_event_group *group = user_event_group_find(ns->id);
+ int len, value, ret = -ECANCELED;
+
+ if (!group)
+ return -ECANCELED;
+
+ len = str_has_prefix(command, NS_EVENT_LIMIT_PREFIX);
+ if (len && !kstrtouint(command + len, 0, &value)) {
+ if (value <= 0 || value > MAX_EVENTS) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ group->reg_limit = value;
+ ret = 0;
+ goto out;
+ }
+out:
+ user_event_group_release(group);
+
+ return ret;
}
static int user_event_ns_show(struct trace_namespace *ns, struct seq_file *m)
{
+ struct user_event_group *group = user_event_group_find(ns->id);
+
+ if (!group)
+ return 0;
+
+ seq_printf(m, "%s%d\n", NS_EVENT_LIMIT_PREFIX, group->reg_limit);
+
+ user_event_group_release(group);
+
return 0;
}
--
2.25.1
Powered by blists - more mailing lists