lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220728235241.2249-7-beaub@linux.microsoft.com>
Date:   Thu, 28 Jul 2022 16:52:40 -0700
From:   Beau Belgrave <beaub@...ux.microsoft.com>
To:     rostedt@...dmis.org, mhiramat@...nel.org,
        mathieu.desnoyers@...icios.com
Cc:     linux-trace-devel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [RFC PATCH v2 6/7] tracing/user_events: Enable setting event limit within namespace

When granting non-admin users the ability to register and write data to
user events they should have a limit imposed. Using the namespace
options file, operators can change the limit of the events that are
allowed to be created.

There is also a new line in the user_events_status file to let users
know the current limit (and to ask the operator for more if required).

For example, to limit the namespace to only 256 events:
echo user_events_limit=256 > options

>From within the namespace root:
cat user_events_status
...
Limit: 256

Signed-off-by: Beau Belgrave <beaub@...ux.microsoft.com>
---
 kernel/trace/trace_events_user.c | 57 +++++++++++++++++++++++++++++---
 1 file changed, 52 insertions(+), 5 deletions(-)

diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index 9694eee27956..1dc88bbd04f9 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -41,6 +41,7 @@
 #define MAX_PAGES (1 << MAX_PAGE_ORDER)
 #define MAX_BYTES (MAX_PAGES * PAGE_SIZE)
 #define MAX_EVENTS (MAX_BYTES * 8)
+#define MAX_LIMIT (MAX_EVENTS - 1)
 
 /* Limit how long of an event name plus args within the subsystem. */
 #define MAX_EVENT_DESC 512
@@ -85,6 +86,7 @@ struct user_event_group {
 	DECLARE_BITMAP(page_bitmap, MAX_EVENTS);
 	refcount_t refcnt;
 	int id;
+	int reg_limit;
 };
 
 static DEFINE_HASHTABLE(group_table, 8);
@@ -252,6 +254,13 @@ static struct user_event_group *user_event_group_create(const char *name,
 			goto error;
 	}
 
+	/*
+	 * Register limit is based on available events:
+	 * The ABI states event 0 is reserved, so the real max is the amount
+	 * of bits in the bitmap minus 1 (the reserved event slot).
+	 */
+	group->reg_limit = MAX_LIMIT;
+
 	group->pages = alloc_pages(GFP_KERNEL | __GFP_ZERO, MAX_PAGE_ORDER);
 
 	if (!group->pages)
@@ -1276,8 +1285,7 @@ static int user_event_parse(struct user_event_group *group, char *name,
 			    char *args, char *flags,
 			    struct user_event **newuser)
 {
-	int ret;
-	int index;
+	int ret, index, limit;
 	u32 key;
 	struct user_event *user;
 
@@ -1296,9 +1304,16 @@ static int user_event_parse(struct user_event_group *group, char *name,
 		return 0;
 	}
 
-	index = find_first_zero_bit(group->page_bitmap, MAX_EVENTS);
+	/*
+	 * 0 is a reserved bit, so the real limit needs to be one higher.
+	 * An example of this is a limit of 1, bit 0 is always set. To make
+	 * this work, the limit must be 2 in this case (bit 1 will be set).
+	 */
+	limit = min(group->reg_limit + 1, (int)MAX_EVENTS);
+
+	index = find_first_zero_bit(group->page_bitmap, limit);
 
-	if (index == MAX_EVENTS)
+	if (index == limit)
 		return -EMFILE;
 
 	user = kzalloc(sizeof(*user), GFP_KERNEL);
@@ -1831,6 +1846,7 @@ static int user_seq_show(struct seq_file *m, void *p)
 	seq_printf(m, "Active: %d\n", active);
 	seq_printf(m, "Busy: %d\n", busy);
 	seq_printf(m, "Max: %ld\n", MAX_EVENTS);
+	seq_printf(m, "Limit: %d\n", group->reg_limit);
 
 	return 0;
 }
@@ -2010,13 +2026,44 @@ static int user_event_ns_remove(struct trace_namespace *ns)
 	return ret;
 }
 
+#define NS_EVENT_LIMIT_PREFIX "user_events_limit="
+
 static int user_event_ns_parse(struct trace_namespace *ns, const char *command)
 {
-	return -ECANCELED;
+	struct user_event_group *group = user_event_group_find(ns->id);
+	int len, value, ret = -ECANCELED;
+
+	if (!group)
+		return -ECANCELED;
+
+	len = str_has_prefix(command, NS_EVENT_LIMIT_PREFIX);
+	if (len && !kstrtouint(command + len, 0, &value)) {
+		if (value <= 0 || value > MAX_LIMIT) {
+			ret = -EINVAL;
+			goto out;
+		}
+
+		group->reg_limit = value;
+		ret = 0;
+		goto out;
+	}
+out:
+	user_event_group_release(group);
+
+	return ret;
 }
 
 static int user_event_ns_show(struct trace_namespace *ns, struct seq_file *m)
 {
+	struct user_event_group *group = user_event_group_find(ns->id);
+
+	if (!group)
+		return 0;
+
+	seq_printf(m, "%s%d\n", NS_EVENT_LIMIT_PREFIX, group->reg_limit);
+
+	user_event_group_release(group);
+
 	return 0;
 }
 
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ