lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250725183811.409580-1-cmllamas@google.com>
Date: Fri, 25 Jul 2025 18:37:43 +0000
From: Carlos Llamas <cmllamas@...gle.com>
To: Alice Ryhl <aliceryhl@...gle.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Tiffany Yang <ynaffit@...gle.com>, John Stultz <jstultz@...gle.com>, 
	Shai Barack <shayba@...gle.com>, "ThiƩbaud Weksteen" <tweek@...gle.com>, kernel-team@...roid.com, 
	linux-kernel@...r.kernel.org, Jakub Kicinski <kuba@...nel.org>, 
	Todd Kjos <tkjos@...roid.com>, Carlos Llamas <cmllamas@...gle.com>
Subject: [PATCH v19 0/5] binder: introduce transaction reports via netlink

This series is based on the v17 patchset from Li to add the transaction
reporting feature. There were several changes introduced in since that
version (detailed below). However, the motivation for this work remains
the same:

> It's a known issue that neither the frozen processes nor the system
> administration process of the OS can correctly deal with failed binder
> transactions. The reason is that there's no reliable way for the user
> space administration process to fetch the binder errors from the kernel
> binder driver.
>
> Android is such an OS suffering from this issue. Since cgroup freezer
> was used to freeze user applications to save battery, innocent frozen
> apps have to be killed when they receive sync binder transactions or
> when their async binder buffer is running out.
>
> This patch introduces the Linux generic netlink messages into the binder
> driver so that the Linux/Android system administration process can
> listen to important events and take corresponding actions, like stopping
> a broken app from attacking the OS by sending huge amount of spamming
> binder transactiions.

=== Changes in v19 ===
- Fix yamllint issues in Documentation/netlink/specs/binder.yaml
- Rebased on top of current char-misc-next branch.

=== Changes in v18 ===

The most significant change is that I removed the "setup_report" command
from the netlink API. So there is no longer a "configuration" step to
filter out transactions from being reported. Thus, there is also no need
to add a new selinux policy.

It just doesn't make sense to keep a single global filter that impacts
all the clients that subscribed to these events. Instead, any filtering
should now be done at the client side (if at all needed), potentially
through a BPF program or similar.

Note this makes the implementation way simpler, which is great!

I broke down some of the changes like the tracepoint addition into a
separate patch and added a couple of preparatory patches to make things
more convenient.

The previous documentation was also obsolete and placed under the
admin-guide/ book, which is incorrect. Instead, I decided to move all
the documentation bits into the YAML spec itself.

Some of the attributes in the report are now optionally included. The
"to_pid" and "to_tid" are only included if they are known. Similarly,
the "is_reply" attribute was switch to a "type: flag" and is only
appended to the report if the transaction is a reply. All this is
documented in the YAML spec.

---
v18: https://lore.kernel.org/all/20250724185922.486207-1-cmllamas@google.com/
v17: https://lore.kernel.org/all/20250417002005.2306284-1-dualli@chromium.org/

Carlos Llamas (3):
  binder: pre-allocate binder_transaction
  binder: add t->is_async and t->is_reply
  binder: add tracepoint for netlink reports

Li Li (2):
  binder: introduce transaction reports via netlink
  binder: add transaction_report feature entry

 Documentation/netlink/specs/binder.yaml       |  96 +++++++++++
 MAINTAINERS                                   |   1 +
 drivers/android/Kconfig                       |   1 +
 drivers/android/Makefile                      |   2 +-
 drivers/android/binder.c                      | 158 +++++++++++++-----
 drivers/android/binder_internal.h             |   4 +-
 drivers/android/binder_netlink.c              |  32 ++++
 drivers/android/binder_netlink.h              |  21 +++
 drivers/android/binder_trace.h                |  37 ++++
 drivers/android/binderfs.c                    |   8 +
 include/uapi/linux/android/binder_netlink.h   |  37 ++++
 .../filesystems/binderfs/binderfs_test.c      |   1 +
 12 files changed, 354 insertions(+), 44 deletions(-)
 create mode 100644 Documentation/netlink/specs/binder.yaml
 create mode 100644 drivers/android/binder_netlink.c
 create mode 100644 drivers/android/binder_netlink.h
 create mode 100644 include/uapi/linux/android/binder_netlink.h

-- 
2.50.1.470.g6ba607880d-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ