From patchwork Thu Feb 22 13:12:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Tesarik X-Patchwork-Id: 20793 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:aa16:b0:108:e6aa:91d0 with SMTP id by22csp241565dyb; Thu, 22 Feb 2024 05:13:48 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWxNwvkQgMYXkHCS3rX/bxfkCSMpjMQ+Aqmgis6So8mWYFsDrL+b0uHSi2Hv3bDVfnLvlzHtEBkrHhl2DBuXsUR4rdTjQ== X-Google-Smtp-Source: AGHT+IHRfGyyxRTVEBdy1jgmsxkWUlyYh7pCZkPlRz+VvfU6m7EasBuRdfndGwV8fmgGitRAo18R X-Received: by 2002:a17:902:ec8b:b0:1db:f910:98a9 with SMTP id x11-20020a170902ec8b00b001dbf91098a9mr14436095plg.56.1708607628198; Thu, 22 Feb 2024 05:13:48 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708607628; cv=pass; d=google.com; s=arc-20160816; b=mnSs75IGUi2+EQ2vPStBjUVDM/WNValRX74EywMA4ic1PzLkGfkAfgJXzwTR/0HmKL h7X9Pue1GE9lK+8/+ERrFfz8IHFM2HCFpBguyaP4w02oMJCToD5Ja+MzCZLusuZkRdM5 AwaWRTs3/Z/mLuMHDnhybB7P55pFyUsmlofZWiFA+qwtWdFp9QXWjxOIu7STyG70FA9n QFVt5IVrTW2lGDmf8bOBvIw5RKeueT1QCHByoPjD8Xb2MhQ7VdLtyhilLNm2mwWjlOgT d2q6EBdWAaoNnrGDCjUTJAEOed01y9/vVWercE9qZJEK6myxY/THjAp3Q3tokDHQ4Z4F 8jbQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=Eewv6oPi1FUiNP4S2lJml+dE4r7z6nsQXgh9dm/ISCA=; fh=OXORlsXUckX+pyxJQOg+QqdF4LdKaF3EeGCuNTKSFYQ=; b=RE6Js3fWEsaH7LGCdleBqoXimLfUwyT2aueQR6ZsxicbtC3kVBO2nV3T4QpWmcD98r C7cCdzmKKRr20hBS044QwCnqgoNSEKUTVNihtBiqg2DBMOkxXzdBtPKOt+CJrIk2Uyrt rEFOZkrCphMlZx48J/Bn0ZdGUJ+35Qzgvn/axLf6gdM396tZ2JN0Axaxt1IO4ZurrrFm QneeiNk5dA0cYgSZ6R64UeG6Bhgw3nFmKckh03p6EUA+mhxxb+H4wd1x1L70gREgcDkD vLGpiDad7NEyvEkn5sVzr1f9b6QQ8mxkybec9WMxfgpAGumxk5RTUSqYp4MtzeI8NoSJ B5kQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-76566-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-76566-ouuuleilei=gmail.com@vger.kernel.org" Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id f16-20020a170902ce9000b001dbcf653020si9529843plg.193.2024.02.22.05.13.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 05:13:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-76566-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-76566-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-76566-ouuuleilei=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 0C0CF285677 for ; Thu, 22 Feb 2024 13:13:48 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 82CA6133284; Thu, 22 Feb 2024 13:13:34 +0000 (UTC) Received: from frasgout11.his.huawei.com (frasgout11.his.huawei.com [14.137.139.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F00B95FB81; Thu, 22 Feb 2024 13:13:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=14.137.139.23 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708607612; cv=none; b=Ho7dRXDb4fnYmlTnl3ea2c3IzVI6N37U4PSIDgqojMXNugnAtGlSglYyDI5W/NJuRSUfzglYZF1ZubzkBysrxdwekbAwvmXflnjAPwJcgAzDriCYmiB+UN/oaShLuBHhM0yRe4cB8My7NGEMxkQ0v4v05saM/ZL6LTnFpUbOO1c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708607612; c=relaxed/simple; bh=huKReSSGrI37xYZpUhp+rCn29BeIKsVmRo9XmUqOkr4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=C5a07tI2L/AhtQKmtwQB7VvNUl5Fv8486If+gMl9J4MuhmaPfX/VIqMrJPbvpQcncTh1ZrulK0YbEJaYG8N5cbm7DNLbCH/DFgEe0PEQmhhDAcojL40zRepoj1FBrGDQuWRIOvpNhAKQpQdslOZq09MbQMgroHvOCfw8e7ei1xA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=14.137.139.23 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.18.186.51]) by frasgout11.his.huawei.com (SkyGuard) with ESMTP id 4TgY8d49w9z9xGhZ; Thu, 22 Feb 2024 20:57:53 +0800 (CST) Received: from mail02.huawei.com (unknown [7.182.16.47]) by mail.maildlp.com (Postfix) with ESMTP id 21C07140A0D; Thu, 22 Feb 2024 21:13:14 +0800 (CST) Received: from huaweicloud.com (unknown [10.45.157.235]) by APP1 (Coremail) with SMTP id LxC2BwDXzhdSSNdlhi4AAw--.34998S2; Thu, 22 Feb 2024 14:13:12 +0100 (CET) From: Petr Tesarik To: Dave Hansen Cc: =?utf-8?b?UGV0ciBUZXNhxZnDrWs=?= , Petr Tesarik , Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , "H. Peter Anvin" , Andy Lutomirski , Oleg Nesterov , Peter Zijlstra , Xin Li , Arnd Bergmann , Andrew Morton , Rick Edgecombe , Kees Cook , "Masami Hiramatsu (Google)" , Pengfei Xu , Josh Poimboeuf , Ze Gao , "Kirill A. Shutemov" , Kai Huang , David Woodhouse , Brian Gerst , Jason Gunthorpe , Joerg Roedel , "Mike Rapoport (IBM)" , Tina Zhang , Jacob Pan , "open list:DOCUMENTATION" , open list , Roberto Sassu , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, Petr Tesarik Subject: [RFC 0/5] PoC: convert AppArmor parser to SandBox Mode Date: Thu, 22 Feb 2024 14:12:25 +0100 Message-Id: <20240222131230.635-1-petrtesarik@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-CM-TRANSID: LxC2BwDXzhdSSNdlhi4AAw--.34998S2 X-Coremail-Antispam: 1UD129KBjvJXoW7Kw1DWF4UuF4kuFWkWF43GFg_yoW8tw1UpF n3ta15GF4kJF92yws3AF1F93yFqw4rCw13GFsrKw1Yy3WYqa18XryS9r43uay5ur98Ka43 tF4avF1jg3WUJa7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUv214x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02 1l84ACjcxK6xIIjxv20xvE14v26r1j6r1xM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r4j 6F4UM28EF7xvwVC2z280aVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv6xkF7I0E14v26r4UJV WxJr1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx0E 2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkEbVWUJV W8JwACjcxG0xvY0x0EwIxGrwACjI8F5VA0II8E6IAqYI8I648v4I1lFIxGxcIEc7CjxVA2 Y2ka0xkIwI1l42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4 xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26rWY6r4U JwCIc40Y0x0EwIxGrwCI42IY6xIIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x 0267AKxVW8JVWxJwCI42IY6xAIw20EY4v20xvaj40_WFyUJVCq3wCI42IY6I8E87Iv67AK xVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4UJVWxJrUvcSsGvfC2KfnxnUUI43ZEXa 7VUbJ73DUUUUU== X-CM-SenderInfo: hshw23xhvd2x3n6k3tpzhluzxrxghudrp/ X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791604952255111947 X-GMAIL-MSGID: 1791604952255111947 From: Petr Tesarik [ For people newly added to Cc, this RFC is a reply to subsystem maintainers who asked for a real-world demonstration of how SandBox Mode could be used in practice. SandBox Mode itself was proposed in these two series (generic and x86): * https://lore.kernel.org/lkml/20240214113516.2307-1-petrtesarik@huaweicloud.com/T/ * https://lore.kernel.org/lkml/20240214113035.2117-1-petrtesarik@huaweicloud.com/T/ ] This patch series provides an example of running existing kernel code in a sandbox. It also adds some fixes and infrastructure to the base series. If you only want to see how the conversion itself might look like, skip straight to patch 5/5. Patches 1 and 2 amend the base patch series. Patches 3 and 4 are ported from my earlier proof of concept and adapted to work without adding too much other code. I am sending a complete WIP patch series so you can actually build and run the code. Disclaimer: This code is not ready for submission. It is incomplete and may contain bugs. It is provided here for the sole purpose of demonstrating how existing kernel code would be modified to run in a sandbox. PATCH 1/5 is a bug fix discovered after sending patch series v1. PATCH 2/5 allows to map a buffer into the sandbox at its kernel address. PATCH 3/5 is required to intercept calls to pre-selected kernel functions. PATCH 4/5 implements dynamic allocation in sandbox mode. PATCH 5/5 demonstrates how to convert existing kernel code to use SBM. Petr Tesarik (5): sbm: x86: fix SBM error entry path sbm: enhance buffer mapping API sbm: x86: infrastructure to fix up sandbox faults sbm: fix up calls to dynamic memory allocators apparmor: parse profiles in sandbox mode arch/x86/entry/entry_64.S | 10 ++- arch/x86/kernel/sbm/call_64.S | 20 +++++ arch/x86/kernel/sbm/core.c | 161 +++++++++++++++++++++++++++++++++- arch/x86/kernel/vmlinux.lds.S | 9 ++ include/linux/sbm.h | 77 ++++++++++++++++ kernel/sbm.c | 34 +++++++ mm/slab_common.c | 3 +- mm/slub.c | 17 ++-- mm/vmalloc.c | 11 +-- security/apparmor/crypto.c | 7 +- security/apparmor/policy.c | 29 ++++-- security/apparmor/secid.c | 3 +- 12 files changed, 352 insertions(+), 29 deletions(-)