Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp258985ybp; Thu, 10 Oct 2019 17:40:23 -0700 (PDT) X-Google-Smtp-Source: APXvYqyZHXy9WQqqaH8PiUaLn8J+iCM85Xw7gShx8wtAMlQ2fY4/swp1Ru4EbcfHXXiqEr3ZSKuk X-Received: by 2002:a17:906:2303:: with SMTP id l3mr10825719eja.230.1570754423876; Thu, 10 Oct 2019 17:40:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570754423; cv=none; d=google.com; s=arc-20160816; b=bJqK2pz3nGDuUhLDDhGu31XNN/Ragl3DLS+h+k1x8lc8bej6ZgPruOCnzC788UK4C8 UejoLfnamFWviTxskX8uRzMzIzglrEOJZZRqKJ/98r3NhOCDkjaOWaQqTNlQA3sEUDvo Bl4lAdEPbyjUpS+tM89lw1gnecnKsHc053Ndp+4w3vXVSEtLEhZJFxU2o4ICtuIdcSRp tBi1oM4q2meIF485Cf0/Axfz+MHhyypnuKyJ9GSl4CPMWgx57Ic2Zi/15tD4WEPyX3aC 9fvl9H+mrx+iHPmGv0l8nMDrlCplj394fG6Spo0cQu8vxBWzqTUOAVoN+OmK+RtFmvqO aDfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=aFT8cm8S0DEJCyLgBpASXj1oSQTtinFEh4s2GyLpCAk=; b=stH9RGcT7/xEYtE97dsU7+SdKqPUrbwX8MQqu68Yb1TRA8Xzm9pw9L6mjPlVoCnSx6 E9Dn7IU9BNpJ+O+o8SCIh+vT8s6dS5fMoBbOSU158lFOZfFj/jm/7yDb4HCj8a80XC2Y A2AY+HbUDShsVaxJ0n/eqsizVZ5BKFkjDIj4Rr5gx+x8RH4oPvDqdo45IyQiLmsidkaK EPMUIjSdUG7s/m3Jl81j7x4rjMSlKvWb9cOguHxRb5jJ5cufXEjGBDUXGkXCDpa/DGdX l/E7SCo5QeVUNFvJX9Q11mPwIIwEp/CV6PqFrF7odTGcfD3UyLYlwcac8Dv3g8tgPTRw h2ug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=SUM+Ozmq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j18si4091569ejv.201.2019.10.10.17.40.00; Thu, 10 Oct 2019 17:40:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=SUM+Ozmq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727845AbfJKAjM (ORCPT + 99 others); Thu, 10 Oct 2019 20:39:12 -0400 Received: from mail-lf1-f65.google.com ([209.85.167.65]:41637 "EHLO mail-lf1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727518AbfJKAjL (ORCPT ); Thu, 10 Oct 2019 20:39:11 -0400 Received: by mail-lf1-f65.google.com with SMTP id r2so5719960lfn.8 for ; Thu, 10 Oct 2019 17:39:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aFT8cm8S0DEJCyLgBpASXj1oSQTtinFEh4s2GyLpCAk=; b=SUM+Ozmq/ACZrOTEwqmyCavmWazXGQLL83huZDzHGsYRooxZavBq96G3gSZB8aZEun 4tNuU+9vatgFwhZ2C3CnGZuIm6rSCm9tF7Ri4hZuTLyRNG9wMsfSGbDW4ixy4pABeYx8 RiZoc4KtGQBAZafsKpyIRkoagGDxiybFw91oHrLAIp2elU9Glh7hQMRnxYemxk3LXdAf 83242C0BufY7yeIMuHD1/BJ/mBqjnb4LbON2RYZFDpSRI7c5hR+satKSZpXAtXUtZp2a IsbLva/X8n/wCo/lzhff7J2wgO0KRpDAcFyAp4oyWjPRYAF/2wcK+vpAQmg9N9Fs+doF 90IQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aFT8cm8S0DEJCyLgBpASXj1oSQTtinFEh4s2GyLpCAk=; b=N2hNPbBhWhFeNQNVe/TJM3TM0TnXJ4lWsF09zYVimL7prn74Y+qvvZGM19Idc2kvjq H2ZBPta9pC2itgqVXO3Y2df8TozG0ERHLOo+KFKzkkfG2koIVusrldKYxGDtEie3VAK2 cYwfuYqGMvEYdZWkcpt46+aXl1PYXUiaoc35waTNbvwI0E4zLgDhyk0Hy4hew0kvbHDt liIndYW2xugorhDgmVCBCcQzlJp2oNVsBSgXzSveMt8xVnxe9Arh9l+HxadA6hApMKNy dhrXXgApnQFOjX9NoqGimZ2vx46WDmogqYQCc5HrfLx5kvA9NA/OBeNBCdOvHWwn3BcF TFwg== X-Gm-Message-State: APjAAAWmHHRXsKoRoum8vVfKq4YKVxpXprAAbReIuF904PRlM43Zompp WvzJk6scVgkDWqH4ys3C1eSU7KRghz2+KsC7oHHA X-Received: by 2002:a19:520d:: with SMTP id m13mr7617840lfb.137.1570754349796; Thu, 10 Oct 2019 17:39:09 -0700 (PDT) MIME-Version: 1.0 References: <230e91cd3e50a3d8015daac135c24c4c58cf0a21.1568834524.git.rgb@redhat.com> <20190927125142.GA25764@hmswarspite.think-freely.org> In-Reply-To: <20190927125142.GA25764@hmswarspite.think-freely.org> From: Paul Moore Date: Thu, 10 Oct 2019 20:38:58 -0400 Message-ID: Subject: Re: [PATCH ghak90 V7 06/21] audit: contid limit of 32k imposed to avoid DoS To: Neil Horman Cc: Richard Guy Briggs , containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, sgrubb@redhat.com, omosnace@redhat.com, dhowells@redhat.com, simo@redhat.com, Eric Paris , Serge Hallyn , ebiederm@xmission.com, Dan Walsh , mpatel@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 27, 2019 at 8:52 AM Neil Horman wrote: > On Wed, Sep 18, 2019 at 09:22:23PM -0400, Richard Guy Briggs wrote: > > Set an arbitrary limit on the number of audit container identifiers to > > limit abuse. > > > > Signed-off-by: Richard Guy Briggs > > --- > > kernel/audit.c | 8 ++++++++ > > kernel/audit.h | 4 ++++ > > 2 files changed, 12 insertions(+) > > > > diff --git a/kernel/audit.c b/kernel/audit.c > > index 53d13d638c63..329916534dd2 100644 > > --- a/kernel/audit.c > > +++ b/kernel/audit.c ... > > @@ -2465,6 +2472,7 @@ int audit_set_contid(struct task_struct *task, u64 contid) > > newcont->owner = current; > > refcount_set(&newcont->refcount, 1); > > list_add_rcu(&newcont->list, &audit_contid_hash[h]); > > + audit_contid_count++; > > } else { > > rc = -ENOMEM; > > goto conterror; > > diff --git a/kernel/audit.h b/kernel/audit.h > > index 162de8366b32..543f1334ba47 100644 > > --- a/kernel/audit.h > > +++ b/kernel/audit.h > > @@ -219,6 +219,10 @@ static inline int audit_hash_contid(u64 contid) > > return (contid & (AUDIT_CONTID_BUCKETS-1)); > > } > > > > +extern int audit_contid_count; > > + > > +#define AUDIT_CONTID_COUNT 1 << 16 > > + > > Just to ask the question, since it wasn't clear in the changelog, what > abuse are you avoiding here? Ostensibly you should be able to create as > many container ids as you have space for, and the simple creation of > container ids doesn't seem like the resource strain I would be concerned > about here, given that an orchestrator can still create as many > containers as the system will otherwise allow, which will consume > significantly more ram/disk/etc. I've got a similar question. Up to this point in the patchset, there is a potential issue of hash bucket chain lengths and traversing them with a spinlock held, but it seems like we shouldn't be putting an arbitrary limit on audit container IDs unless we have a good reason for it. If for some reason we do want to enforce a limit, it should probably be a tunable value like a sysctl, or similar. -- paul moore www.paul-moore.com