Received: by 2002:ab2:3350:0:b0:1f4:6588:b3a7 with SMTP id o16csp2095528lqe; Tue, 9 Apr 2024 09:21:24 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVJX3VYDtKo8vMgrC/HDFeMlEaP4fTjyc1rp66FzlR+tPqQjClQK8RFOnntuV4iUjohOmAelEDXZdr76QQRU4vxs9bDYYHWMU1PEKqb+g== X-Google-Smtp-Source: AGHT+IGMy9annChdyWu2mLfd6RLtZOYdC021tbOCFwLQIox9jLviWAn1gBE8YnwKhojX6ZXrbF+I X-Received: by 2002:a05:6a00:130c:b0:6ea:f43b:b961 with SMTP id j12-20020a056a00130c00b006eaf43bb961mr3807693pfu.6.1712679684189; Tue, 09 Apr 2024 09:21:24 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712679684; cv=pass; d=google.com; s=arc-20160816; b=HxmJiPhkKGBHgfMmR7zWq1M4g81i3xrbmzTwJR8vvHpt9XJFh1v4HydgJyhJInjLNJ wcpORO4VnD4yk4/mHRwQCTW69106PxULJFTN2qxVh0vXnP97dTWIMX1BGQX8GVDBUC6k QQTpSuJAw+gB1F2M9gCHt7b3GR5b/gXclUQ5br/pf+xls44df5QTFss2pEC5GMYr6+gA DgM4yxXAa4M6OZgmFeC9jkPYzra+A8Pz0HU/Vx4J94OZkrSzqI7iCInUobE/8D+wmwv1 xqIMQWiHRf4uBEEHaoZocvGEzRJkzfaTvlPc6rKU52HdeZDorPuLG+b5hRav65SIskXS a66Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature; bh=evRi6cjBqVNKW2baFdKQ85UzXHTSdvORxHiKqOKSb20=; fh=GN6QLFJWOjJVVxbX+S/qpuX9qM5+4rKN7u0nmvyG5Yk=; b=OkmaA+YOkiC0e7271l6QrQNy9UH+zAPkc8ZZCFYd6gPy9cxC9rV2R4rMzmyCYRRjJy +1hSZhJQdAMyQILpWWxxd7cgoR7D91gauY9CvAaQ3ZmywrsIwmmblawHiQ+CrPrV6c3P XB+yEoZ6Q0UUTZtWtPu1ajJzV0adrq++We4rc96updyR4AnjmahJuX5l63MUAuBAnPaz 5DtJ472+BBkBmCPjS0DW2NiZhYezf5oa7lC9XZhXAUHe9V/5MyzCq96aQmxawpKAqbdJ U4K5uqu5aVGV1daFrSv5o7gxUmbiUzlBzoQ15DywKP4b6snueqfZJgyNvVpGpbFYKHhM cTLw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=pwqSGuNn; dkim=pass header.i=@suse.com header.s=susede1 header.b=pwqSGuNn; arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com); spf=pass (google.com: domain of linux-kernel+bounces-137236-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-137236-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id i19-20020a63d453000000b005dc8f60cdf9si9011270pgj.302.2024.04.09.09.21.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 09:21:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-137236-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=pwqSGuNn; dkim=pass header.i=@suse.com header.s=susede1 header.b=pwqSGuNn; arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com); spf=pass (google.com: domain of linux-kernel+bounces-137236-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-137236-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 8BC82B344A7 for ; Tue, 9 Apr 2024 15:36:23 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6149E137937; Tue, 9 Apr 2024 15:32:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="pwqSGuNn"; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="pwqSGuNn" Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F07A136E00; Tue, 9 Apr 2024 15:32:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712676761; cv=none; b=bhiecqOXWfwM1V+S9+2PqcuMFbnwydxGrk7Tzorc4dK2hzzPIK8XBkYmMQc4SEIgCf5pBCfH6KeLyiyEN8tjtAkSmI/ROZ37JSL6/gG79wsFlB3tXLyvePvVv36RMSCg65+NsiyRIDHI2ne9F5Sv1KgWE2ahFDA61QlWgthVItk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712676761; c=relaxed/simple; bh=gTkZ5i5KTn1jImE/aha1iK+seMvlYRhPgsM7BgtGxGk=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=UAXfJDWTbbYHRLQd4XiFcIzl+NM5/RGEtegER4wYX/dDEbU7M2SNbRFy5ZD66K+70zmZ23/hAgxd45RlBe4b/kO1hICtZmi8F+dLLphJJ0UYvTH4siYrYiJMAeVl/7F0mxCxF5s29NMqGXB1bzjZwlZB+LlaE23cU73dpRH6rzw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b=pwqSGuNn; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b=pwqSGuNn; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Received: from imap2.dmz-prg2.suse.org (imap2.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 17EE820A9D; Tue, 9 Apr 2024 15:32:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1712676755; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=evRi6cjBqVNKW2baFdKQ85UzXHTSdvORxHiKqOKSb20=; b=pwqSGuNn2PENPCLa1UrzlKUI91R99iIaK7yIrrVbXbqSPOnqdD+tadkowqBcfWh2jDJrFG +SjuRzXLnOIUr2cdM67wIUr9zbqkEWD4z64I9ci0ReGihH62LTwPwqlMhKpjesfrXir3UQ Q7t03zfssRaQm+k850evie3N909De0c= Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.com header.s=susede1 header.b=pwqSGuNn DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1712676755; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=evRi6cjBqVNKW2baFdKQ85UzXHTSdvORxHiKqOKSb20=; b=pwqSGuNn2PENPCLa1UrzlKUI91R99iIaK7yIrrVbXbqSPOnqdD+tadkowqBcfWh2jDJrFG +SjuRzXLnOIUr2cdM67wIUr9zbqkEWD4z64I9ci0ReGihH62LTwPwqlMhKpjesfrXir3UQ Q7t03zfssRaQm+k850evie3N909De0c= Received: from imap2.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap2.dmz-prg2.suse.org (Postfix) with ESMTPS id E880E1332F; Tue, 9 Apr 2024 15:32:34 +0000 (UTC) Received: from dovecot-director2.suse.de ([10.150.64.162]) by imap2.dmz-prg2.suse.org with ESMTPSA id h4N7OJJfFWaYGwAAn2gu4w (envelope-from ); Tue, 09 Apr 2024 15:32:34 +0000 Date: Tue, 9 Apr 2024 17:32:33 +0200 From: Michal =?utf-8?Q?Koutn=C3=BD?= To: Djalal Harouni Cc: Tejun Heo , Zefan Li , Johannes Weiner , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , linux-kernel@vger.kernel.org, cgroups@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: Re: Re: [RFC PATCH bpf-next 0/3] bpf: freeze a task cgroup from bpf Message-ID: References: <20240327-ccb56fc7a6e80136db80876c@djalal> <20240327225334.58474-1-tixxdz@gmail.com> <705d7180-aced-46ba-80a6-84ac4e2b96b9@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ur57wvgvflsnrnty" Content-Disposition: inline In-Reply-To: <705d7180-aced-46ba-80a6-84ac4e2b96b9@gmail.com> X-Spam-Level: X-Spamd-Result: default: False [-4.61 / 50.00]; BAYES_HAM(-3.00)[100.00%]; SIGNED_PGP(-2.00)[]; SUSPICIOUS_RECIPS(1.50)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_RHS_NOT_FQDN(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_DKIM_ALLOW(-0.20)[suse.com:s=susede1]; MX_GOOD(-0.01)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.com:s=susede1]; FREEMAIL_TO(0.00)[gmail.com]; ARC_NA(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCPT_COUNT_TWELVE(0.00)[22]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVRCPT(0.00)[gmail.com]; FREEMAIL_CC(0.00)[kernel.org,bytedance.com,cmpxchg.org,iogearbox.net,linux.dev,gmail.com,google.com,fb.com,vger.kernel.org]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; DWL_DNSWL_BLOCKED(0.00)[suse.com:dkim]; RCVD_VIA_SMTP_AUTH(0.00)[]; TAGGED_RCPT(0.00)[]; DKIM_TRACE(0.00)[suse.com:+]; MISSING_XM_UA(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:dkim,imap2.dmz-prg2.suse.org:helo,imap2.dmz-prg2.suse.org:rdns] X-Rspamd-Action: no action X-Rspamd-Queue-Id: 17EE820A9D X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spam-Flag: NO X-Spam-Score: -4.61 --ur57wvgvflsnrnty Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi. On Tue, Apr 02, 2024 at 07:20:45PM +0100, Djalal Harouni wrote: > Thanks yes, I would expect freeze to behave like signal, and if one > wants to block immediately there is the LSM override return. The > selftest attached tries to do exactly that. Are you refering to this part: int BPF_PROG(lsm_freeze_cgroup, int cmd, union bpf_attr *attr, unsigned int size) ... ret = bpf_task_freeze_cgroup(task, 1); if (!ret) { ret = -EPERM; /* reset for next call */ ? > Could be security signals, reading sensitive files or related to any > operation management, for X reasons this user session should be freezed > or killed. What can be done with a frozen cgroup after anything of that happens? Anything besides killing anyway? Killing of an offending process could be caught by its supervisor (like container runtime or systemd) and propagated accordingly to the whole cgroup. > The kill is an effective defense against fork-bombs as an example. There are several ways how to prevent fork-bombs in kernel already, it looks like a contrived example. > Today some container/pod operations are performed at bpf level, having > the freeze and kill available is straightforward to perform this. It seems to me like an extra step when the same operation can be done from (the managing) userspace already. > For generalizing this, haven't thought about it that much. First use > case is to try to get freeze and possibly kill support, and use a common > interface as requested. BTW, I notice that there is bpf_sys_bpf() helper that allows calling an arbitrary syscall. Wouldn't that be sufficient for everything? (Based on how I still understand the problem: either you must respond immediately and then the direct return from LSM is appropriate or timing is not sensitive but you want act on whole cgroup.) Thanks, Michal --ur57wvgvflsnrnty Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQQpEWyjXuwGT2dDBqAGvrMr/1gcjgUCZhVfjwAKCRAGvrMr/1gc jmVSAP4gnoRPzcuJjgOFfGrNmt82AS07TT6+tvtaPHXyLoEMYwEAs1rsSXY7Zfk5 YFlpQWdguwO5nJDKXK8YvYS7+wcTlQM= =0Hv1 -----END PGP SIGNATURE----- --ur57wvgvflsnrnty--