mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-10 15:54:39 +08:00
5222d69642
The test was previously using an mprotect on the heap memory allocated
using malloc and was expecting the allocation to be always using
sbrk(2). This is, however, not always true and in certain conditions
malloc may end up using anonymous mmaps for heap alloctions. This means
that the following condition that is used in the "lsm/file_mprotect"
program is not sufficent to detect all mprotect calls done on heap
memory:
is_heap = (vma->vm_start >= vma->vm_mm->start_brk &&
vma->vm_end <= vma->vm_mm->brk);
The test is updated to use an mprotect on memory allocated on the stack.
While this would result in the splitting of the vma, this happens only
after the security_file_mprotect hook. So, the condition used in the BPF
program holds true.
Fixes: 03e54f100d ("bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM")
Reported-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: KP Singh <kpsingh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200402200751.26372-1-kpsingh@chromium.org
49 lines
919 B
C
49 lines
919 B
C
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
/*
|
|
* Copyright 2020 Google LLC.
|
|
*/
|
|
|
|
#include "vmlinux.h"
|
|
#include <bpf/bpf_helpers.h>
|
|
#include <bpf/bpf_tracing.h>
|
|
#include <errno.h>
|
|
|
|
char _license[] SEC("license") = "GPL";
|
|
|
|
int monitored_pid = 0;
|
|
int mprotect_count = 0;
|
|
int bprm_count = 0;
|
|
|
|
SEC("lsm/file_mprotect")
|
|
int BPF_PROG(test_int_hook, struct vm_area_struct *vma,
|
|
unsigned long reqprot, unsigned long prot, int ret)
|
|
{
|
|
if (ret != 0)
|
|
return ret;
|
|
|
|
__u32 pid = bpf_get_current_pid_tgid() >> 32;
|
|
int is_stack = 0;
|
|
|
|
is_stack = (vma->vm_start <= vma->vm_mm->start_stack &&
|
|
vma->vm_end >= vma->vm_mm->start_stack);
|
|
|
|
if (is_stack && monitored_pid == pid) {
|
|
mprotect_count++;
|
|
ret = -EPERM;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
SEC("lsm/bprm_committed_creds")
|
|
int BPF_PROG(test_void_hook, struct linux_binprm *bprm)
|
|
{
|
|
__u32 pid = bpf_get_current_pid_tgid() >> 32;
|
|
|
|
if (monitored_pid == pid)
|
|
bprm_count++;
|
|
|
|
return 0;
|
|
}
|