Ubuntu
linux package

Comment 13 for bug 1883962

Revision history for this message

Mauricio Faria de Oliveira (mfo) wrote on 2020-07-24:

#13

Verification done on "Disco" (linux-hwe-5.0)
---

# uname -rv
5.0.0-58-generic #62~18.04.1-Ubuntu SMP Tue Jul 14 03:37:30 UTC 2020

For some other reason the kprobes module is not picking up on accept,
only on release. This is unrelated to this patchset.

I used kprobe events instead, which is working, and reveals the ref
counter does not leak (stable increase/decrease on accept/release.)

On the example below, it varies between 0x64b and 0x64c, correctly.

# ./aa-refcnt-af_alg &

# echo 'p af_alg_accept sk=%di count=+0x0(+0x0(+0x278(%di))):x32' > /sys/kernel/debug/tracing/kprobe_events
# echo 'p af_alg_release_parent sk=%di count=+0x0(+0x0(+0x278(%di))):x32' >> /sys/kernel/debug/tracing/kprobe_events

# echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable

# cat /sys/kernel/debug/tracing/trace_pipe
...
aa-refcnt-af_al-21362 [002] .... 77023.869615: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
aa-refcnt-af_al-21362 [002] .... 77023.869619: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
aa-refcnt-af_al-21362 [002] .... 77023.869623: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
aa-refcnt-af_al-21362 [002] .... 77023.869626: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
aa-refcnt-af_al-21362 [002] .... 77023.869630: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
aa-refcnt-af_al-21362 [002] .... 77023.869633: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
...
ctrl-c

# echo 0 > /sys/kernel/debug/tracing/events/kprobes/enable
# echo > /sys/kernel/debug/tracing/kprobe_events
# killall aa-refcnt-af_alg

Details:
-------

We want this value from 'struct sock *sk': kref_read(&SK_CTX(sk)->label->count)

With:

#define SK_CTX(X) apparmor_sock(X)

static inline struct aa_sk_ctx *apparmor_sock(const struct sock *sk)
...
return sk->sk_security + apparmor_blob_sizes->lbs_sock;
...

Checking the value for lbs_sock w/ a kernel module:

[76604.268403] apparmor_blob_sizes->lbs_sock: 0

And struct member offsets:

$ pahole --hex -C sock usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep sk_security
void * sk_security; /* 0x278 0x8 */

$ pahole --hex -C aa_sk_ctx usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep -w label
struct aa_label * label; /* 0 0x8 */

$ pahole --hex -C aa_label usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep -w count
struct kref count; /* 0 0x4 */

Verification done on "Disco" (linux-hwe-5.0)
---

# uname -rv
5.0.0-58-generic #62~18.04.1-Ubuntu SMP Tue Jul 14 03:37:30 UTC 2020

For some other reason the kprobes module is not picking up on accept,
only on release. This is unrelated to this patchset.

I used kprobe events instead, which is working, and reveals the ref
counter does not leak (stable increase/decrease on accept/release.)

On the example below, it varies between 0x64b and 0x64c, correctly.

# ./aa-refcnt-af_alg &

# echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable

# cat /sys/kernel/debug/tracing/trace_pipe
...
 aa-refcnt-af_al-21362 [002] .... 77023.869615: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
 aa-refcnt-af_al-21362 [002] .... 77023.869619: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
 aa-refcnt-af_al-21362 [002] .... 77023.869623: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
 aa-refcnt-af_al-21362 [002] .... 77023.869626: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
 aa-refcnt-af_al-21362 [002] .... 77023.869630: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
 aa-refcnt-af_al-21362 [002] .... 77023.869633: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
...
ctrl-c

# echo 0 > /sys/kernel/debug/tracing/events/kprobes/enable
# echo > /sys/kernel/debug/tracing/kprobe_events
# killall aa-refcnt-af_alg

Details:
-------

We want this value from 'struct sock *sk': kref_read(&SK_CTX(sk)->label->count)

With:

#define SK_CTX(X) apparmor_sock(X)

static inline struct aa_sk_ctx *apparmor_sock(const struct sock *sk)
	...
		return sk->sk_security + apparmor_blob_sizes->lbs_sock;
	...

Checking the value for lbs_sock w/ a kernel module:

[76604.268403] apparmor_blob_sizes->lbs_sock: 0

And struct member offsets:

$ pahole --hex -C sock usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep sk_security
		void *                     sk_security;          /* 0x278   0x8 */

$ pahole --hex -C aa_sk_ctx usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep -w label
		struct aa_label *          label;                /*     0   0x8 */

$ pahole --hex -C aa_label usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep -w count
		struct kref                count;                /*     0   0x4 */

Ubuntulinux package

Comment 13 for bug 1883962

Ubuntu
linux package