Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dynamic Landlock ABI configuration wrt. runtime kernel #2263

Open
wants to merge 7 commits into
base: master
Choose a base branch
from

Conversation

Lederstrumpf
Copy link
Contributor

@Lederstrumpf Lederstrumpf commented Nov 5, 2024

Referenced issues

resolves #2262

Description of the Change

Dynamically determines the available Landlock flags from the version of the Landlock ABI reverted by this call.

This is necessary since the prior implementation relied solely on the definition of these flags for their inclusion. However, such definition is solely determined by the headers available during compile time and is orthogonal to the feature support of the host's kernel (especially if the compilation host and runtime host are different).

A given Landlock flag is now only included in the landlock_create_ruleset(...) call if

  1. The given flag is defined
  2. The flag's underlying feature is supported by the Landlock ABI version reverted at runtime

As such, this PR enables hosts with 5.13 <= linux kernel version < 6.7 to be used in Secure Validtor Mode.

Possible Drawbacks

The drawbacks are the same as the prior implementation's seeming intent.
As described in #2262:

  1. conditionally enabling Landlock features only serves a purpose if these additional Landlock features are in fact used in the implementation - else one might as well stick with Landlock V1 flags only
  2. even if these additional features are used, this has to be carefully considered against the Parity Client's rationale of avoiding indeterminism by using one canonical versions features only (currently V1): https://github.com/paritytech/polkadot-sdk/blob/f5e7eaf610b50c6a6e3f65649908100ce8bea5b0/polkadot/node/core/pvf/common/src/worker/security/landlock.rs#L37-L73

Checklist Before Opening a PR

Before you open a Pull Request (PR), please make sure you've completed the following steps and confirm by answering 'Yes' to each item:

  1. Code is formatted: Have you run your code through clang-format to ensure it adheres to the project's coding standards? Yes
  2. Code is documented: Have you added comments and documentation to your code according to the guidelines in the project's contributing guidelines? Yes
  3. Self-review: Have you reviewed your own code to ensure it is free of typos, syntax errors, logical errors, and unresolved TODOs or FIXME without linking to an issue? Yes
  4. Zombienet Tests: Have you ensured that the zombienet tests are passing? Zombienet is a network simulation and testing tool used in this project. It's important to ensure that these tests pass to maintain the stability and reliability of the project. No

Prior implementation assumed landlock version from flag declarations in
headers on compilation host, which do not necessarily match flags
available at runtime, in particular on a different runtime target.

To include a Landlock flag, now need both availability of flag on
compilation host and runtime target.
@Lederstrumpf Lederstrumpf changed the title Correctly check Landlock support of runtime kernel Dynamic Landlock ABI configuration wrt. runtime kernel Nov 5, 2024
@Lederstrumpf Lederstrumpf marked this pull request as ready for review November 5, 2024 05:12
@kamilsa kamilsa requested a review from Harrm November 18, 2024 08:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Bug]: false-negatives on landlock support: linux kernels 5.13-6.8
2 participants