argv-safety: register children at fork time#35
Open
congwang-mk wants to merge 4 commits intomainfrom
Open
Conversation
…tras When any consumer can inspect execve argv from child memory — the policy_fn callback or an extra handler bound to execve/execveat that can call read_child_mem — fork/clone/vfork notifications now wrap their Continue response in one-shot ptrace fork-event tracking, so every new child is registered in ProcessIndex before it can run user code. The execve argv-safety freeze can then enumerate every tracked TGID and PTRACE_SEIZE every thread that could mutate argv between supervisor inspection and the kernel's post-Continue re-read. Signed-off-by: Cong Wang <cwang@multikernel.io>
…king Signed-off-by: Cong Wang <cwang@multikernel.io>
Signed-off-by: Cong Wang <cwang@multikernel.io>
Signed-off-by: Cong Wang <cwang@multikernel.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
policy_fn, or an extra handler bound toexecve/execveatthat can callread_child_mem— the supervisor now arms one-shot ptrace fork-event tracking (PTRACE_O_TRACE{FORK,VFORK,CLONE}) on every fork-class notification. New children are registered inProcessIndexbefore they can run user code, so the execve argv-safety freeze can enumerate every tracked TGID andPTRACE_SEIZEevery thread that could mutate argv between supervisor inspection and the kernel's post-Continue re-read.fork(2)only enters the BPF notif filter whenpolicy_fnis set or an extra handler is bound to exec, so the COW map-reduce hot path keeps bypassing the supervisor.ProcessCreationTraceis an RAII guard — panics or early returns can't leak ptrace attachments. The blockingwaitpidcalls run ontokio::task::spawn_blockingso a stretched wait can't stall a notification worker.Test plan
cargo test --workspace— 443/443 passing (was 441; +2 new tests incrates/sandlock-core/src/resource.rs)pytest python/tests/— 226/226 passingprocess_creation_tracking_predicates_follow_argv_safety_gatelocks in the gating across clone/clone3/fork/vfork and the CLONE_THREAD bypassprocess_creation_tracking_registers_child_before_user_code_runsvalidates the central safety property end-to-end via aMAP_SHAREDflag page: a raw-fork child is observed to be registered while still ptrace-stopped (before its first user-mode instruction). Skips gracefully if YAMAptrace_scopedenies the seize.fork(2)syscall); other arches skip via#[cfg]— intentional🤖 Generated with Claude Code