From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=KyPd=4B=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED,
	FSL_HELO_FAKE,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EC24EC2BA83
	for <linux-mm@archiver.kernel.org>; Thu, 13 Feb 2020 16:18:45 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id AB2A8206ED
	for <linux-mm@archiver.kernel.org>; Thu, 13 Feb 2020 16:18:45 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="sWRi8JkG"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AB2A8206ED
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 520706B0565; Thu, 13 Feb 2020 11:18:45 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 4F6DB6B0567; Thu, 13 Feb 2020 11:18:45 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 3BDAE6B0568; Thu, 13 Feb 2020 11:18:45 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0088.hostedemail.com [216.40.44.88])
	by kanga.kvack.org (Postfix) with ESMTP id 237776B0565
	for <linux-mm@kvack.org>; Thu, 13 Feb 2020 11:18:45 -0500 (EST)
Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id CFA3F181B04A2
	for <linux-mm@kvack.org>; Thu, 13 Feb 2020 16:18:44 +0000 (UTC)
X-FDA: 76485612168.02.kick82_1f0434d074c2c
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin02.hostedemail.com (Postfix) with ESMTP id C571B269D1
	for <linux-mm@kvack.org>; Thu, 13 Feb 2020 16:10:13 +0000 (UTC)
X-HE-Tag: kick82_1f0434d074c2c
X-Filterd-Recvd-Size: 5716
Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com [209.85.215.193])
	by imf37.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 13 Feb 2020 16:10:13 +0000 (UTC)
Received: by mail-pg1-f193.google.com with SMTP id j15so3337659pgm.6
        for <linux-mm@kvack.org>; Thu, 13 Feb 2020 08:10:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=sender:date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=pq11CdZh/9XaCS2yx9ETIUzoQiiQH3AvcCT4xTpvaUA=;
        b=sWRi8JkG3eqgk7nYzzCq3g4geT4pLP2PJ9omUKVGOIaunOMZt8UIBIhdTR5L1TI1ZO
         x52gdvaEIg8jbdYjBvdi/RVpVA2EQ76hJayBSsLcALFp/EX5JipRePqVn+Hj6kj2sEgv
         SoqU4Lnwyx5bpOjvhLKr5XB1+pWrCD5CAzUpOaZc138RIdsX/RxO0YTaAJaC9GuNLlnC
         Eb6FMeQDDW+DidWlsfjBT/poNEma7IMO4wjPxFXR822xU+Y/hPU6ghlCa4XjjoXhwXat
         LpDjWTQxeAKpj2c1Zz8/t+UNsZluPqlGBwrRxDbaZtlHOKWm6iXZoUOMm5BVU+zuYTnQ
         wddg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:date:from:to:cc:subject:message-id
         :references:mime-version:content-disposition:in-reply-to:user-agent;
        bh=pq11CdZh/9XaCS2yx9ETIUzoQiiQH3AvcCT4xTpvaUA=;
        b=Su2RKJY0NZpkjHNv6u0IgxFIv0CgVmYVZuK2NMkAamVHnyV2GUE7A/jvp0j8xq+JVm
         W+OwBssVAG/9jUFaycD/GlvlsmyH2oaz4+VVPNUYQrjIjqiNA+lw5/AQH12o8zj6CnMJ
         wO36f3ynyNfv8wcArR9iIvtu0H9ClFWDk/I/cVHTslgDe0ZkC/pxx1SyMo3diApNEFQj
         awcUnMs2qOm31kRUCusphzTC1kyebHBp7zFnjddsdvWeKTFtXPo7qFDEjAI4b+JZi3P9
         d6cTVVWGhb66BoGNPZyTjnG2EeaGX3baZCd75KXIbn0iSEGD1i1DjnAJiW+GhvDq1CU4
         4+OA==
X-Gm-Message-State: APjAAAWweYdPj6EiwXtIeCycWYMabPNlRj0oPluT9dxNzlitGdOogYNM
	d3KTzj2ztMXKICD7QOATHtc=
X-Google-Smtp-Source: APXvYqzI8Oi7TMhvonZcBalSovnuh/KcHK3T3FsCigFd9iMjc8lbR8SSmiARPrOMJIbUzzMyLep+UQ==
X-Received: by 2002:a63:7152:: with SMTP id b18mr19069004pgn.232.1581610211399;
        Thu, 13 Feb 2020 08:10:11 -0800 (PST)
Received: from google.com ([2620:15c:211:1:3e01:2939:5992:52da])
        by smtp.gmail.com with ESMTPSA id q12sm3404444pfh.158.2020.02.13.08.10.09
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 13 Feb 2020 08:10:10 -0800 (PST)
Date: Thu, 13 Feb 2020 08:10:07 -0800
From: Minchan Kim <minchan@kernel.org>
To: Jann Horn <jannh@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	LKML <linux-kernel@vger.kernel.org>, linux-mm <linux-mm@kvack.org>,
	Linux API <linux-api@vger.kernel.org>,
	Oleksandr Natalenko <oleksandr@redhat.com>,
	Suren Baghdasaryan <surenb@google.com>,
	Tim Murray <timmurray@google.com>,
	Daniel Colascione <dancol@google.com>,
	Sandeep Patil <sspatil@google.com>, Sonny Rao <sonnyrao@google.com>,
	Brian Geffon <bgeffon@google.com>, Michal Hocko <mhocko@suse.com>,
	Johannes Weiner <hannes@cmpxchg.org>,
	Shakeel Butt <shakeelb@google.com>, John Dias <joaodias@google.com>,
	Joel Fernandes <joel@joelfernandes.org>,
	Alexander Duyck <alexander.h.duyck@linux.intel.com>
Subject: Re: [PATCH v4 2/8] mm: introduce external memory hinting API
Message-ID: <20200213161007.GA24649@google.com>
References: <20200212233946.246210-1-minchan@kernel.org>
 <20200212233946.246210-3-minchan@kernel.org>
 <CAG48ez27=pwm5m_N_988xT1huO7g7h6arTQL44zev6TD-h-7Tg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAG48ez27=pwm5m_N_988xT1huO7g7h6arTQL44zev6TD-h-7Tg@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Hi Jann,

On Thu, Feb 13, 2020 at 03:08:59PM +0100, Jann Horn wrote:
> On Thu, Feb 13, 2020 at 12:40 AM Minchan Kim <minchan@kernel.org> wrote:
> > To solve the issue, this patch introduces a new syscall process_madvise(2).
> > It uses pidfd of an external process to give the hint.
> [...]
> > +       mm = mm_access(task, PTRACE_MODE_ATTACH_FSCREDS);
> > +       if (IS_ERR_OR_NULL(mm)) {
> > +               ret = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
> > +               goto release_task;
> > +       }
> > +
> > +       ret = do_madvise(task, start, len_in, behavior);
> 
> When you're accessing another task, you should ensure that the other
> task doesn't gain new privileges by executing a setuid binary in the
> middle of being accessed. mm_access() does that for you; it holds the
> ->cred_guard_mutex while it is looking up the task's ->mm and doing
> the security check. mm_access() then returns you an mm pointer that
> you're allowed to access without worrying about such things; an
> mm_struct never gains privileges, since a setuid execution creates a
> fresh mm_struct. However, the task may still execute setuid binaries
> and such things.
> 
> This means that after you've looked up the mm with mm_access(), you
> have to actually *use* that pointer. You're not allowed to simply read
> task->mm yourself.
> 
> Therefore, I think you should:
> 
>  - change patch 1/8 ("mm: pass task to do_madvise") to also pass an
> mm_struct* to do_madvise (but keep the task_struct* for patch 4/8)
>  - in this patch, pass the mm_struct* from mm_access() into do_madvise()
>  - drop patch 3/8 ("mm: validate mm in do_madvise"); it just papers
> over a symptom without addressing the underlying problem

Actually, it was what this patch series was doing until last version
but I changed it to reduce just *a parameter* to do_madvise.
And then, this time, I got a good advise I was not familiar.
I will fix it again.
Thanks for the review!