linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Andrew Morton <akpm@linux-foundation.org>
To: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: Shakeel Butt <shakeel.butt@linux.dev>,
	"Liam R . Howlett" <Liam.Howlett@oracle.com>,
	David Hildenbrand <david@redhat.com>,
	Vlastimil Babka <vbabka@suse.cz>, Jann Horn <jannh@google.com>,
	Arnd Bergmann <arnd@arndb.de>,
	Christian Brauner <brauner@kernel.org>,
	SeongJae Park <sj@kernel.org>,
	Usama Arif <usamaarif642@gmail.com>,
	Mike Rapoport <rppt@kernel.org>,
	Johannes Weiner <hannes@cmpxchg.org>,
	Barry Song <21cnbao@gmail.com>,
	linux-mm@kvack.org, linux-arch@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
	Pedro Falcato <pfalcato@suse.de>
Subject: Re: [DISCUSSION] proposed mctl() API
Date: Thu, 29 May 2025 14:31:32 -0700	[thread overview]
Message-ID: <20250529143132.b22099b8ce3452bbba25f813@linux-foundation.org> (raw)
In-Reply-To: <85778a76-7dc8-4ea8-8827-acb45f74ee05@lucifer.local>

On Thu, 29 May 2025 15:43:26 +0100 Lorenzo Stoakes <lorenzo.stoakes@oracle.com> wrote:

>
> madvise()
>
> ...
>
> process_madvise()
>
> ...
>
> prctl()
>
> ...
>

Yeah.  I think there has always been an attitude "ooh, new syscalls are
scary and I probably need permission from someone so let's graft it
onto something which is already there and hope nobody notices".

New syscalls are super easy and are cheap - it's just a table entry! 
If it makes sense as a standalone thing, do that.

> The proposed interface is simply:
> 
> int mctl(int pidfd, int action, unsigned int flags);

Well, why `flags'?  One could even add a syscall per operation. 
Debatable.

> Of course, security will be of utmost concern (Jann's input is important
> here :)
> 
> We can vary security requirements depending on the action taken.
> 
> For an initial version I suggest we simply limit operations which:
> 
> - Operate on a remote process
> - Use the MCTL_SET_DEFAULT_EXEC flag
> 
> To those tasks which possess the CAP_SYS_ADMIN capability.
>
> This may be too restrictive - be good to get some feedback on this.

Permissions needs careful consideration on a case-by-case basis.
Clearly in many cases, user A should be able to manipulate user A's
mm's.

And if different modes of mctl() end up with different permission
structures, one wonders why everything was clumped under the same
syscall!  mctl() becomes "prctl() for memory".

Anyway, fun discussion.  I'm with willy ;)


      parent reply	other threads:[~2025-05-29 21:31 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-05-29 14:43 Lorenzo Stoakes
2025-05-29 15:28 ` Matthew Wilcox
2025-05-29 17:54   ` Shakeel Butt
2025-05-29 18:13     ` Matthew Wilcox
2025-05-29 18:32       ` Usama Arif
2025-05-29 21:14   ` Johannes Weiner
2025-05-29 21:24     ` Liam R. Howlett
2025-05-29 23:14       ` Johannes Weiner
2025-05-30  7:52     ` Barry Song
2025-06-04 12:00       ` Johannes Weiner
2025-06-04 12:05         ` David Hildenbrand
2025-05-30 10:31     ` Vlastimil Babka
2025-06-04 12:19       ` Johannes Weiner
2025-06-05 12:31         ` Johannes Weiner
2025-06-09 17:03           ` Tejun Heo
2025-06-02 18:01     ` Matthew Wilcox
2025-06-04 13:21       ` Johannes Weiner
2025-06-04 12:28   ` Lorenzo Stoakes
2025-05-29 17:21 ` Usama Arif
2025-05-30 13:10   ` Lorenzo Stoakes
2025-06-10 15:03     ` Usama Arif
2025-06-10 15:17       ` Lorenzo Stoakes
2025-06-10 15:30         ` Usama Arif
2025-06-10 15:46           ` Matthew Wilcox
2025-06-10 16:00             ` Usama Arif
2025-06-10 16:26               ` Matthew Wilcox
2025-06-10 17:02                 ` Usama Arif
2025-06-10 16:02           ` Lorenzo Stoakes
2025-07-02 14:15           ` Usama Arif
2025-07-02 17:38             ` SeongJae Park
2025-07-04 10:34               ` David Hildenbrand
2025-05-29 18:50 ` Andy Lutomirski
2025-05-29 21:31 ` Andrew Morton [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250529143132.b22099b8ce3452bbba25f813@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=21cnbao@gmail.com \
    --cc=Liam.Howlett@oracle.com \
    --cc=arnd@arndb.de \
    --cc=brauner@kernel.org \
    --cc=david@redhat.com \
    --cc=hannes@cmpxchg.org \
    --cc=jannh@google.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=lorenzo.stoakes@oracle.com \
    --cc=pfalcato@suse.de \
    --cc=rppt@kernel.org \
    --cc=shakeel.butt@linux.dev \
    --cc=sj@kernel.org \
    --cc=usamaarif642@gmail.com \
    --cc=vbabka@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox