From: Nadav Amit <nadav.amit@gmail.com>
To: David Hildenbrand <david@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Linux-MM <linux-mm@kvack.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrea Arcangeli <aarcange@redhat.com>,
Mike Rapoport <rppt@linux.vnet.ibm.com>,
Peter Xu <peterx@redhat.com>
Subject: Re: [RFC PATCH] userfaultfd: support control over mm of remote PIDs
Date: Mon, 27 Sep 2021 13:08:40 -0700 [thread overview]
Message-ID: <75ECD9E1-4696-42CB-BD84-FF9C350BB227@gmail.com> (raw)
In-Reply-To: <21c6a41d-3f65-6a49-f604-b75ef53d2910@redhat.com>
> On Sep 27, 2021, at 10:06 AM, David Hildenbrand <david@redhat.com> wrote:
>
> On 27.09.21 12:19, Nadav Amit wrote:
>>> On Sep 27, 2021, at 2:29 AM, David Hildenbrand <david@redhat.com> wrote:
>>>
>>> On 26.09.21 19:06, Nadav Amit wrote:
>>>> From: Nadav Amit <namit@vmware.com>
>>>> Non-cooperative mode is useful but only for forked processes.
>>>> Userfaultfd can be useful to monitor, debug and manage memory of remote
>>>> processes.
>>>> To support this mode, add a new flag, UFFD_REMOTE_PID, and an optional
>>>> second argument to the userfaultfd syscall. When the flag is set, the
>>>> second argument is assumed to be the PID of the process that is to be
>>>> monitored. Otherwise the flag is ignored.
>>>> The syscall enforces that the caller has CAP_SYS_PTRACE to prevent
>>>> misuse of this feature.
>>>
>>> What supposed to happen if the target process intents to use uffd itself?
>> Thanks for the quick response.
>> First, sorry that I mistakenly dropped the changes to userfaultfd.h
>> that define UFFD_REMOTE_PID.
>
> Didn't even notice it :)
>
>> As for your question: there are standard ways to deal with such cases,
>> similarly to when a debugged program wants to use PTRACE. One way is
>> to block the userfaultfd syscall, using seccomp. Another way is to do
>> chaining using ptrace (although using ptrace for anything is
>> challenging).
>> It is also possible to add tailor something specific to userfaultfd,
>> but I think seccomp is a good enough solution. I am open to suggestions.
>
> If we have something already in place to handle PTRACE, we'd better reuse what's already there. Thanks!
Just to ensure we are on the same page: I meant that this is usually
left for the user application to handle. The 2 basic solutions are to
not expose userfaultfd to the monitored process (easy using seccomp)
or to chain the two monitors (hard using ptrace).
Since ptrace is hard, in theory we can have facilities to “hijack”
a context and “inject” uffd event to another monitor. I just think
it is a total overkill at this stage.
next prev parent reply other threads:[~2021-09-27 20:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-26 17:06 Nadav Amit
2021-09-27 9:29 ` David Hildenbrand
2021-09-27 10:19 ` Nadav Amit
2021-09-27 17:06 ` David Hildenbrand
2021-09-27 20:08 ` Nadav Amit [this message]
2021-09-27 20:11 ` David Hildenbrand
2021-10-13 2:18 ` Peter Xu
2021-10-13 16:02 ` Nadav Amit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=75ECD9E1-4696-42CB-BD84-FF9C350BB227@gmail.com \
--to=nadav.amit@gmail.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=david@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=peterx@redhat.com \
--cc=rppt@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox