From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F31C9D44162 for ; Tue, 19 Nov 2024 15:09:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 458D56B00A1; Tue, 19 Nov 2024 10:09:17 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 408E76B00A2; Tue, 19 Nov 2024 10:09:17 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2AA3B6B00A3; Tue, 19 Nov 2024 10:09:17 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 0BD2A6B00A1 for ; Tue, 19 Nov 2024 10:09:17 -0500 (EST) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id B2A3E8057C for ; Tue, 19 Nov 2024 15:09:16 +0000 (UTC) X-FDA: 82803175728.27.E7F26BE Received: from mail-qt1-f180.google.com (mail-qt1-f180.google.com [209.85.160.180]) by imf03.hostedemail.com (Postfix) with ESMTP id AAAD820006 for ; Tue, 19 Nov 2024 15:08:51 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=soleen-com.20230601.gappssmtp.com header.s=20230601 header.b=WOo4XiMK; dmarc=pass (policy=none) header.from=soleen.com; spf=pass (imf03.hostedemail.com: domain of pasha.tatashin@soleen.com designates 209.85.160.180 as permitted sender) smtp.mailfrom=pasha.tatashin@soleen.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732028771; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ihpfPch2+vS1oLDpcfa8u6AKTSTYRMwvV9Is7Fw0VNM=; b=RYI0xXar0VyPAX3K9uKEA/N9EfAGQo2BUCRgufYX2qYqQACOn+vhgRTcSy9GJX+RC4XemQ SGEN+EZhcqn2ej0GKeliPWu1o2n8Dtjy6q2jEKnO8V39wYaFwH7Mqnwz6U7SXJMgdkqc6j KMerahxjVe0lzpCiPE7FqxL5+DqUdl0= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=soleen-com.20230601.gappssmtp.com header.s=20230601 header.b=WOo4XiMK; dmarc=pass (policy=none) header.from=soleen.com; spf=pass (imf03.hostedemail.com: domain of pasha.tatashin@soleen.com designates 209.85.160.180 as permitted sender) smtp.mailfrom=pasha.tatashin@soleen.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732028771; a=rsa-sha256; cv=none; b=ZtlhiY90Kiiz54FUHJkHotUDA1Bcg0GJOTQ4qXIcHsAjibnz1lfCU41/BQjjWkAtKeHFi3 p4CmW8zEVT2Pg+Ih41w2yO2BeK7sjk54zRigfShrujRIspWo+J4WXoUvzFnD6FCAO9XNyD WWOZdRnOo/gMcKNiGsFCHvd5Nbnw+t4= Received: by mail-qt1-f180.google.com with SMTP id d75a77b69052e-46375ac25fbso24417761cf.0 for ; Tue, 19 Nov 2024 07:09:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen-com.20230601.gappssmtp.com; s=20230601; t=1732028954; x=1732633754; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ihpfPch2+vS1oLDpcfa8u6AKTSTYRMwvV9Is7Fw0VNM=; b=WOo4XiMK8o8hlN7PL2lO2XhI23xvYU2E/gD2D4MlNCMxEjp4sJg8vd6Mj32NrtS/uk sUhTM9YbTlBhZ6+SebO58I7H72V8IBQS1zUqHYoUBtjJfxHeoHfz5Bofl8AA5GYY2xwH BfZMwE2xrCelxzPAO+rFWTUsDVzgqeRj5XmFxKK0Yy/k2iDJrzYAv5C0WNNwrvcJc44j k9iA+kZrOGfQoXAvo3MDXri5Bh6Sst6xYWiEJHVlHVJQX42LaPgFPOhbrWWFZIQfmoa+ f3CNGseryrOj2BIAU82qLVwWp+V6TBoESX4NDoV66C7terpgVpXMWUSH8+IynAHyGXdP SWCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732028954; x=1732633754; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ihpfPch2+vS1oLDpcfa8u6AKTSTYRMwvV9Is7Fw0VNM=; b=G/UsuEm6y7zqVZijqorY6Ii3YIwaY88Z5WiP6QawsYhwrnN3uV4cqQRtSDXL2JtAhm M7Okblo/keEIju5edGzkbspfp85qxG3jcn8bSHh/3b3UwSYlV54KrZNKzOjNvMUy8kVI W+S1pKaJjq8Al4UPTgGonQBNoh3mB4OX2SFBzzaPjRaIMMhrbJz8JRluuy9WfGl5Yd7/ 5NriQ5FTx6m5c6Wx5nRI7a1I7xIlIxmQRKBM1/8MrFHkPW9lLmylHy/3rIXkyDUUJdpw YPx8/1LrKlXos1EzUeaABj7CgEMXYEI0o08T9Hw9sfs/jqRM5DBA49Il/OH4v6+KJ+xJ chUQ== X-Forwarded-Encrypted: i=1; AJvYcCVUdHfmWb59+F6bBPBNV6BFPDmbvgp8079+7f6iNI+fjo2XNou2LKCRadDSpqHHlH2a4rFTlPkjYw==@kvack.org X-Gm-Message-State: AOJu0YwGPxJo9nAv2THNMcMZYocRvCNy2O4si+R71wv+4/tG8oM+r/xM 5aHkZb5et/Gnmz0i4eLFH5P59A6WwRIroV8nIs8Asour0n3ELoegQ0WEgTDqlEuWKsIafEkcdUv A0PNzafaF2EGRIZPPNgluR53pAEscpXdMrT1Gng== X-Google-Smtp-Source: AGHT+IHRGpOUonbjsJFvyqtYHjjDkldWUt457Akk0CmInRHYKiSo8TSkt2aWu9nazV3c0hbsQ8hzQfAATih5DjFXh3E= X-Received: by 2002:ac8:7d4c:0:b0:463:990:4250 with SMTP id d75a77b69052e-46363e93fbcmr224538141cf.38.1732028953763; Tue, 19 Nov 2024 07:09:13 -0800 (PST) MIME-Version: 1.0 References: <20241116175922.3265872-1-pasha.tatashin@soleen.com> <2024111938-anointer-kooky-d4f9@gregkh> In-Reply-To: <2024111938-anointer-kooky-d4f9@gregkh> From: Pasha Tatashin Date: Tue, 19 Nov 2024 10:08:36 -0500 Message-ID: Subject: Re: [RFCv1 0/6] Page Detective To: Greg KH Cc: Roman Gushchin , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, cgroups@vger.kernel.org, linux-kselftest@vger.kernel.org, akpm@linux-foundation.org, corbet@lwn.net, derek.kiernan@amd.com, dragan.cvetic@amd.com, arnd@arndb.de, viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz, tj@kernel.org, hannes@cmpxchg.org, mhocko@kernel.org, shakeel.butt@linux.dev, muchun.song@linux.dev, Liam.Howlett@oracle.com, lorenzo.stoakes@oracle.com, vbabka@suse.cz, jannh@google.com, shuah@kernel.org, vegard.nossum@oracle.com, vattunuru@marvell.com, schalla@marvell.com, david@redhat.com, willy@infradead.org, osalvador@suse.de, usama.anjum@collabora.com, andrii@kernel.org, ryan.roberts@arm.com, peterx@redhat.com, oleg@redhat.com, tandersen@netflix.com, rientjes@google.com, gthelen@google.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: AAAD820006 X-Stat-Signature: wadrsepbjs8s5dutbpbdkp4u3yqbiez4 X-Rspam-User: X-HE-Tag: 1732028931-742649 X-HE-Meta: U2FsdGVkX194eFWt4GnyRGJInem+ShQzeDyQe2InJf4+Jttm0ZJvVKJwnFf64iA6IXLklt+T4dF33Q9oumZP0GfmdgXdTwiApXqXMzpwFUcfP/RYJPXuMY6vH/+xVI27xImhAtMUtqvoV4NLxj4uyIDWKu9C2jg1xojEF2o0Rvn/5cF/RxV4r2AXcySAixGgRQ9fwbvuVQuPlFENBpY3kjk1TfXwe/3Q/f7ENoHUQgmMZdnR0UisBnrWcq/iZ1ubQtHfBV3MWBXwNPqtHq4MNvcuTBRAnkaPZsxHTZn90bXa4ihOUrxbg88DLCQxSwonm01Tz7uwLqx+5Hl+8OLh3BpGzd38A7M6iZ0tRIt/xOMaa9qICnalcIxEixQf7vQAjV328KBRH2cMCOo6w6EZo9zIuR+JHNwEawbHBHGaBhpbVRetVl2Z5ws5xjGF0qfysN4jaaJ+ITJqi9A88XSxwaMayhT2dK1Alk2E1k02bYbbcVYCYKRD7nNC+WiYMBWdrxzkIAJRwsOyQ+pCEdDs5i3gF/n6xz3JWOSDcbBEySjMZbfvzx2UgOZPt2wFgzJpgXHURztcGHWikKYi0xkazx4CwQhdihdw3f6G9A6g+Ry0GSCcVlq60yuf33OCx1raLSG47QQWoOhzMQeuUSJfcFstaKub5sAgegIm64JCkQKoZ9LOTKcUai4wWOqG3CEwT9StYRpmiUuvQ3EYwuZAf69YiADCbWMvsZyhXxESCMfQiqc9/XsvEnsSYv+Co10mH1MndJLWXk5FM512yR5mEqUI4bNPGsjq0ygboc4q+gqn82Y3sfafO/IoSdeukDFjwngOJSPoLdLlJapn/Y9y5L21RRCKQ3lRHWskPtw9noA7X0RR4jbHAeFdQF25Wr5byWSeeVgOT2+CU/qO8r2RthAjh5ZCB/eO0YTPuRDcCck0m5SMfm8hc/Plq/v20DMO/RJK0cxxi+mnxVgvYI9 bXsDLwOV oNrlJwGEobapiOl623bV+wdkGO2C+iV8+qpRMTMINILvAo9qkxomKLBlsM/JKTASBMKeHEKXURA3ldt82eMQj1s+BUOXEheU0F1ulwOAdOqrm4ysnIZQQUsx4LSxPtllgYwP+DyWS75awVPZxpPn705sbZl7N+aYRT3F9YTx4AKpCOEv889W/CS8zeY/Z9ad9s1QXG10yO2pp/SSCEXzQQft/fVnWB59hQcPj0qqrgxWIwoobPPpYPDVjO0O88HAdYrFJ+x2mnUxoahnZ/q0Rms0qPMvOAJsY9Wl84ISoxmXnJ0Y1uRKg3O8IBueYoVvK7kGvRHyQvrEpRnXhhdglKPy1aoeWMoy4OQHx02CRaomNr6E= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Nov 18, 2024 at 8:09=E2=80=AFPM Greg KH wrote: > > On Mon, Nov 18, 2024 at 05:08:42PM -0500, Pasha Tatashin wrote: > > Additionally, using crash/drgn is not feasible for us at this time, it > > requires keeping external tools on our hosts, also it requires > > approval and a security review for each script before deployment in > > our fleet. > > So it's ok to add a totally insecure kernel feature to your fleet > instead? You might want to reconsider that policy decision :) Hi Greg, While some risk is inherent, we believe the potential for abuse here is limited, especially given the existing CAP_SYS_ADMIN requirement. But, even with root access compromised, this tool presents a smaller attack surface than alternatives like crash/drgn. It exposes less sensitive information, unlike crash/drgn, which could potentially allow reading all of kernel memory. Pasha