From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 606E6C433FE for ; Fri, 21 Oct 2022 16:17:09 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D736E8E0002; Fri, 21 Oct 2022 12:17:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D23528E0001; Fri, 21 Oct 2022 12:17:08 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C123C8E0002; Fri, 21 Oct 2022 12:17:08 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id B3C2C8E0001 for ; Fri, 21 Oct 2022 12:17:08 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 756F9AAD35 for ; Fri, 21 Oct 2022 16:17:08 +0000 (UTC) X-FDA: 80045460936.11.A931E77 Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178]) by imf20.hostedemail.com (Postfix) with ESMTP id E8E241C004C for ; Fri, 21 Oct 2022 16:17:07 +0000 (UTC) Received: by mail-lj1-f178.google.com with SMTP id x18so4418990ljm.1 for ; Fri, 21 Oct 2022 09:17:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9BhlseJunuaOmArCKyKq3dQuPh8gFQ+o2A9akwjB3AI=; b=BUPK9ZUfwReOcby/Gds2wXxyDFdZn/URLMBUknN2fpwmvsslo/cZLKOqBgzU1Ay0Em vXpCOXkf2BYt38YpjK1TWAx4ZN8QES/63162BUi09mVcLDkyzFqv7j6JVQ4zLTqUoVhk ve8ra80u2qCQH397+n4jUSmhdvFmWOI32NMe2Z55MYmamQmo1PtkSrZjTrbNNxR1xiBv TQvSjEqgR/StDPNz1vuoksRfGQwWJvlDRWJyGVd4Op0Tx1GVYu3n1dFSubw6P1lF0CL3 zLWSxqdVz3+sOdke8uyOyehrii3IPiQLbJ8NGLTiesyPUO+UW5i9QkNKdt0bnd/0y14J g3Qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9BhlseJunuaOmArCKyKq3dQuPh8gFQ+o2A9akwjB3AI=; b=aOUOXhBRx1LqGj+tTXfxlWX7p25VnrIJpE/BwZYm5dsmBBwINg+XStGJkWCf02cCft JeMrRgRYtI4UceRGtTjxYAt8l/cBmWQNlBrNAvxldsRIEMQvPU6Xb6tItgW8azxL/Cab RGYN4ltH0jakkDjNqLdYw2CyZ7c7yk5vImgFNfoXoTHr2cGXQSrLjJk91g2zkn0ntGiJ MfPr1SvNHI/hCnMc1+6Dd0KfcI2PHsUrqo+ifOcOhPt1+5TwXbaHEKn/jW0lGywIB2fy 8lT3nvCV3f7vBIYaXFm4h23dWDtRch3UyvAhuhWb5XAbE/6dQIFdJQsmCJG3fq4k7GHC dq7Q== X-Gm-Message-State: ACrzQf1ZcEiEuve9KJYfwMy6L5RCCBrm3ACqKP40Cciq2Qfk8jU13mEI qwlqd5HW3ONhQgKr0dA6DxHPa/01dC/ykveMw2OSxA== X-Google-Smtp-Source: AMsMyM5cr1rkQnIy7ZZdYV76WByW8AWIWarXv+LgIth8dhI7XGXUwi0D3qEkyYiDRBZwobcsLl+nYMVn/Ku24gt5B+Y= X-Received: by 2002:a2e:8810:0:b0:276:be89:55a7 with SMTP id x16-20020a2e8810000000b00276be8955a7mr711119ljh.394.1666369026001; Fri, 21 Oct 2022 09:17:06 -0700 (PDT) MIME-Version: 1.0 References: <20221018235051.152548-1-zokeefe@google.com> <20221018235051.152548-4-zokeefe@google.com> In-Reply-To: From: "Zach O'Keefe" Date: Fri, 21 Oct 2022 09:16:29 -0700 Message-ID: Subject: Re: [PATCH man-pages v2 3/4] process_madvise.2: CAP_SYS_ADMIN cleanup To: Alejandro Colomar Cc: Yang Shi , linux-mm@kvack.org, linux-man@vger.kernel.org, Suren Baghdasaryan , Minchan Kim , Michael Kerrisk Content-Type: text/plain; charset="UTF-8" ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=BUPK9ZUf; spf=pass (imf20.hostedemail.com: domain of zokeefe@google.com designates 209.85.208.178 as permitted sender) smtp.mailfrom=zokeefe@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1666369028; a=rsa-sha256; cv=none; b=RMGF32b6+zq9k28Y1cNav3mAUoFwgXLE3DNhNmPGfL45gtuHEKQI4HfqcBFsEofyo5Zp9p YqIkR+U4gea49jsFT9TgHOQgr7UiwkzDYi32q2nuU/oF/0KUlEpWSPTE68wtUkcFlXhfUm rmbFW+hw4GTicxOWhunSyuVDRQkooHE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1666369028; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9BhlseJunuaOmArCKyKq3dQuPh8gFQ+o2A9akwjB3AI=; b=v87k59xxOeOy6kHalvaHqOyYrcNc3MqwTVmCeASmiY11IeNNhfKgKykNg+FUwsP9Nl1DEQ /eq1hMAPxpsDjVPEsYtln0dtpXVyxfSvD6U/4YxSHtuaPD7qMNVSbuZrKX0clLcpYfH3hl ordifehWFNrkYRo6JmMfNiZhpNbYybE= X-Rspamd-Queue-Id: E8E241C004C X-Rspam-User: Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=BUPK9ZUf; spf=pass (imf20.hostedemail.com: domain of zokeefe@google.com designates 209.85.208.178 as permitted sender) smtp.mailfrom=zokeefe@google.com; dmarc=pass (policy=reject) header.from=google.com X-Rspamd-Server: rspam11 X-Stat-Signature: 3dmhxje64tygda6d41en9uu14fxa3kfr X-HE-Tag: 1666369027-679091 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hey Alex! Thanks for taking the time to review! On Fri, Oct 21, 2022 at 5:41 AM Alejandro Colomar wrote: > > On 10/21/22 14:37, Alejandro Colomar wrote: > > On 10/19/22 01:50, Zach OKeefe wrote: > >> From: Zach O'Keefe > >> > >> The initial commit of process_madvise(2) to man-pages project included > >> an error, indicating that CAP_SYS_ADMIN capability was required when, in > >> fact, CAP_SYS_NICE was the required capability. > >> > >> The initial commit of process_madvise(2) to Linux, commit ecb8ac8b1f14 > >> ("mm/madvise: introduce process_madvise() syscall: an external memory > >> hinting API"), relied on PTRACE_MODE_ATTACH_FSCREDS (see ptrace(2)), > >> but was amended by commit 96cfe2c0fd23 ("mm/madvise: replace ptrace > >> attach requirement for process_madvise") which replaced this with a > >> combination of PTRACE_MODE_READ and CAP_SYS_NICE (PTRACE_MODE_READ to > >> prevent leaking ASLR metadata and CAP_SYS_NICE for influencing process > >> performance). > > [...] > > > If I understand the paragraph above, from 5.10 to 5.12 the capability required > > was CAP_SYS_ADMIN? > > Or was it CAP_SYS_PTRACE? Starting in 5.10, there was no CAP_* capability requirement - only PTRACE_MODE_ATTACH_FSCREDS (aka PTRACE_MODE_ATTACH | PTRACE_MODE_REALCREDS). Now, my understanding of the algorithm employed for ptrace access mode checking isn't to be trusted, but AFAIK, a caller having CAP_SYS_PTRACE in the target's user namespace (directly or transitively) isn't required to pass this (though it makes it easier). ptrace(2) has an overview of the algorithm. Starting in 5.12, CAP_SYS_NICE was added as a requirement, and the ptrace algorithm used changed to PTRACE_MODE_READ. If you think recording the differences in kernel versions in the man-page is important, let me know and I can amend this patch. Thanks, Zcah > -- >