From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BD807ECAAA1
	for <linux-mm@archiver.kernel.org>; Mon, 31 Oct 2022 21:26:12 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 60F206B0071; Mon, 31 Oct 2022 17:26:12 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 5BF3C80007; Mon, 31 Oct 2022 17:26:12 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 486BB6B0073; Mon, 31 Oct 2022 17:26:12 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 3A79D6B0071
	for <linux-mm@kvack.org>; Mon, 31 Oct 2022 17:26:12 -0400 (EDT)
Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id ECCE5160E10
	for <linux-mm@kvack.org>; Mon, 31 Oct 2022 21:26:11 +0000 (UTC)
X-FDA: 80082527742.15.6B78B1A
Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com [209.85.167.45])
	by imf01.hostedemail.com (Postfix) with ESMTP id E4A6340006
	for <linux-mm@kvack.org>; Mon, 31 Oct 2022 21:26:09 +0000 (UTC)
Received: by mail-lf1-f45.google.com with SMTP id bp15so21138232lfb.13
        for <linux-mm@kvack.org>; Mon, 31 Oct 2022 14:26:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=m+7whBA9wgYFfhkwWMpwK9OzrODVMRYtNrc5/dueSx0=;
        b=FxRPvUhCtpNpeaNIECgOonJbVpLidYDmVqaaFrbh/V/A6WTnKFEpjynrPpmLTLrqj4
         CZKwMEEve8YQGRSM7VcCy85Nf5xhZ7oQsEfV9yWasVh4MzNyBFVwcYaH7Ug1XVetODAy
         6lh6eGh/RftilQcRsfbq5AvwbqWeyPCrnLOgxlbpQoFthmCuTQIaf7vqQZuQF4XnhRJP
         gf4cwi64/gjpaNk44pqisRaD2cTJ4G6JrSc752F/j0kO09LDme4GpjW0Pwe4+ejjE0Ay
         cqHZ4AG9LUx3hu59sIXn1oTl5GzEcAhDVn7PR95dFFl/rdVkyewpBuGcelgrGdnTqVRd
         Wnpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=m+7whBA9wgYFfhkwWMpwK9OzrODVMRYtNrc5/dueSx0=;
        b=0E9goMx2YLJBkwzPoK5Irfjh5/j0E2hjB3AtJx71eVYcSW78neq6NIfZtxSCHBd6bD
         splqqIFPYt/usdjSsYwAxPmv6C0cRwttKyV4AGtUCbS3ywLMnd0g5bnQFGdDITDxI4bm
         ZanxS5zaTTdT2ry0lxvgsWqVrucuTm/wH/0Zs51zObHwTp6YdTElxp6g/T4QyCGnHNJ7
         Hadbw4ZfkcMwCgTe6szb5f9G8GStdunlzuMBeYzdlAZpIyuvjVeUSrdtTc3AfjJ6DXzP
         EsAVlZS0xDMVAt94EOTUB+LReZGZqMBXibF+6bEp0Tw1f5YCn0f5vEnnon6a5hN51OkL
         irWQ==
X-Gm-Message-State: ACrzQf3rZOIxMh+jft71CNGcCkBNicY8SNiu6eS1Dr3TlJ+3rLvIWJhk
	0MViLfqRdYT6J5T/IRkFh7XuWvmp6IMfHTG95n5a9v5QyNo=
X-Google-Smtp-Source: AMsMyM7jxCnALAAD9BefsLbCg1TVjNe/04u3AhVJkjQnhaHgHj5tNurqIDZBpGgge4ufZZJMcMQWjotrKeV3j8aQs2M=
X-Received: by 2002:a05:6512:60d:b0:4ad:2170:1a1e with SMTP id
 b13-20020a056512060d00b004ad21701a1emr6659705lfe.674.1667251568257; Mon, 31
 Oct 2022 14:26:08 -0700 (PDT)
MIME-Version: 1.0
References: <20221021223300.3675201-1-zokeefe@google.com> <20221021223300.3675201-4-zokeefe@google.com>
 <ad6a0605-3494-ca32-c577-dbd4142ea7f8@gmail.com> <CAJuCfpFvrhcfLAMDaz-3cRNtYXmHuP7FBZWy4TrYxcg8AF9c8w@mail.gmail.com>
 <07d9c046-0284-2e1d-9948-3530a5356938@gmail.com>
In-Reply-To: <07d9c046-0284-2e1d-9948-3530a5356938@gmail.com>
From: "Zach O'Keefe" <zokeefe@google.com>
Date: Mon, 31 Oct 2022 14:25:31 -0700
Message-ID: <CAAa6QmT3BvAoYHeAFNYLZcLuQp4AvdMH1m8YWK6q7yqSCAYHGQ@mail.gmail.com>
Subject: Re: [PATCH man-pages v3 3/4] process_madvise.2: fix capability and
 ptrace requirements
To: Alejandro Colomar <alx.manpages@gmail.com>
Cc: Suren Baghdasaryan <surenb@google.com>, Yang Shi <shy828301@gmail.com>, linux-mm@kvack.org, 
	linux-man@vger.kernel.org, Minchan Kim <minchan@kernel.org>, 
	Michael Kerrisk <mtk.manpages@gmail.com>
Content-Type: text/plain; charset="UTF-8"
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1667251570; a=rsa-sha256;
	cv=none;
	b=Bh+zQkhKsu5ifTUtPnelltQ35nMReOoIsNeV/ZhaKhfh3NU3En4ko9Z63sH9za4LC7Eg5e
	8UUjTIj2+dmzbKiiAW47Fuq0HAm30P0mZHgYW1oXll7rbE/yTKd0siDu8ED3XkAIUynJ9S
	rCRoBUTk2+nqmTC93TTHTICd3XmxbPE=
ARC-Authentication-Results: i=1;
	imf01.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b=FxRPvUhC;
	spf=pass (imf01.hostedemail.com: domain of zokeefe@google.com designates 209.85.167.45 as permitted sender) smtp.mailfrom=zokeefe@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1667251570;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=m+7whBA9wgYFfhkwWMpwK9OzrODVMRYtNrc5/dueSx0=;
	b=mByWi/WlOdfCsvyGZEufhV4kj3o9UZWny9izfJW6sg2g0Ngfk5JGgwMVuOqL97v/d82zDg
	8sBy7LWEJOCmAaib9e0kDmaNzFNrVRAW3j8CG/4B6QreRgiHThasp4srNLvgfyrXliCDUE
	b+O/3xCnep2QRpYwh8++bqQwAqeHJ0Q=
Authentication-Results: imf01.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b=FxRPvUhC;
	spf=pass (imf01.hostedemail.com: domain of zokeefe@google.com designates 209.85.167.45 as permitted sender) smtp.mailfrom=zokeefe@google.com;
	dmarc=pass (policy=reject) header.from=google.com
X-Rspamd-Server: rspam05
X-Rspamd-Queue-Id: E4A6340006
X-Stat-Signature: hao6xp1p7dx64aqnpxpacoznf18aw4ab
X-Rspam-User: 
X-HE-Tag: 1667251569-39282
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, Oct 31, 2022 at 1:24 PM Alejandro Colomar
<alx.manpages@gmail.com> wrote:
>
> Hi Suren, Zach,
>
> On 10/31/22 20:13, Suren Baghdasaryan wrote:
> > Hi Alex,
> >
> > On Sun, Oct 30, 2022 at 4:50 AM Alejandro Colomar
> > <alx.manpages@gmail.com> wrote:
> >>
> >> Hi Suren,
> >>
> >> On 10/22/22 00:32, Zach OKeefe wrote:
> >>> From: Zach O'Keefe <zokeefe@google.com>
> >>>
> >>> The initial commit of process_madvise(2) to Linux, commit ecb8ac8b1f14
> >>> ("mm/madvise: introduce process_madvise() syscall: an external memory
> >>> hinting API"), relied on PTRACE_MODE_ATTACH_FSCREDS (see ptrace(2)),
> >>> but was amended by commit 96cfe2c0fd23 ("mm/madvise: replace ptrace
> >>> attach requirement for process_madvise") which replaced this with a
> >>> combination of PTRACE_MODE_READ and CAP_SYS_NICE (PTRACE_MODE_READ to
> >>> prevent leaking ASLR metadata and CAP_SYS_NICE for influencing process
> >>> performance).
> >>>
> >>> The initial commit of process_madvise(2) to man-pages project, made
> >>> after the second patch, included two errors:
> >>>
> >>> 1) CAP_SYS_ADMIN instead of CAP_SYS_NICE
> >>> 2) PTRACE_MODE_READ_REALCREDS instead of PTRACE_MODE_READ_FSCREDS
> >>>
> >>> Correct this in the man-page for process_madvise(2).
> >>>
> >>> Fixes: a144f458b ("process_madvise.2: Document process_madvise(2)")
> >>> Cc: Suren Baghdasaryan <surenb@google.com>
> >>> Cc: Minchan Kim <minchan@kernel.org>
> >>> Signed-off-by: Zach O'Keefe <zokeefe@google.com>
> >
> > Reviewed-by: Suren Baghdasaryan <surenb@google.com>
>
> Thanks!  Patch applied.

Thanks Suren & Alex!

Best,
Zach

> >
> >>
> >> You added your Reviewed-by tag to v2 of this patch.  I guess you'd like to put
> >> it in this one too, but since it changed slightly, I'd like you to confirm.
> >
> > Thanks for the reminder!
>
> :)
>
> Cheers,
>
> Alex
>
> > Suren.
> >
> >>
> >> Thanks,
> >>
> >> Alex
> >>
> >>> ---
> >>>    man2/process_madvise.2 | 21 +++++++++++++++++----
> >>>    1 file changed, 17 insertions(+), 4 deletions(-)
> >>>
> >>> diff --git a/man2/process_madvise.2 b/man2/process_madvise.2
> >>> index 6208206e4..44d3b94e8 100644
> >>> --- a/man2/process_madvise.2
> >>> +++ b/man2/process_madvise.2
> >>> @@ -105,16 +105,20 @@ remote process.
> >>>    No further elements will be processed beyond that point.
> >>>    (See the discussion regarding partial advice in RETURN VALUE.)
> >>>    .PP
> >>> -Permission to apply advice to another process is governed by a
> >>> +.\" commit 96cfe2c0fd23ea7c2368d14f769d287e7ae1082e
> >>> +Starting in Linux 5.12,
> >>> +permission to apply advice to another process is governed by
> >>>    ptrace access mode
> >>> -.B PTRACE_MODE_READ_REALCREDS
> >>> +.B PTRACE_MODE_READ_FSCREDS
> >>>    check (see
> >>>    .BR ptrace (2));
> >>>    in addition,
> >>>    because of the performance implications of applying the advice,
> >>>    the caller must have the
> >>> -.B CAP_SYS_ADMIN
> >>> -capability.
> >>> +.B CAP_SYS_NICE
> >>> +capability
> >>> +(see
> >>> +.BR capabilities (7)).
> >>>    .SH RETURN VALUE
> >>>    On success,
> >>>    .BR process_madvise ()
> >>> @@ -180,6 +184,15 @@ configuration option.
> >>>    The
> >>>    .BR process_madvise ()
> >>>    system call is Linux-specific.
> >>> +.SH NOTES
> >>> +When this system call first appeared in Linux 5.10,
> >>> +permission to apply advice to another process was entirely governed by
> >>> +ptrace access mode
> >>> +.B PTRACE_MODE_ATTACH_FSCREDS
> >>> +check (see
> >>> +.BR ptrace (2)).
> >>> +This requirement was relaxed in Linux 5.12 so that the caller didn't require
> >>> +full control over the target process.
> >>>    .SH SEE ALSO
> >>>    .BR madvise (2),
> >>>    .BR pidfd_open (2),
> >>
> >> --
> >> <http://www.alejandro-colomar.es/>
>
> --
> <http://www.alejandro-colomar.es/>