From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7CB91ECAAA1 for ; Mon, 31 Oct 2022 19:13:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CDB226B0071; Mon, 31 Oct 2022 15:13:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C8AFB80007; Mon, 31 Oct 2022 15:13:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B51D46B0073; Mon, 31 Oct 2022 15:13:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id A2ADF6B0071 for ; Mon, 31 Oct 2022 15:13:54 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 7AF81120255 for ; Mon, 31 Oct 2022 19:13:54 +0000 (UTC) X-FDA: 80082194388.28.D868417 Received: from mail-yb1-f180.google.com (mail-yb1-f180.google.com [209.85.219.180]) by imf01.hostedemail.com (Postfix) with ESMTP id 8EB5340006 for ; Mon, 31 Oct 2022 19:13:52 +0000 (UTC) Received: by mail-yb1-f180.google.com with SMTP id i127so14778975ybc.11 for ; Mon, 31 Oct 2022 12:13:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=YESZVpAPSr5V8ydBxH4teaVc2gti9rjXuWC7z8MOzbs=; b=Egp6DPeAXAbGblVbELnd+D5sIu0Z64+4l1uEMjjgRF4lA24ugyLHMInpYgR1x9kPpk n4Y91mVW1nracVAcDu0O9puMp1/cH+bn1p0Zxv740z1eIudxD7Gw3G5LoocYB/L0cdNu hWJ6i/PJfs6/iLMKoZGg7fO1VGv3VvtqrFUj1shiEEjveQj7DPpnMmt9Yz7eHlJV90U4 SPfDdseODTIlEWvsgz0+odubA+NOAYlLYMdULGnxAuuHV3md3QObc8uItAX+XssuiOur ffcSNbSKhmQ8F/KgJLk11XWY9U819SmEHrIzjy/BxfBNCbHRNowCCDHaYc5fyd9B6Voo xXSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YESZVpAPSr5V8ydBxH4teaVc2gti9rjXuWC7z8MOzbs=; b=uSXOOG7EtAHZUkLIfb8eSSzgMmdKS0dMwfO9QCil4Unz5ZxvwO5KZ7ERpV3yAB3c/I LVPCoMI7t8OoQJ58bJ23qWV21M5OZQm63zmlMDPk7OIRmaJdU2WJrqllX6oQXWl0mjlw w0vPncVg/2+0zCSECjbuaIDn9gzW8Gokgbt+nLPptVRtbBMNjAZLUAcl+hCYo5zH2LaG 8evqgYJWoofV8faH28vN2cmBL07GVoNPUHqsz5uI20ZCn77TN+/bqqXXqZ6KajseHYVM 9m+VH5XweQ6Kplx0C/le6bgF8Jg+6icYqX4R0lCIW0p1SbK6JX3JfmrwY6+OlsNn2w3g hnUg== X-Gm-Message-State: ACrzQf0kmQDnCSsWiS9zrhTqfZJ2eNoGnEV1vxHEdNFFM36qjVpy1EUX Vn4qISHMwE61PQpTmnEvuM7KU/70lzrUMmLQt9SJoA== X-Google-Smtp-Source: AMsMyM5t1vb/UUHxaFELwLbrCFUP2Pcq7okgt2sJbap+4vIHr4PxpRCv651wfUiiBDLTcOBRbKfKFOjk+2IwcrjSrSk= X-Received: by 2002:a05:6902:1201:b0:6ca:b14e:8aaa with SMTP id s1-20020a056902120100b006cab14e8aaamr14508700ybu.316.1667243631361; Mon, 31 Oct 2022 12:13:51 -0700 (PDT) MIME-Version: 1.0 References: <20221021223300.3675201-1-zokeefe@google.com> <20221021223300.3675201-4-zokeefe@google.com> In-Reply-To: From: Suren Baghdasaryan Date: Mon, 31 Oct 2022 12:13:40 -0700 Message-ID: Subject: Re: [PATCH man-pages v3 3/4] process_madvise.2: fix capability and ptrace requirements To: Alejandro Colomar Cc: Yang Shi , linux-mm@kvack.org, linux-man@vger.kernel.org, Minchan Kim , Zach OKeefe , Michael Kerrisk Content-Type: text/plain; charset="UTF-8" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1667243632; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=YESZVpAPSr5V8ydBxH4teaVc2gti9rjXuWC7z8MOzbs=; b=Cep4D6YNpcTVjakCdpi+uFB5QoNC4sZjBorBdIrjE3LnzEZc/C7zDeCTpmZ3SDKRr1t+yM 9mAPon71DJdHo164d0372ePstEarQnOZHUVYYhMl1k+w4Gm8HO3Ukf1e8WhvaqrILluEH8 i4XKt7mf2w7X0HH3WPeNdjOn7MgFS7k= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=Egp6DPeA; spf=pass (imf01.hostedemail.com: domain of surenb@google.com designates 209.85.219.180 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1667243632; a=rsa-sha256; cv=none; b=2V0DjcWetQ4aBpD19NNou6TsC9vAFbXKOczutF4Xz0d+9CVmR+VPjRUq9o9uoy+sI9GnCe YnrnBGd14D0lGe1VGhfjE2dLyR8poTEkKT3Xhrqyic6CoDKqJnNNcbkxcHm+FUrWZzurj5 QiU6ztdXEyIEHqzDgA9slwnheyuerwY= X-Stat-Signature: tb7eczpyfnpzab5mpw1oowi47wf9uxfx X-Rspamd-Queue-Id: 8EB5340006 Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=Egp6DPeA; spf=pass (imf01.hostedemail.com: domain of surenb@google.com designates 209.85.219.180 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com X-Rspam-User: X-Rspamd-Server: rspam01 X-HE-Tag: 1667243632-445948 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi Alex, On Sun, Oct 30, 2022 at 4:50 AM Alejandro Colomar wrote: > > Hi Suren, > > On 10/22/22 00:32, Zach OKeefe wrote: > > From: Zach O'Keefe > > > > The initial commit of process_madvise(2) to Linux, commit ecb8ac8b1f14 > > ("mm/madvise: introduce process_madvise() syscall: an external memory > > hinting API"), relied on PTRACE_MODE_ATTACH_FSCREDS (see ptrace(2)), > > but was amended by commit 96cfe2c0fd23 ("mm/madvise: replace ptrace > > attach requirement for process_madvise") which replaced this with a > > combination of PTRACE_MODE_READ and CAP_SYS_NICE (PTRACE_MODE_READ to > > prevent leaking ASLR metadata and CAP_SYS_NICE for influencing process > > performance). > > > > The initial commit of process_madvise(2) to man-pages project, made > > after the second patch, included two errors: > > > > 1) CAP_SYS_ADMIN instead of CAP_SYS_NICE > > 2) PTRACE_MODE_READ_REALCREDS instead of PTRACE_MODE_READ_FSCREDS > > > > Correct this in the man-page for process_madvise(2). > > > > Fixes: a144f458b ("process_madvise.2: Document process_madvise(2)") > > Cc: Suren Baghdasaryan > > Cc: Minchan Kim > > Signed-off-by: Zach O'Keefe Reviewed-by: Suren Baghdasaryan > > You added your Reviewed-by tag to v2 of this patch. I guess you'd like to put > it in this one too, but since it changed slightly, I'd like you to confirm. Thanks for the reminder! Suren. > > Thanks, > > Alex > > > --- > > man2/process_madvise.2 | 21 +++++++++++++++++---- > > 1 file changed, 17 insertions(+), 4 deletions(-) > > > > diff --git a/man2/process_madvise.2 b/man2/process_madvise.2 > > index 6208206e4..44d3b94e8 100644 > > --- a/man2/process_madvise.2 > > +++ b/man2/process_madvise.2 > > @@ -105,16 +105,20 @@ remote process. > > No further elements will be processed beyond that point. > > (See the discussion regarding partial advice in RETURN VALUE.) > > .PP > > -Permission to apply advice to another process is governed by a > > +.\" commit 96cfe2c0fd23ea7c2368d14f769d287e7ae1082e > > +Starting in Linux 5.12, > > +permission to apply advice to another process is governed by > > ptrace access mode > > -.B PTRACE_MODE_READ_REALCREDS > > +.B PTRACE_MODE_READ_FSCREDS > > check (see > > .BR ptrace (2)); > > in addition, > > because of the performance implications of applying the advice, > > the caller must have the > > -.B CAP_SYS_ADMIN > > -capability. > > +.B CAP_SYS_NICE > > +capability > > +(see > > +.BR capabilities (7)). > > .SH RETURN VALUE > > On success, > > .BR process_madvise () > > @@ -180,6 +184,15 @@ configuration option. > > The > > .BR process_madvise () > > system call is Linux-specific. > > +.SH NOTES > > +When this system call first appeared in Linux 5.10, > > +permission to apply advice to another process was entirely governed by > > +ptrace access mode > > +.B PTRACE_MODE_ATTACH_FSCREDS > > +check (see > > +.BR ptrace (2)). > > +This requirement was relaxed in Linux 5.12 so that the caller didn't require > > +full control over the target process. > > .SH SEE ALSO > > .BR madvise (2), > > .BR pidfd_open (2), > > -- >