From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8D0BC4167B for ; Sun, 3 Dec 2023 02:58:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0A6A66B037C; Sat, 2 Dec 2023 21:58:27 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 056706B037D; Sat, 2 Dec 2023 21:58:27 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E601F6B037E; Sat, 2 Dec 2023 21:58:26 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id D4E5E6B037C for ; Sat, 2 Dec 2023 21:58:26 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id B0A9F1C01C3 for ; Sun, 3 Dec 2023 02:58:26 +0000 (UTC) X-FDA: 81523998612.12.0C020B6 Received: from mail-qt1-f176.google.com (mail-qt1-f176.google.com [209.85.160.176]) by imf04.hostedemail.com (Postfix) with ESMTP id 050CD40006 for ; Sun, 3 Dec 2023 02:58:24 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=hOfZ0Z1y; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf04.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.160.176 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1701572305; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=K5PSqWkt2q0NsH/cezKyOksOI/ZTMxsuCeNKgtqCwp4=; b=CJm8xJYwGmG/AaGAR8HRsD5WszATDTaGqZjk+QAYY39hjOImxf/FNQdbR25X/RCoJ8LnSq mRwaycQhL1RU6PEk3/wxkHSGe1FDN6MC4pp/TJJCqA2NWIH/2EzcK1XapIblQ4fL0u/AED 5bHnn+livOtNN098f8XrqUteuR2tQPE= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=hOfZ0Z1y; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf04.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.160.176 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1701572305; a=rsa-sha256; cv=none; b=2pHvoy+cVqobIiw4ckfSIgxEFzlwQRrQs61UTaj1bSdvK5D4OjcTsmaBZFTxm9rWyro/q1 bxyWc5Qv0+4yGL/YDy57APYbsxvU1cTGwVbcjHRpGC8uDjLEwGUUu/yMx95NljShJ5itXe u9cQiUndsFf7bxMrNO5o9SzyYqW8R0U= Received: by mail-qt1-f176.google.com with SMTP id d75a77b69052e-423e6615f24so26201951cf.2 for ; Sat, 02 Dec 2023 18:58:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701572304; x=1702177104; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=K5PSqWkt2q0NsH/cezKyOksOI/ZTMxsuCeNKgtqCwp4=; b=hOfZ0Z1ykVAh52zhFNfo0JyOrbwLm8iLpe8LCV0cEodrfObcEMUZql+d6mvlgfdy2J 2ubBQ5tJlPQRMBhDiV/eqkBMCIxsBdTuk//R10M0mSKRJtmFR/c45BbM3pb/CUYIA3TT 2hdENPu7ZbI2leiS/FaRa+irLnmXoDNh9hCisPMxTYOLV0L9ceEB3mc/fmiLOoXIEOgN KTMaS7FbZNHsrf3S84xhkrq8xSD8ON7Ru6fnN/MTnMJjvyZ5/4d01UOx4uN3k4+yYhPv rC4OC8qCgmAHgz0g6yybZ5YeQawulwfA4gy8zzijA/nBwX/aMa6HHAiZ5WgPagYN43nm LdcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701572304; x=1702177104; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K5PSqWkt2q0NsH/cezKyOksOI/ZTMxsuCeNKgtqCwp4=; b=Ml3t0AMCGcZvGyWcEmZ09nPjkjQYjox+ITFH+VhmbIeHmn+PkfsGWXR2iTP8rUEacJ ddH8rGwAmWzH5RsMWU+/jQb1UeZp6mw+Skw9TCUSHNWSSWMFabzO5SoiiKTDtaT4Ahkx pZLKPyq6x5osUDqNFNtvR9prn7TfXABisgEzAhdC5dKpkRhqvOPR0hF1xBMCE95vMc1P qbUCoo6A5A7hi8+WTSZukGKVS9UksNz3Eh5SQbH3rbN7P5Hgjjp3JopXzjnkt+Ar1B8b oC/dniz6NepqwjruUBqHBIOjuyP2pFDujMe3FaWijJ6peuxoBhsLWMHtS9fWtfdgWXmz 9anw== X-Gm-Message-State: AOJu0YzWQW3p1YurnM8RSLhVgUjo5Fq/TG0pV4HlX/s8lKJy4TdLdL+S YbglvXbqrMXqOadOFrfMIAtSWQQJU1UmF1g5les= X-Google-Smtp-Source: AGHT+IGpy+kyg7zdSUt8ZIPTYQVME98QFsfW9NcfwJPt7t+dpmTY/f9S3nLmw5jJawR9RxGQzVUJoIJXqhlpvLHOotE= X-Received: by 2002:ac8:6b0c:0:b0:423:9cca:66af with SMTP id w12-20020ac86b0c000000b004239cca66afmr25529314qts.63.1701572304083; Sat, 02 Dec 2023 18:58:24 -0800 (PST) MIME-Version: 1.0 References: <20231201094636.19770-1-laoar.shao@gmail.com> <20231201094636.19770-4-laoar.shao@gmail.com> <20231201205039.GB109168@mail.hallyn.com> In-Reply-To: <20231201205039.GB109168@mail.hallyn.com> From: Yafang Shao Date: Sun, 3 Dec 2023 10:57:47 +0800 Message-ID: Subject: Re: [PATCH v3 3/7] mm, security: Fix missed security_task_movememory() To: "Serge E. Hallyn" Cc: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, omosnace@redhat.com, mhocko@suse.com, ying.huang@intel.com, linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 050CD40006 X-Stat-Signature: m7x3b7uay944mtjpt989a1hh7rht8wcq X-HE-Tag: 1701572304-202786 X-HE-Meta: U2FsdGVkX1/tg3dW7gHTAJmXFVdhMfh9fTGsICPl88eRrIxfK2Qe05mDqIP/yWiwZEdeiQR/WtxrM1xON1E8huW6kitPdN3rYvCtVZDsJ4LX+SneYmJOcgbAOu5j6MxbR7GkKiNdQzYacCds1SlQ+Mn6blZg8kmuXWuX3vqNGQxStSLoOjfFkcYLPAbxK2w9apnHnvhtlVeqjZ1qiQKH4hkQ2AwxjDQs/XjE9a0TxuRQHoHFTZ/iO7TcY7CcbCn5lNVGkjdqAQ5WMSaPPVWb5ikmfignIGZmuQg1owObeufzgChQuD+IThbOdjlKPyRPPyABt/SAPwSlBmtoar6V+9Tv+GzgYcxHfybpxVDKFrsX7zyP7CERZa1AXyGGs479AFN2ABkdjTx6AhsYB6i/WHTrsWtgACbrn8ebUFFMuhW3dpauaMcc/5s1EbDyS6QHVKkZF8vtBsxs54XAK1Jl5dGozCvNvofEcPic9fVpWJlhxZ0r9VKcqEUcqGbM3V937B7rnNcYwwCWy2Srvn6bVsXts2TgTOj4Gw+aTXZmBBI4VLDmYyOpKQMxubF9v+s2/GoR0r68ePAMByFac5z9VUuFIQRb4rHSp6YaXJywkiI87e/Rnfe8WXLaWacr99STJUnG302Ug7GZbQYUuTAc4av/ZSuGdKVn9heG25hjwMz78Ecv4JpQvcl3rTcB3/tix/z9Z1Qvl8LuX48V8/kU1mRZjAqychHLEx804j6M233CjrGoevZ4Gn+kxaCnajHBscPT8fQ6j0330/4ujcuy3pyjVPmrOK2OFkmw73bDYdBznmLARlPBQKpFnbG1tUYeALG89/+PJb+7aAj0K63A7gSsYkUuR4b27IXF+noHqnFXyc94PKALshbr+tcD+/mQ4fa6foujbKec4SmiKp5ibdKSQD1jkONk8yU6dwAIDtWFv2+VJvwqG4i84eOFd0XZA82JnVSdC4qXciC23jd ok/dgELn NCIGwyl+MZXx4Iy9nCQnN1Ja8qCfeAkTeHovggdmQEEbTxcwByTuBEr60F42/0vl4rzDs2oFOp++Ap6Ou4NA4dcn/2u8oEqJ2Pv4rPVcx0igTwTwtzEAzaWfsj13n//2YJ6tgNGA7X4dsYrx1twwOHLBaHK42UIbxQ8Oa8if4vTTE4Ui01KBvRQRUZqM0Al0bmXmhqDpbtLuaT/1CuPNSeDG3dJgkxiL9F1SLkVaGC/PZIZoVAENMR8TYRwQNWEQ9ZaUdOSAmc22K0VseeC6lNKcOnXTHxbRI4vbNXrRT7z2aqz+ptTiczSW8RAr7n3Sm5QlJKU4EJPwMKydMIfYVxne0V6mpYXkun1xjx9DKinYLFaWsKriMJKxx7Uwz+5ogA6n4ns4TltptsKtGYU5OLHOM6iYiIPCWFS1bLhM3t/C3aE7o/v7Hi0mrOZSoIlZxw803J/WMIDo3HPIbzW3LyAMf/Hd7k0tYbmz26NR4RR+xcQE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.002940, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Dec 2, 2023 at 4:50=E2=80=AFAM Serge E. Hallyn w= rote: > > On Fri, Dec 01, 2023 at 09:46:32AM +0000, Yafang Shao wrote: > > Considering that MPOL_F_NUMA_BALANCING or mbind(2) using either > > MPOL_MF_MOVE or MPOL_MF_MOVE_ALL are capable of memory movement, it's > > essential to include security_task_movememory() to cover this > > functionality as well. It was identified during a code review. > > Hm - this doesn't have any bad side effects for you when using selinux? > The selinux_task_movememory() hook checks for PROCESS__SETSCHED privs. > The two existing security_task_movememory() calls are in cases where we > expect the caller to be affecting another task identified by pid, so > that makes sense. Is an MPOL_MV_MOVE to move your own pages actually > analogous to that? > > Much like the concern you mentioned in your intro about requiring > CAP_SYS_NICE and thereby expanding its use, it seems that here you > will be regressing some mbind users unless the granting of PROCESS__SETSC= HED > is widened. Ah, it appears that this change might lead to regression. I overlooked its association with the PROCESS__SETSCHED privilege. I'll exclude this patch from the upcoming version. Thanks for your review. --=20 Regards Yafang