From: Otto Ebeling <otto.ebeling@iki.fi>
To: Michal Hocko <mhocko@suse.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Jan Stancek <jstancek@redhat.com>,
otto ebeling <otto.ebeling@iki.fi>,
mtk manpages <mtk.manpages@gmail.com>,
linux-mm@kvack.org, w@1wt.eu, keescook@chromium.org,
ltp@lists.linux.it,
Linus Torvalds <torvalds@linux-foundation.org>,
Cristopher Lameter <cl@linux.com>
Subject: Re: migrate_pages() of process with same UID in 4.15-rcX
Date: Mon, 12 Mar 2018 11:46:44 +0200 (EET) [thread overview]
Message-ID: <alpine.DEB.2.11.1803121143440.19708@lakka.kapsi.fi> (raw)
In-Reply-To: <20180129135747.GG21609@dhcp22.suse.cz>
Hi,
[sorry for the even later reply]
I don't have a strong preference either way (between fs creds or real
creds), having the same behavior as proc_mem_open sounds like a sensible
option too. Whether moving pages between NUMA nodes is a read-only
(PTRACE_MODE_READ) activity is debatable, but I'm no NUMA expert.
My concern here was mainly about a) preventing layout discovery and b)
consistency between move_pages and migrate_pages.
Otto
On Mon, 29 Jan 2018, Michal Hocko wrote:
> [Fixup Christoph email - the thread starts here
> http://lkml.kernel.org/r/1394749328.5225281.1515598510696.JavaMail.zimbra@redhat.com]
>
> On Mon 29-01-18 14:31:51, Michal Hocko wrote:
>> [Sorry for a very late reply]
>>
>> On Wed 10-01-18 10:21:31, Eric W. Biederman wrote:
>> [...]
>>> All of that said. I am wondering if we should have used
>>> PTRACE_MODE_READ_FSCREDS on these permission checks.
>>
>> If this is really about preventing the layout discovery then we should
>> be in sync with proc_mem_open and that uses PTRACE_MODE_FSCREDS|PTRACE_MODE_READ
>> Should we do the same thing here?
>> --
>> Michal Hocko
>> SUSE Labs
>
> --
> Michal Hocko
> SUSE Labs
>
prev parent reply other threads:[~2018-03-12 9:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1243932888.5206621.1515594158029.JavaMail.zimbra@redhat.com>
2018-01-10 15:35 ` Jan Stancek
2018-01-10 16:21 ` Eric W. Biederman
2018-01-29 13:31 ` Michal Hocko
2018-01-29 13:57 ` Michal Hocko
2018-03-12 9:46 ` Otto Ebeling [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.11.1803121143440.19708@lakka.kapsi.fi \
--to=otto.ebeling@iki.fi \
--cc=cl@linux.com \
--cc=ebiederm@xmission.com \
--cc=jstancek@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-mm@kvack.org \
--cc=ltp@lists.linux.it \
--cc=mhocko@suse.com \
--cc=mtk.manpages@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox