From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E287FA375E for ; Fri, 13 Sep 2024 15:56:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7F7CF6B009A; Fri, 13 Sep 2024 11:56:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7A72D6B00AE; Fri, 13 Sep 2024 11:56:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6478D6B00B3; Fri, 13 Sep 2024 11:56:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 426666B009A for ; Fri, 13 Sep 2024 11:56:24 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id F27A0160601 for ; Fri, 13 Sep 2024 15:56:23 +0000 (UTC) X-FDA: 82560167046.01.97828A6 Received: from out-181.mta0.migadu.com (out-181.mta0.migadu.com [91.218.175.181]) by imf16.hostedemail.com (Postfix) with ESMTP id 9DEE7180002 for ; Fri, 13 Sep 2024 15:56:20 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=j99Yhnar; spf=pass (imf16.hostedemail.com: domain of shakeel.butt@linux.dev designates 91.218.175.181 as permitted sender) smtp.mailfrom=shakeel.butt@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1726242839; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=wah4p3gvhgUCBudKAMcB3hAx1R1SiWh66AoeZN7Xngw=; b=S5yZuOvLRB5BgxeGG526ppAQf6Xr/rwn3elaeEGgMe1rpdQ+J3Tlg0oY3Qi4PNKE3acrDF LpOlsLL2affVAbUUf39L4OQRfrCeA08q0UU4QFQTdm391d7q8XVfLSjvDLLRoaKh0nqXdi H9pZEmbPSzX3Q+IZ1i3hRGWgLGWsorw= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=j99Yhnar; spf=pass (imf16.hostedemail.com: domain of shakeel.butt@linux.dev designates 91.218.175.181 as permitted sender) smtp.mailfrom=shakeel.butt@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1726242839; a=rsa-sha256; cv=none; b=GbVk798AYFsFfhivnORHk5s+E9dMzvwxTB49ZebYVGX6vcAroHJ6vyZB5TkNv7dJH2HIm2 n+GlGF86G6f2jEy8bdy5m99Ss8VLTYFItHwxAJ6+B9/poafoljVhHiu7OhcyJHuMVLC/+U jOsHEVKdw51wyH2tzSTjBgNoeb9BFNY= Date: Fri, 13 Sep 2024 08:56:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1726242978; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=wah4p3gvhgUCBudKAMcB3hAx1R1SiWh66AoeZN7Xngw=; b=j99YhnarlC7YHmBn0n5mq1XTU82wB2olLXFKc9ki8hQ2BYfEd2EMNJJmALCzJlS/81KuEn S0PJIIA0yj7nDxxv4HUMJ6ptCNCWAEg/WS7aOwELMpG4Xy4xXZui2Lqiyg+bbhK83kzZFW vMbEct/4D1TpRfpbVBT+celTym4GKWE= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Shakeel Butt To: Lorenzo Stoakes Cc: Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka , Liam Howlett , Shakeel Butt , Suren Baghdasaryan Subject: Re: [PATCH] mm/madvise: process_madvise() drop capability check if same mm Message-ID: References: <20240913140628.77047-1-lorenzo.stoakes@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240913140628.77047-1-lorenzo.stoakes@oracle.com> X-Migadu-Flow: FLOW_OUT X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 9DEE7180002 X-Stat-Signature: ukh5xpnr1e7hikw1mfes9hfo4g7sukpm X-Rspam-User: X-HE-Tag: 1726242980-714677 X-HE-Meta: U2FsdGVkX1+B5ZDPpEid+QqMTuHGeNANw6wZJGpB5SfdEmC1wi3nDspExwsJg4uHivhrhmsKpgZAJRY6Z7o6ilXRXQ6T0g19rktuCE80KRDacZdE8aEG6GR4quK3GqzdM1M4v+UVnf/zeo6vGTwQ9XbUaYTvbxKZ81zWiKloUV8U6/ea2QyjVVhK2Mqglif+vzsocTtuyxcXQgPLuebz2oHD80AoUVsp0RnZ1lUOxOMZOWnj7y/1X5mlVSwBbo+tyK6AfAoqy1XV3iBfIiSLdCwBaFFKT9hM4H/yklV04RbiJzkP4yWpeADLfXaJ19mEBj+toiuevOU6Fhrkq2ZSqjGj3BtgxaPJNbcuJe0PcnKwOHTXhPnzd5IpdszqHgVmM0/alI916bejnIZoRdlgs3yUsriq9/9kqC+YwyTk5gfODUX3hlJfTCrIkyKLnzEPa8dW/3bT8ZbxfKQJJO/YBiIxfaA81JY2WnB4y6fkdZlZYuvSsXlFUNP/p/PNEtS0R9D1Hd5ERFalZ50yd+BnX6xqQO9NXRlLvCWHGG6a7yPfrjz0vwEo448dAdOT4NlZ9CbwkpSL5MQF8lWA+aXxrEAx+Sy6DNzYGuK5Z7ifTT1vA0X6MMUNbOV0Nr+StHwyePNUMaUaDkGADBxLIr+3r7CBppIvR5MznS0425pnDnUCGA6K0QadrVUvCViYzGTqCj6aJHSLnuu+UO6a7kZmyvumw2Ex3O0UdJLB9aX9HLjrNLdMJX2NXvbzcCx9u2VWOEQYjHX7FB6T9mbCct2RZH3VmknAg2j7tssMgP/zU57oyBdV+JWFP46nWprp7NBkdD9tlWNn+HkBAaYbipSwJSYn1FCv7eJQpoQWZwyNs7N4uahFND8kz2YPs0TPoHUqCJo55/fKGMX2vvYgnrTPxoD+hFRVviNP8H+zySUMjNdM7vsPpRtgk/0dg16jw64ztEmKYJFJ18SFEWhXx+G 7wEjmYYA 3eX4STG7W4aaQHSa5gvWpJ6v0/V1Myq8B420wJ2SMaK/9d6xbPtJHA20s7y7CwdRjx+WSnH/qek9rBe9LL5OyDi7FjCnGwprBnfuNclkL1aoS/g4H5bLfY9RHSBkxcMIfRX5AawbKNBH+ZdPPbGxYiunJRAEjvbCatyH29kmjAtaPT5Szs5qaWle76/9tofJACQjt+4avLXVl1/ZKXaTt8IyC3Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Sep 13, 2024 at 03:06:28PM GMT, Lorenzo Stoakes wrote: > In commit 96cfe2c0fd23 ("mm/madvise: replace ptrace attach requirement for > process_madvise") process_madvise() was updated to require the caller to > possess the CAP_SYS_NICE capability to perform the operation, in addition > to a check against PTRACE_MODE_READ performed by mm_access(). > > The mm_access() function explicitly checks to see if the address space of > the process being referenced is the current one, in which case no check is > performed. > > We, however, do not do this when checking the CAP_SYS_NICE capability. This > means that we insist on the caller possessing this capability in order to > perform madvise() operations on its own address space, which seems > nonsensical. > > Simply add a check to allow for an invocation of this function with pidfd > set to the current process without elevation. > > Signed-off-by: Lorenzo Stoakes Acked-by: Shakeel Butt