From: Alejandro Colomar <alx.manpages@gmail.com>
To: Suren Baghdasaryan <surenb@google.com>
Cc: Yang Shi <shy828301@gmail.com>,
linux-mm@kvack.org, linux-man@vger.kernel.org,
Minchan Kim <minchan@kernel.org>,
Zach OKeefe <zokeefe@google.com>,
Michael Kerrisk <mtk.manpages@gmail.com>
Subject: Re: [PATCH man-pages v3 3/4] process_madvise.2: fix capability and ptrace requirements
Date: Sun, 30 Oct 2022 12:50:47 +0100 [thread overview]
Message-ID: <ad6a0605-3494-ca32-c577-dbd4142ea7f8@gmail.com> (raw)
In-Reply-To: <20221021223300.3675201-4-zokeefe@google.com>
[-- Attachment #1.1: Type: text/plain, Size: 3007 bytes --]
Hi Suren,
On 10/22/22 00:32, Zach OKeefe wrote:
> From: Zach O'Keefe <zokeefe@google.com>
>
> The initial commit of process_madvise(2) to Linux, commit ecb8ac8b1f14
> ("mm/madvise: introduce process_madvise() syscall: an external memory
> hinting API"), relied on PTRACE_MODE_ATTACH_FSCREDS (see ptrace(2)),
> but was amended by commit 96cfe2c0fd23 ("mm/madvise: replace ptrace
> attach requirement for process_madvise") which replaced this with a
> combination of PTRACE_MODE_READ and CAP_SYS_NICE (PTRACE_MODE_READ to
> prevent leaking ASLR metadata and CAP_SYS_NICE for influencing process
> performance).
>
> The initial commit of process_madvise(2) to man-pages project, made
> after the second patch, included two errors:
>
> 1) CAP_SYS_ADMIN instead of CAP_SYS_NICE
> 2) PTRACE_MODE_READ_REALCREDS instead of PTRACE_MODE_READ_FSCREDS
>
> Correct this in the man-page for process_madvise(2).
>
> Fixes: a144f458b ("process_madvise.2: Document process_madvise(2)")
> Cc: Suren Baghdasaryan <surenb@google.com>
> Cc: Minchan Kim <minchan@kernel.org>
> Signed-off-by: Zach O'Keefe <zokeefe@google.com>
You added your Reviewed-by tag to v2 of this patch. I guess you'd like to put
it in this one too, but since it changed slightly, I'd like you to confirm.
Thanks,
Alex
> ---
> man2/process_madvise.2 | 21 +++++++++++++++++----
> 1 file changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/man2/process_madvise.2 b/man2/process_madvise.2
> index 6208206e4..44d3b94e8 100644
> --- a/man2/process_madvise.2
> +++ b/man2/process_madvise.2
> @@ -105,16 +105,20 @@ remote process.
> No further elements will be processed beyond that point.
> (See the discussion regarding partial advice in RETURN VALUE.)
> .PP
> -Permission to apply advice to another process is governed by a
> +.\" commit 96cfe2c0fd23ea7c2368d14f769d287e7ae1082e
> +Starting in Linux 5.12,
> +permission to apply advice to another process is governed by
> ptrace access mode
> -.B PTRACE_MODE_READ_REALCREDS
> +.B PTRACE_MODE_READ_FSCREDS
> check (see
> .BR ptrace (2));
> in addition,
> because of the performance implications of applying the advice,
> the caller must have the
> -.B CAP_SYS_ADMIN
> -capability.
> +.B CAP_SYS_NICE
> +capability
> +(see
> +.BR capabilities (7)).
> .SH RETURN VALUE
> On success,
> .BR process_madvise ()
> @@ -180,6 +184,15 @@ configuration option.
> The
> .BR process_madvise ()
> system call is Linux-specific.
> +.SH NOTES
> +When this system call first appeared in Linux 5.10,
> +permission to apply advice to another process was entirely governed by
> +ptrace access mode
> +.B PTRACE_MODE_ATTACH_FSCREDS
> +check (see
> +.BR ptrace (2)).
> +This requirement was relaxed in Linux 5.12 so that the caller didn't require
> +full control over the target process.
> .SH SEE ALSO
> .BR madvise (2),
> .BR pidfd_open (2),
--
<http://www.alejandro-colomar.es/>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2022-10-30 11:50 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-21 22:32 [PATCH man-pages v3 0/4] Add MADV_COLLAPSE documentation Zach OKeefe
2022-10-21 22:32 ` [PATCH man-pages v3 1/4] madvise.2: update THP file/shmem documentation for +5.4 Zach OKeefe
2022-10-30 11:41 ` Alejandro Colomar
2022-10-31 16:33 ` Zach O'Keefe
2022-10-31 20:11 ` Alejandro Colomar
2022-10-21 22:32 ` [PATCH man-pages v3 2/4] madvise.2: document reliable probe for advice support Zach OKeefe
2022-10-30 11:44 ` Alejandro Colomar
2022-10-31 16:33 ` Zach O'Keefe
2022-10-31 20:21 ` Alejandro Colomar
2022-10-31 21:24 ` Zach O'Keefe
2022-10-21 22:32 ` [PATCH man-pages v3 3/4] process_madvise.2: fix capability and ptrace requirements Zach OKeefe
2022-10-30 11:50 ` Alejandro Colomar [this message]
2022-10-31 19:13 ` Suren Baghdasaryan
2022-10-31 20:24 ` Alejandro Colomar
2022-10-31 21:25 ` Zach O'Keefe
2022-10-21 22:33 ` [PATCH man-pages v3 4/4] madvise.2: add documentation for MADV_COLLAPSE Zach OKeefe
2022-10-31 21:15 ` Alejandro Colomar
2022-10-31 23:00 ` Zach O'Keefe
2022-11-01 1:51 ` G. Branden Robinson
2022-11-01 12:12 ` Alejandro Colomar
2022-12-11 17:59 ` Alejandro Colomar
2022-12-11 21:51 ` Zach O'Keefe
2022-12-11 21:55 ` Alejandro Colomar
2022-12-11 22:37 ` Zach O'Keefe
2022-12-11 22:39 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ad6a0605-3494-ca32-c577-dbd4142ea7f8@gmail.com \
--to=alx.manpages@gmail.com \
--cc=linux-man@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=minchan@kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=shy828301@gmail.com \
--cc=surenb@google.com \
--cc=zokeefe@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.