Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp849488imu; Wed, 16 Jan 2019 08:33:15 -0800 (PST) X-Google-Smtp-Source: ALg8bN5Y9S8WyETXcuGFW0COXuyvv5TN4aoiXbJLrwAF8uT/i8jaqRk/00HKgA1Y++H9XGroiEsg X-Received: by 2002:a17:902:622:: with SMTP id 31mr10497687plg.171.1547656394916; Wed, 16 Jan 2019 08:33:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547656394; cv=none; d=google.com; s=arc-20160816; b=Yt00sj9vh06hpYyyskclAaZKQUXjG9ZXxQ93uqvaEMz09qIJ/M3SI6wnnLOgFL1+l6 Re1gG9zo1FLuFcTH7BRAMPuMjKMcnzaKCgWuImeanD6avkmZw2J80rY9UX4tH+0FP3W8 oy/RCAaWuw6tqU/6qA9eLYK/RoN0kdKMZDQRp/IbjRmyabvUVD2VeEHBIOD1JBQrGm5F 8x0KDWoyY4LP64guPzPGFFvbRv/7XIEnIJlihYTcHIGdv3V/bcYiRAAE4UH+9eox7c9D hBIkeuO1P44nLe4i5Zd9G8nsRJjRPgPYZUMHiq1eE3PBHt8/NcaUWifvQ3v6NLnK7+Oh 7qKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=H/HALKcacvqDYXk15+v0kxp0lBj9BJAmXZoagms+T7A=; b=WfSs83KkMF1gvd9nSTbo+Xcevx8m4ZuuKXfDamIull1AYOsu5Q3ssjX8M1hKwzBHCZ n4BLxn2Eo62C4ZtFdxsYPsNaNBtGk0uhkBswGY7I1GFfaHDPdHa6rG6ppFi6zm7TJWo2 kYCNB/HiBlvQW5RNgxG93vo9C/AHRWZPU6itpXa0Me30Ug++ti5R547QwsJNMOO7pK2W SxHKSPZI4d9zZBOyDm00nwECqfCj+xv265oMwywGcf4e72/DGrj1ldxaFS/kh3USs6LK F7lTJsl5yKNlXvawmXaBljCBFWdlQjJkoASWwbwqU1gQyV49qCvGUMfcDBPxhGdqMpJj ZhDA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=ld0edM9O; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c191si6974774pfg.72.2019.01.16.08.32.55; Wed, 16 Jan 2019 08:33:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=ld0edM9O; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732271AbfAPFZm (ORCPT + 99 others); Wed, 16 Jan 2019 00:25:42 -0500 Received: from mail-pg1-f193.google.com ([209.85.215.193]:36629 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729133AbfAPFZl (ORCPT ); Wed, 16 Jan 2019 00:25:41 -0500 Received: by mail-pg1-f193.google.com with SMTP id n2so2280769pgm.3 for ; Tue, 15 Jan 2019 21:25:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=H/HALKcacvqDYXk15+v0kxp0lBj9BJAmXZoagms+T7A=; b=ld0edM9OOGm+n0suq+USsITO2pV1cvxagw8TDWH+1R42BTWZMUlzvo6GkvIDUIe9cU RHk7Rh0yE1uyAifrO7FBqnk0JGoY11XLJOoM353xOjnIDSWBCHfRXTE/D6c+UJfZjgPI 0ENXKzC3asdIkTSWVWXA71wJaOPjPX6sMdBHpqdVLYAbcgYGvvRBbM5p5AxyiMS6rVNq 3RFSSJx3RljUjFv18zVmJuQpb+RgGxgFL5IKOm3REi27VshBs/K86+zjIndW3VMB6pfb JUT+RC6QmqypWPTrtbr0cplNxeWLaddf487LLVCF/YAUB7VeVWjnricOyl4zq2w2kyPG HvDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=H/HALKcacvqDYXk15+v0kxp0lBj9BJAmXZoagms+T7A=; b=Jo1HDH7ep/dxMcqSOfNeDRYO7Zbo2o0Bk5GHF+oicY6tXVdOjDkRgi76Xlqk4e2vGn XNSqQdhy6HA5HQSgBc34wJElKuO938W14kKuCcEPpYaqvvvQnvdrKlxpD1zjzkC4+e2W ZKvHhFmv8Xr5CtV+q4JKE1HylBLDBGgZuNqQ3jv0zeM+zocz0J3vOjo5TlJ2m7z9dk0c F8/wjZlTnp6SRHhha2b21g6hFK0d4zkkMz1uZbTL6gkjY6/tjxqj6b468Yw+7pFTdI6g NNNyUZKvstIDmQIVcCQBBEzJo0vfmZhzYaHHEcajIHdtT1GhFAbwJyZap+6F26FXWFk6 uS0A== X-Gm-Message-State: AJcUukcv1QwiGuM9uOpLI+SdIyc3UVtqzSqdGLOPZxKPXYPTb4mtucSZ M+AXfYS84SbwgwW2vgsKK3zFxA== X-Received: by 2002:a63:7c41:: with SMTP id l1mr7094325pgn.45.1547616340771; Tue, 15 Jan 2019 21:25:40 -0800 (PST) Received: from ?IPv6:2601:646:c200:7429:f1d4:c2ab:a188:f287? ([2601:646:c200:7429:f1d4:c2ab:a188:f287]) by smtp.gmail.com with ESMTPSA id q199sm9196537pfc.97.2019.01.15.21.25.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Jan 2019 21:25:39 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged From: Andy Lutomirski X-Mailer: iPhone Mail (16C101) In-Reply-To: Date: Tue, 15 Jan 2019 21:25:38 -0800 Cc: Josh Snyder , Dominique Martinet , Dave Chinner , Jiri Kosina , Matthew Wilcox , Jann Horn , Andrew Morton , Greg KH , Peter Zijlstra , Michal Hocko , Linux-MM , kernel list , Linux API Content-Transfer-Encoding: quoted-printable Message-Id: <9E337EA6-7CDA-457B-96C6-E91F83742587@amacapital.net> References: <20190108044336.GB27534@dastard> <20190109022430.GE27534@dastard> <20190109043906.GF27534@dastard> <20190110004424.GH27534@dastard> <20190110070355.GJ27534@dastard> <20190110122442.GA21216@nautica> <5c3e7de6.1c69fb81.4aebb.3fec@mx.google.com> To: Linus Torvalds Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Jan 15, 2019, at 9:00 PM, Linus Torvalds wrote: >=20 >> On Wed, Jan 16, 2019 at 12:42 PM Josh Snyder wrote: >>=20 >> For Netflix, losing accurate information from the mincore syscall would >> lengthen database cluster maintenance operations from days to months. We= >> rely on cross-process mincore to migrate the contents of a page cache fro= m >> machine to machine, and across reboots. >=20 > Ok, this is the kind of feedback we need, and means I guess we can't > just use the mapping existence for mincore. >=20 > The two other ways that we considered were: >=20 > (a) owner of the file gets to know cache information for that file. >=20 > (b) having the fd opened *writably* gets you cache residency information. >=20 > Sadly, taking a look at happycache, you open the file read-only, so > (b) doesn't work. >=20 > Judging just from the source code, I can't tell how the user ownership > works. Any input on that? >=20 > And if you're not the owner of the file, do you have another > suggestion for that "Yes, I have the right to see what's in-core for > this file". Because the problem is literally that if it's some random > read-only system file, the kernel shouldn't leak access patterns to > it.. >=20 >=20 Something like CAP_DAC_READ_SEARCH might not be crazy.=