Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp854079imu; Wed, 16 Jan 2019 08:37:02 -0800 (PST) X-Google-Smtp-Source: ALg8bN63+jad60ahkqVqfNOjzOLmk24A5K/GbBB5gO31RLJMH9eZaJyOZUAZb1CqVAJZ0pG33ATA X-Received: by 2002:a63:df13:: with SMTP id u19mr9732554pgg.294.1547656622020; Wed, 16 Jan 2019 08:37:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547656622; cv=none; d=google.com; s=arc-20160816; b=ZWxRSiM4CFoPcUI3N2A+F6oDErAEjcTpxJSBjTP2h9AcIXVbhQEtc55z7+w8s9Rkkq VMAYUVn8auPTNocLUOnXxnD958AtXUTVvpRv22sSi43xAtpSrvpu11yXXHeinLZJ7KiZ piZ3tkbnnHf7EcJQSxQbV/VojDLxhi7G1ta9hZlr4RXEFtYcE4vlktnoibmstLkkbqiA JdCI8pOLFRRl562sx4FjdK2qPgYQmlHzC8FSncIcQcvk9Zdrv0JzpCAuv2AJyl5sed79 eEkkNmS/r+vLI34QcTJz1VoT3WtK7MqqlTfMyDoZ8WycwIoOthDbJ9eAkmjsUEoonFzw 2zgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=0nfmcQW3ODDQlp1MpI/ApkQHf0vHnkocavkAHeaZdxs=; b=wqY5r5mJYaXcz80anxMrW1nb90Q4zQDWiLB7kzoOzUoPwvZ7LpZpJ+Iz41Ov3hciC4 CFq5sEHSfJdnfj1HxW9l7cRtrZz3XcN/7CURan4g71LZEgjVDfW8g0tmVHVev3f7FcXv 2DmziMbEJ3oFIQG72azhndK4BCpYvcPRBhM+6Q2dlG62a6rZYcU7ybfV+waIeuFuv2mT vxcsFz4rN1mWoDLL/Kb5TqwNMiHTk7E/HDw0auAvSbRn8sUzgEisDgO2lJrSfN5YzL6Q B3OM6rATjncw7WhNsU9MygFEifvEKEhxFuYbRYy8j+Wcjjmq6skgxlDegCV+ZayeAV41 AMOQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l38si4389371plb.48.2019.01.16.08.36.43; Wed, 16 Jan 2019 08:37:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387884AbfAPGeu (ORCPT + 99 others); Wed, 16 Jan 2019 01:34:50 -0500 Received: from nautica.notk.org ([91.121.71.147]:57622 "EHLO nautica.notk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730938AbfAPGeu (ORCPT ); Wed, 16 Jan 2019 01:34:50 -0500 Received: by nautica.notk.org (Postfix, from userid 1001) id B9270C009; Wed, 16 Jan 2019 07:34:45 +0100 (CET) Date: Wed, 16 Jan 2019 07:34:30 +0100 From: Dominique Martinet To: Linus Torvalds Cc: Andy Lutomirski , Josh Snyder , Dave Chinner , Jiri Kosina , Matthew Wilcox , Jann Horn , Andrew Morton , Greg KH , Peter Zijlstra , Michal Hocko , Linux-MM , kernel list , Linux API Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged Message-ID: <20190116063430.GA22938@nautica> References: <20190110070355.GJ27534@dastard> <20190110122442.GA21216@nautica> <5c3e7de6.1c69fb81.4aebb.3fec@mx.google.com> <9E337EA6-7CDA-457B-96C6-E91F83742587@amacapital.net> <20190116054613.GA11670@nautica> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="BOKacYhQ+x31HxR3" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --BOKacYhQ+x31HxR3 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Linus Torvalds wrote on Wed, Jan 16, 2019: > Anybody willing to test the above patch instead? And replace the > > || capable(CAP_SYS_ADMIN) > > check with something like > > || inode_permission(inode, MAY_WRITE) == 0 > > instead? > > (This is obviously after you've reverted the "only check mmap > residency" patch..) That seems to work on an x86_64 vm. I've tested with the attached patch: - root can lookup pages on any file I tried; - user can lookup page on file it owns, assuming it can write to it (e.g. it won't work on a 0400 file you own) - user cannot lookup pages on e.g. /lib64/libc-2.28.so There is a difference with your previous patch though, that used to list no page in core when it didn't know; this patch lists pages as in core when it refuses to tell. I don't think that's very important, though. If anything, the 0400 user-owner file might be a problem in some edge case (e.g. if you're preloading git directories, many objects are 0444); should we *also* check ownership?... -- Dominique --BOKacYhQ+x31HxR3 Content-Type: text/x-diff; charset=utf-8 Content-Disposition: attachment; filename="mincore.diff" mm/mincore.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/mm/mincore.c b/mm/mincore.c index 218099b5ed31..11ed7064f4eb 100644 --- a/mm/mincore.c +++ b/mm/mincore.c @@ -169,6 +169,13 @@ static int mincore_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end, return 0; } +static inline bool can_do_mincore(struct vm_area_struct *vma) +{ + return vma_is_anonymous(vma) + || (vma->vm_file && (vma->vm_file->f_mode & FMODE_WRITE)) + || inode_permission(file_inode(vma->vm_file), MAY_WRITE) == 0; +} + /* * Do a chunk of "sys_mincore()". We've already checked * all the arguments, we hold the mmap semaphore: we should @@ -189,8 +196,13 @@ static long do_mincore(unsigned long addr, unsigned long pages, unsigned char *v vma = find_vma(current->mm, addr); if (!vma || addr < vma->vm_start) return -ENOMEM; - mincore_walk.mm = vma->vm_mm; end = min(vma->vm_end, addr + (pages << PAGE_SHIFT)); + if (!can_do_mincore(vma)) { + unsigned long pages = (end - addr) >> PAGE_SHIFT; + memset(vec, 1, pages); + return pages; + } + mincore_walk.mm = vma->vm_mm; err = walk_page_range(addr, end, &mincore_walk); if (err < 0) return err; --BOKacYhQ+x31HxR3--