Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1941460imu; Thu, 24 Jan 2019 04:45:40 -0800 (PST) X-Google-Smtp-Source: ALg8bN5xKOaEL/6vM22Ru9H1MnGGmq5Dg5B2MxVkiKgXNN5pPDgeTnJB7es+3WgYlPsCDZyoYNra X-Received: by 2002:a62:30c3:: with SMTP id w186mr6350219pfw.39.1548333940266; Thu, 24 Jan 2019 04:45:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548333940; cv=none; d=google.com; s=arc-20160816; b=vDI2MIAqSXjYn0b9eVwug9RxXj1qtBpnh+KCER9/eMYkPha0jdXZqzzx+Hz2lPs6/8 eUKY/HB7cSKJg17c+Nihfk46oaVcP+mS/cpzBC/z2B51/e+iroRWO/Rqb9eth7aHYSUK D+/qUUQ+12qtlrESjC74D31hWNyHfrH6vpgMjvOYqcuK4E/JNYOqwkLqjeZjGOdkl4LY 7KPsYhJAdqJZ2PAB0UM+casWsyM6r5s5ONRwI2i2I6tl9SapBCAgsuXA9Nb9oAagHddT TlVflbI5HHDjhPFjrM3PZ6aINw5DtinUwWNV0MMkVRHi36RqtOgqTcEkxD/yhd5pUnc4 eW2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=bZ6ZxmmS9s29qTXqgm8xYdGO2rGX8PZN39Nd0XtvIUU=; b=0uLrTRPDzb4CZ4CPABQ+lptGvOrQDx8wb9ZKjiOK5P9Fq4hr47MKjN4eHwQwIRyUNk od3V38ZLSRCoJqfCKhwyr/nMz3SWwHdoeq0nRfe+S0RYZgBnHs9DY0akWpW/7aXa5Ydj hncsxdVV0O2IgbKf3MuT9qOk9HzlG99alb6F3Q0AOR1JZsnkLVHwhKGWUUhkzULxdgRF uNS1Ss1FvNZx47CIJZkCUIUpiqyLZpGHnwANlzE7XDBxSH+grWpq16f2rymV8w3HPSYV ToYY0qO8/SlrcIAluCbN+iDVZxC6zbuQ/67MAxBPPktbZzAOC78gCljRlIksF31nXpWS 9VTg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 31si22472082plk.310.2019.01.24.04.45.24; Thu, 24 Jan 2019 04:45:40 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727721AbfAXMpT (ORCPT + 99 others); Thu, 24 Jan 2019 07:45:19 -0500 Received: from nautica.notk.org ([91.121.71.147]:48358 "EHLO nautica.notk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726014AbfAXMpT (ORCPT ); Thu, 24 Jan 2019 07:45:19 -0500 Received: by nautica.notk.org (Postfix, from userid 1001) id 7D644C009; Thu, 24 Jan 2019 13:45:16 +0100 (CET) Date: Thu, 24 Jan 2019 13:45:01 +0100 From: Dominique Martinet To: Linus Torvalds , Jiri Kosina Cc: Andy Lutomirski , Josh Snyder , Dave Chinner , Matthew Wilcox , Jann Horn , Andrew Morton , Greg KH , Peter Zijlstra , Michal Hocko , Linux-MM , kernel list , Linux API Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged Message-ID: <20190124124501.GA18012@nautica> References: <20190124002455.GA23181@nautica> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190124002455.GA23181@nautica> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Dominique Martinet wrote on Thu, Jan 24, 2019: > I was thinking of something along the lines of: > return vma_is_anonymous(vma) || (vma->vm_file && > (inode_owner_or_capable(file_inode(vma->vm_file)) > || inode_permission(file_inode(vma->vm_file), MAY_WRITE) == 0)); > > I dropped the first f_mode check because none of the known mincore users > open the files read-write, and the check is redundant with > inode_permission() so while it would probably be an optimisation in some > cases I do not think it is useful in practice. > On the other hand, I have no idea how expensive the inode_permission and > owner checks really are - do they try to refresh attributes on a > networked filesystem or would it trust the cache or is it fs dependant? > > Honestly this is more a case of "the people who's be interested in > seeing this have no idea what they're doing" than lack of interest.. I > wouldn't mind if there were tests doing mincore on a bunch of special > files/mappings but I just tried on a few regular files by hand, this > isn't proper coverage; I'll try to take more time to test various > mappings today (JST). I've done some tests with this, it appears OK. Obviously the tests I previously had done still work: - user's own files are ok, even if read-only now. - non-user writable files are ok. - non-user non-writable files (e.g. system libs) aren't. - root can still do anything. On new tests: - there are vmas with no file that aren't anonymous and come all the way there (vvar and vdso), so factoring vma->vm_file check is definitely needed. - vsyscall doesn't reach can_do_mincore() - [heap] [stack] and other fileless regular maps are anonymous - I tried a char device (/dev/zero) and it was marked anonymous despite mapping with MAP_SHARED, which is somewhat expected I guess? - I couldn't map /proc or /sys files (no such device), so no mincore there. I'd post my test program but I actually added pr_info messages in can_do_mincore to check what it returned because madvise dontneed isn't guaranteed to evict pages so we can't rely on madvise dontneed + mincore to return 0; not sure what to do for ltp... If anyone has a good idea of how to check if mincore actually got granted permissions without drop_caches I'll post to the ltp github. Anything else to try? Jiri, you've offered resubmitting the last two patches properly, can you incorporate this change or should I just send this directly? (I'd take most of your commit message and add your name somewhere) Thanks, -- Dominique