Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2428803pxb;
        Fri, 5 Feb 2021 18:52:32 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzwKM4F9gmikgeiduxX/nDoQJoAt6fmGgW+ARHH0Nwt5ec69WKn7b+ki8ExzuwF7e5kUBYL
X-Received: by 2002:a05:6402:3494:: with SMTP id v20mr6691627edc.146.1612579952004;
        Fri, 05 Feb 2021 18:52:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1612579951; cv=none;
        d=google.com; s=arc-20160816;
        b=cLp60TvPqETVKoBrlUFCUgNC24Uo40Bd+YrYcsqZT0Ff9lkHyy3D3nc1VkwKa19c/i
         ne630zcZPAQhC3meF4Rmvyp/wj7+HgJt/ZhIqOL9fvkhk4YxT7zYP5kisB4Uiao2co/+
         dNLkskLuDaZtJK/T4s/b08n4xPTd3UsEMMY5xlyqrR+9WV+n0W+rgeplYRTfLEeznzfy
         RYzdKa3QtkPXq7WnMPG+/3n9ubTWKpEteKJMBYIEs5uZv6Muq8aeDwr8eDRPv4G68Rkr
         Wn/NceHA0wbneupZFVL60o57NciFvJvY+lmk2uI3WP0Kqn06IDu2S1ZwUiq4e+fJIbSq
         P+Kg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject:dkim-signature;
        bh=mZCRVETJ8PFFSolgHhB5Tp0serDneMbD0XJnnQKOZTI=;
        b=rJQ5nb+Id31LkXnb73tVz+/D+Regc+0symiIQ/8Z1sEIb2iG7Vm6SC9QUXk2EPrfDU
         Bzz6GAoxtODzzIFkV9OehIunjMppIXB2uJNuC5IRzVgnaILu1tNr/UM8Hz0BB+8YbUf0
         LMCQuVMtnuSQ1fmbMBqhg5UOOiw7TzYP7PpDRzHMD7iFLRStfavWc0tamU9bRyt1+H78
         Cc/lH434cjbQg3EcuE4BHzrxzw/rn0X9sfTEHo/F0Hw1QRVbbU6/0tce4cn8lOQvD7Oy
         11yaYJECblAc8JtMCkGoHfgkBERavHp1Alx677qjLwt82jDDr4g/XyoBzoPexsC3KoSH
         1GQA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@infradead.org header.s=merlin.20170209 header.b=BxHBM4b9;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id x22si6555459ejv.202.2021.02.05.18.52.07;
        Fri, 05 Feb 2021 18:52:31 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@infradead.org header.s=merlin.20170209 header.b=BxHBM4b9;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231260AbhBFCug (ORCPT <rfc822;lkml.email@gmail.com> + 99 others);
        Fri, 5 Feb 2021 21:50:36 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38360 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231278AbhBFCgR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 5 Feb 2021 21:36:17 -0500
Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D2D17C08EE7B;
        Fri,  5 Feb 2021 16:39:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=infradead.org; s=merlin.20170209; h=Content-Transfer-Encoding:Content-Type:
        In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender
        :Reply-To:Content-ID:Content-Description;
        bh=mZCRVETJ8PFFSolgHhB5Tp0serDneMbD0XJnnQKOZTI=; b=BxHBM4b9ULo1IOmmp+yYoLbHzA
        T7jAwmuzi3nMiMuX4tSkT/PrHmdvmiGIRtRT/UkrGY+MQn3UjhuH9epQ5p+ZfcNl6+MGqcoaQTzOA
        3u9fGYgTMy7MutsAZYCmCG0OHhLpFF54+pcZVvNUrQol7VN1x8yplUX+rdXTzoCUqFlzpK8rwKzOJ
        diBnw2RUzvs+/6D90s2sCtbcRqjpD9AINeb0tex9RhkHpmLzu0NaLJXeHfsRlLizZU5m9K5zi40tm
        QNvThKpybBm2o4UpU5v+Xa3rIySjTRMa2Ah7VNAJ7CBgXfTwVgoU6hQwCFVDeU9jgxIKa2NtGEDov
        vygqBJ+w==;
Received: from [2601:1c0:6280:3f0::aec2]
        by merlin.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux))
        id 1l8BdT-0004md-Uz; Sat, 06 Feb 2021 00:39:40 +0000
Subject: Re: [PATCH v4 1/2] procfs: Allow reading fdinfo with PTRACE_MODE_READ
To:     Kalesh Singh <kaleshsingh@google.com>
Cc:     jannh@google.com, jeffv@google.com, keescook@chromium.org,
        surenb@google.com, minchan@kernel.org, hridya@google.com,
        christian.koenig@amd.com, kernel-team@android.com,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Michal Hocko <mhocko@suse.com>,
        Alexey Gladkov <gladkov.alexey@gmail.com>,
        NeilBrown <neilb@suse.de>, Szabolcs Nagy <szabolcs.nagy@arm.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Michel Lespinasse <walken@google.com>,
        Bernd Edlinger <bernd.edlinger@hotmail.de>,
        Andrei Vagin <avagin@gmail.com>,
        Yafang Shao <laoar.shao@gmail.com>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        linux-doc@vger.kernel.org
References: <20210205213353.669122-1-kaleshsingh@google.com>
From:   Randy Dunlap <rdunlap@infradead.org>
Message-ID: <fe8780a1-364e-ec8f-48ee-192438d52c01@infradead.org>
Date:   Fri, 5 Feb 2021 16:39:29 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.4.0
MIME-Version: 1.0
In-Reply-To: <20210205213353.669122-1-kaleshsingh@google.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2/5/21 1:33 PM, Kalesh Singh wrote:
> Android captures per-process system memory state when certain low memory
> events (e.g a foreground app kill) occur, to identify potential memory
> hoggers. In order to measure how much memory a process actually consumes,
> it is necessary to include the DMA buffer sizes for that process in the
> memory accounting. Since the handle to DMA buffers are raw FDs, it is
> important to be able to identify which processes have FD references to
> a DMA buffer.
> 
> Currently, DMA buffer FDs can be accounted using /proc/<pid>/fd/* and
> /proc/<pid>/fdinfo -- both are only readable by the process owner,
> as follows:
>   1. Do a readlink on each FD.
>   2. If the target path begins with "/dmabuf", then the FD is a dmabuf FD.
>   3. stat the file to get the dmabuf inode number.
>   4. Read/ proc/<pid>/fdinfo/<fd>, to get the DMA buffer size.
> 
> Accessing other processes’ fdinfo requires root privileges. This limits

Tangential:
Please just use ASCII "'" -- it's good enough.

> the use of the interface to debugging environments and is not suitable
> for production builds.  Granting root privileges even to a system process
> increases the attack surface and is highly undesirable.
> 
> Since fdinfo doesn't permit reading process memory and manipulating
> process state, allow accessing fdinfo under PTRACE_MODE_READ_FSCRED.
> 
> Suggested-by: Jann Horn <jannh@google.com>
> Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
> ---
> Changes in v2:
>   - Update patch description
> 
>  fs/proc/base.c |  4 ++--
>  fs/proc/fd.c   | 15 ++++++++++++++-
>  2 files changed, 16 insertions(+), 3 deletions(-)


-- 
~Randy