Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1966352pxb; Mon, 22 Feb 2021 16:15:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJz+oEHGiSHYZtlxD4fkz7cksodMvZOcyrMbTib/tzvkcSw6Z7CT6iEXBPc1P8UPk3LBvXGW X-Received: by 2002:a17:906:40cc:: with SMTP id a12mr22369082ejk.327.1614039315052; Mon, 22 Feb 2021 16:15:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614039315; cv=none; d=google.com; s=arc-20160816; b=DT3AKUlUsU/aQjce+bFrARq7e5FjUQJevt5ap25SL/bYWhY7Tq/BviK6UFJHhT5fWh gsfhP1KfzDsk3+CHrgc3awyQsBJxoXPvWHxYZhGMzsvlqqUeeazJbZS4lyMS4SwQK02P iSKFvMU4BpmtM/HpRXr7/bnumvIxDsk9GPTvRysImhDAolW3aev3ZmT4KTSz5q2eGBYv 2ElI48cRSnKPq7eqbbqlESzGQYkWjXD6BLt6/udDpSCmi2mivXL2iylQ7Ilf9zBY6HrO IOR1CnTOWZ5tLJq053PpWFQPyopRbdADgfUeRYMfdA+UrSwnwfArLRRI6xQIBmmUyZJC yMnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:cc:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=pCRKupgV6bVPqQhAPHwvcUajc+P2j/PXt//zx6xPAlk=; b=bxMVTPnDytMgM8E8GVyJG5ptfSswhH4WlEvA97fkMkhQJOc9ttRZv2jd8qsisslfWW MgbsKjMQnq2e6SpBzwpzW+oD/mWeA3J+6BFbklXT+wdcoVaCB7CmvPWlmTXsUEwRedNm hMti7OlBzxPhSsPhdQz6Xx0oyW/k5e8HGTl7W921MC/gNGc2FxiHpkdEzapo+E+Qc1GQ y0PacmJNkoQHBdb7V0cCvOTU/h/vSwI9R2qTCbUim0sK9QvyqJczpyLxQge7MFrc6bYB taahpWbxB0HtL789P3OgYHSs+aN3vnQ9su5rxinLcHIps08lBITTzBK7JF7I0chmufOA 4Vjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=aMoo0kkn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q3si1437377ejb.599.2021.02.22.16.14.51; Mon, 22 Feb 2021 16:15:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=aMoo0kkn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231686AbhBVX4w (ORCPT + 99 others); Mon, 22 Feb 2021 18:56:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39904 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231661AbhBVX4u (ORCPT ); Mon, 22 Feb 2021 18:56:50 -0500 Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8FF0C06174A for ; Mon, 22 Feb 2021 15:56:10 -0800 (PST) Received: by mail-pl1-x635.google.com with SMTP id a24so8726745plm.11 for ; Mon, 22 Feb 2021 15:56:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:cc; bh=pCRKupgV6bVPqQhAPHwvcUajc+P2j/PXt//zx6xPAlk=; b=aMoo0kknjIPmHPXzfPjSOvGRNxRUM/3mrnpeDehO70ESbHURf0pgopTpZCMDDPElJA /yu/UBiOekRlpYKIqSOYPYESfWJwlipecKkGxVGpzUuWWwWhDmfVEiqvFrqzyHkPdNjo 4Oxeq8L7k+E2R/lRrQR4bDAuDaqdEBFHosqQvnf0DxzTtehAhnKuwgkyh/GIznxE3VZ6 Nu+2BBkEVWSRwJNkutiY6uhCynI642xx95U8Nofxymy75kecqNhJjuu4QQQlXW3ORjvD dmg2kUmDqcZbr1qHeF8TmLa/jb0xi0eRaTDQGDbc/rALtCMFOZvPCze3zQrkgtwnpt1p Mm5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:cc; bh=pCRKupgV6bVPqQhAPHwvcUajc+P2j/PXt//zx6xPAlk=; b=RFHAWeB9TkSDEDtLcot0rNJy1rzytJUkHwU8Sr9zqbOEHzmLSJNWjnK2zWdnn+gjJV qUijPiGWvbrupHDn7kasPPz10uHVTOMPAJFvpNlQ3rPJ1meHCU3mtSpx0rMCVLu7xA2J bN37+dQKHIAghf5ojDbVG/L3PBHy5Pc0BFnOsYmJ7UWof2rf1vLrngusYqMshKE9eTYH jKST0qbTdLizsgnVsCHOnadTkBpFbB6ilEfdv7TT9LCjlkbZMVcjIjlbO2NPpvGS4GKB J9ZmlDwLtzhuX1D1Ar7cfwGDcANy/QAIGMC1rofrq2dSpUEkEKW4RP78kYkwPk86smKE qT/w== X-Gm-Message-State: AOAM531IgpkdSGpaqQjedJjJT9LP760ehT5/x4KNeHc4CUzswid4jkcx BKeUDDzWNQq5YicqjerOYAkeY6jCWAgjde6hWcn+KQ== X-Received: by 2002:a17:902:c14b:b029:e4:16d0:6808 with SMTP id 11-20020a170902c14bb02900e416d06808mt215594plj.69.1614038170018; Mon, 22 Feb 2021 15:56:10 -0800 (PST) MIME-Version: 1.0 References: <20210208155315.1367371-1-kaleshsingh@google.com> In-Reply-To: <20210208155315.1367371-1-kaleshsingh@google.com> From: Kalesh Singh Date: Mon, 22 Feb 2021 18:55:59 -0500 Message-ID: Subject: Re: [PATCH v6 1/2] procfs: Allow reading fdinfo with PTRACE_MODE_READ Cc: Jann Horn , Jeffrey Vander Stoep , Kees Cook , Suren Baghdasaryan , Minchan Kim , Hridya Valsaraju , Randy Dunlap , =?UTF-8?Q?Christian_K=C3=B6nig?= , Matthew Wilcox , "Cc: Android Kernel" , Alexey Dobriyan , Jonathan Corbet , Mauro Carvalho Chehab , Andrew Morton , Michal Hocko , Alexey Gladkov , NeilBrown , "Eric W. Biederman" , Daniel Jordan , Michel Lespinasse , Bernd Edlinger , Andrei Vagin , Yafang Shao , Christian Brauner , LKML , linux-fsdevel , "open list:DOCUMENTATION" Content-Type: text/plain; charset="UTF-8" To: unlisted-recipients:; (no To-header on input) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 8, 2021 at 10:53 AM Kalesh Singh wrote: > > Android captures per-process system memory state when certain low memory > events (e.g a foreground app kill) occur, to identify potential memory > hoggers. In order to measure how much memory a process actually consumes, > it is necessary to include the DMA buffer sizes for that process in the > memory accounting. Since the handle to DMA buffers are raw FDs, it is > important to be able to identify which processes have FD references to > a DMA buffer. > > Currently, DMA buffer FDs can be accounted using /proc//fd/* and > /proc//fdinfo -- both are only readable by the process owner, > as follows: > 1. Do a readlink on each FD. > 2. If the target path begins with "/dmabuf", then the FD is a dmabuf FD. > 3. stat the file to get the dmabuf inode number. > 4. Read/ proc//fdinfo/, to get the DMA buffer size. > > Accessing other processes' fdinfo requires root privileges. This limits > the use of the interface to debugging environments and is not suitable > for production builds. Granting root privileges even to a system process > increases the attack surface and is highly undesirable. > > Since fdinfo doesn't permit reading process memory and manipulating > process state, allow accessing fdinfo under PTRACE_MODE_READ_FSCRED. > > Suggested-by: Jann Horn > Signed-off-by: Kalesh Singh > --- > Changes in v2: > - Update patch description Hi all, Kindly requesting maintainers to take a look at this patch set. Thanks, Kalesh > > fs/proc/base.c | 4 ++-- > fs/proc/fd.c | 15 ++++++++++++++- > 2 files changed, 16 insertions(+), 3 deletions(-) > > diff --git a/fs/proc/base.c b/fs/proc/base.c > index b3422cda2a91..a37f9de7103f 100644 > --- a/fs/proc/base.c > +++ b/fs/proc/base.c > @@ -3160,7 +3160,7 @@ static const struct pid_entry tgid_base_stuff[] = { > DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations), > DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations), > DIR("map_files", S_IRUSR|S_IXUSR, proc_map_files_inode_operations, proc_map_files_operations), > - DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations), > + DIR("fdinfo", S_IRUGO|S_IXUGO, proc_fdinfo_inode_operations, proc_fdinfo_operations), > DIR("ns", S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations), > #ifdef CONFIG_NET > DIR("net", S_IRUGO|S_IXUGO, proc_net_inode_operations, proc_net_operations), > @@ -3504,7 +3504,7 @@ static const struct inode_operations proc_tid_comm_inode_operations = { > */ > static const struct pid_entry tid_base_stuff[] = { > DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations), > - DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations), > + DIR("fdinfo", S_IRUGO|S_IXUGO, proc_fdinfo_inode_operations, proc_fdinfo_operations), > DIR("ns", S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations), > #ifdef CONFIG_NET > DIR("net", S_IRUGO|S_IXUGO, proc_net_inode_operations, proc_net_operations), > diff --git a/fs/proc/fd.c b/fs/proc/fd.c > index cb51763ed554..585e213301f9 100644 > --- a/fs/proc/fd.c > +++ b/fs/proc/fd.c > @@ -6,6 +6,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -72,6 +73,18 @@ static int seq_show(struct seq_file *m, void *v) > > static int seq_fdinfo_open(struct inode *inode, struct file *file) > { > + bool allowed = false; > + struct task_struct *task = get_proc_task(inode); > + > + if (!task) > + return -ESRCH; > + > + allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS); > + put_task_struct(task); > + > + if (!allowed) > + return -EACCES; > + > return single_open(file, seq_show, inode); > } > > @@ -307,7 +320,7 @@ static struct dentry *proc_fdinfo_instantiate(struct dentry *dentry, > struct proc_inode *ei; > struct inode *inode; > > - inode = proc_pid_make_inode(dentry->d_sb, task, S_IFREG | S_IRUSR); > + inode = proc_pid_make_inode(dentry->d_sb, task, S_IFREG | S_IRUGO); > if (!inode) > return ERR_PTR(-ENOENT); > > -- > 2.30.0.478.g8a0d178c01-goog >