Received: by 2002:aa6:cad3:0:b0:147:287a:cb84 with SMTP id e19csp801686lky; Mon, 27 Sep 2021 03:20:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzvbM1E02EQH9AhueMRSKIz1p4Ppa5EH2vg3+6Kcjwv9VgAstSIAJzYWYR80MfePhu1hke6 X-Received: by 2002:a17:90a:d58f:: with SMTP id v15mr18925767pju.28.1632738054597; Mon, 27 Sep 2021 03:20:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632738054; cv=none; d=google.com; s=arc-20160816; b=f747j6Gp2Bx50Rb4Bw3rZqgwXoyPksiW8zuH5oTpbe9OvKbi8xezxoJ3YuqfYMA5KZ yse2vDnxZqWiTuUulNn8LEKD30WbRBnAVEpw3XsC7ncJPd3rvSzK/imA6atxyoiGLvpO uau5rrHjd8D62C5zkxCbLVzBhK7SE11QgIho4kI1pLLWNmfdHsmasb+QvRak8duxCVSi x73afcq7dswEZ3/UUONyytporw0P9uIIW8WR77+JmOkRiAbiKBfasntOSWSwMbYLymRn +bJfjsiJJrcZ40ahB/uO84QLlz2h72aHDxbN+utaoWnt9NASDBCbcUfn2URfPMInPT9o cQwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=lGc/CzSQycY/xWJ1m4mngd/wcGf436LBm02sP257mfQ=; b=V+5dQTNx9zjZpdV85U+ZmO7m8qbgl3q6UnOCZHvqaHUMUR7GGc/UixU8cgkOTxPbOD owCH2Vz8ug4nNchP+mlb1dPSn/zjJfuf8lF2dQebVTNuVg6U8E8wY+gWjMu03zas+H4B Kx9ksz8QHOnBEmZ/WaOKLQXNrV9mA8Fihad+3NIJGdvMTnG7HO/fFduILP/2Gtw71DRi OA8nW0jEb95NMKIJ1na/SnNZ4yiAqu1dqeTu6L7Zx4RzIEDjbzFjOiY4wOTbk9GvHNQX i+YOSip8d/wLvC/TMUyteWlBBMXMzNKIyWNAyluu8PV6pAZYlFOWzONbIPqOLKXyXL2S xW3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=qQplR5jS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k136si24806321pgc.294.2021.09.27.03.20.42; Mon, 27 Sep 2021 03:20:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=qQplR5jS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233811AbhI0KVV (ORCPT + 99 others); Mon, 27 Sep 2021 06:21:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55604 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233757AbhI0KVU (ORCPT ); Mon, 27 Sep 2021 06:21:20 -0400 Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E4273C061575 for ; Mon, 27 Sep 2021 03:19:42 -0700 (PDT) Received: by mail-pf1-x435.google.com with SMTP id w19so15332842pfn.12 for ; Mon, 27 Sep 2021 03:19:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=lGc/CzSQycY/xWJ1m4mngd/wcGf436LBm02sP257mfQ=; b=qQplR5jS4hN+7PorT/8qNQKzvaxsOVzAfshiYTenTPS6Zul05Sq9g8cEvUXNp+gft6 x7fAY1qmAAgh2Tm9QYFQaG9no+nVQjbBGlAJQJspyXwmaOKBlBkGHafGmfx1iBHbZbNN pzoNUMVxOHb9edoBCHKrDnK9IMsweGTJA+0KBbwXpRtmkIFDrvcFJbfz2VCyrqEhK57P 7LCejOlhGpTnoIh6qH3q37w8GFUr8zbA3vKXudHVe3cxiVsmycd6Ut1NAstbwp65Tmhr 7oUs1KWKqE6EW8fFCCdxbqSejthDclT/rUxt2jwJToRfuSfxY80Y0/fRrJdORuQiiiJl Bo1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=lGc/CzSQycY/xWJ1m4mngd/wcGf436LBm02sP257mfQ=; b=iB1iYXszirvCqWxqrW19+YTZVNNS3YJtEJEH7FlYi2VdfKO6pYgnt1rAoY6yPoIhg0 +m+IQY26Crc2YulS7/7y7qa6WGtRbulIhGxbLDx0elPnblNbVgYorOULnYGz7kp3Zcwp ssKEQyGUeI7sNWsWQpwMmNIAqITNzO0mGt3BBcdOfpy0RByQwcD9JP74rz8k3iRCw+ib f3nnab+qgrjcXa+mOJkeKeS4+IQ/cRLWkPDuiysZvr8EV2rDmMxWvn9+RIfkiEo5xutD 2sqGYAFkCIAaFsbh7kdOuJ23j8zUSCKL+K8VuUcYtjOfNqDhrhT1VUeJgonjiYFl8tHv calg== X-Gm-Message-State: AOAM531R2E/oCH16gkwFYoV2ospdTjz1fhCWpQPt+ViAr8XZAeSzqT8d nW77xwDJUydKwISDSl6x15/ESGqaM8I= X-Received: by 2002:a65:6a0f:: with SMTP id m15mr1444214pgu.298.1632737982252; Mon, 27 Sep 2021 03:19:42 -0700 (PDT) Received: from smtpclient.apple (c-24-6-216-183.hsd1.ca.comcast.net. [24.6.216.183]) by smtp.gmail.com with ESMTPSA id g11sm18453073pgn.41.2021.09.27.03.19.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Sep 2021 03:19:41 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\)) Subject: Re: [RFC PATCH] userfaultfd: support control over mm of remote PIDs From: Nadav Amit In-Reply-To: <83827672-0996-4c25-9991-697ad443b6b3@redhat.com> Date: Mon, 27 Sep 2021 03:19:40 -0700 Cc: Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrea Arcangeli , Mike Rapoport , Peter Xu Content-Transfer-Encoding: 7bit Message-Id: References: <20210926170637.245699-1-namit@vmware.com> <83827672-0996-4c25-9991-697ad443b6b3@redhat.com> To: David Hildenbrand X-Mailer: Apple Mail (2.3654.120.0.1.13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Sep 27, 2021, at 2:29 AM, David Hildenbrand wrote: > > On 26.09.21 19:06, Nadav Amit wrote: >> From: Nadav Amit >> Non-cooperative mode is useful but only for forked processes. >> Userfaultfd can be useful to monitor, debug and manage memory of remote >> processes. >> To support this mode, add a new flag, UFFD_REMOTE_PID, and an optional >> second argument to the userfaultfd syscall. When the flag is set, the >> second argument is assumed to be the PID of the process that is to be >> monitored. Otherwise the flag is ignored. >> The syscall enforces that the caller has CAP_SYS_PTRACE to prevent >> misuse of this feature. > > What supposed to happen if the target process intents to use uffd itself? Thanks for the quick response. First, sorry that I mistakenly dropped the changes to userfaultfd.h that define UFFD_REMOTE_PID. As for your question: there are standard ways to deal with such cases, similarly to when a debugged program wants to use PTRACE. One way is to block the userfaultfd syscall, using seccomp. Another way is to do chaining using ptrace (although using ptrace for anything is challenging). It is also possible to add tailor something specific to userfaultfd, but I think seccomp is a good enough solution. I am open to suggestions.