Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp3599863pxb; Wed, 13 Oct 2021 09:08:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxgn6XUHrz2denMBesacBGrpCBks2IKmiPLK9WV2B7s0Yaj9ShzFF1y7HnqBEFYNuwP7DyP X-Received: by 2002:a05:6a00:2405:b0:3e1:9f65:9703 with SMTP id z5-20020a056a00240500b003e19f659703mr267958pfh.6.1634141281387; Wed, 13 Oct 2021 09:08:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634141281; cv=none; d=google.com; s=arc-20160816; b=E5+u8xME2BqzP1tKkYaFSUvFoMLba/XjbrzjHnD+lskl00ArOo9aguNFCx7ElIDIF7 nX6oC/hn6VPJnc8ifTxnxYesaBgUxek0XAbhgE9Auy1VigPxDBFR5Wq/+nOjWDPjCMHb e66AWNRYt6vxh9pfxSVPPDH/K45m2Xx7/82nbwDYsPVLquBJvL1KsI8fYRlJU0udEwgP gjPUZkWI0R/LWrV+V1s+5ienYv2as/v1Uq7TLpFfLxTV33cNk6BKZOaKGxqNALiiBj/L 9lUnaEaTikP4t0C4FwCyS0Kzc8AHm624J2EMq/FFZ6aAutlTqyx5bqI5DjlF+1qK3vPN xE7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=55jBdElmI7vGZUDfiyYYs7/r8iE1Q78jQcOtXK2VrgE=; b=qD3nlgFVap/Zo+/wI8ICuo006rY/4omQnz9GViBAsJ/joYiFkzwsijq9tQY1UtzhoG JOINaEbA8TfgCyKi/ljKU4fcoD1NtSfd9PA6oMFZJU9U78lR1M6wIDK0l6AkffMnHaEX qi/7I+bkn5FIEWju7DhX54w0VscjM8RzCm8KljfZYjrYDjpyEgBjztXFy4LAvy69/ZpO mppFZ3hL/kpBY4XbCrXm7oklKWoLcqtrqPGRCcGm6nuIscobbvuaJhG7ZvU/7JYvElnc IiVBXxdjL2ttGDIRPMNew/Idkyf5Ddgp+3J3cQtrTKe/2YxXHRPkWVx9b3HnKSNTHVeB obZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=CLhkh67x; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b11si25092522plk.418.2021.10.13.09.07.30; Wed, 13 Oct 2021 09:08:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=CLhkh67x; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229903AbhJMQEz (ORCPT + 99 others); Wed, 13 Oct 2021 12:04:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43924 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229794AbhJMQEy (ORCPT ); Wed, 13 Oct 2021 12:04:54 -0400 Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7CCA0C061570 for ; Wed, 13 Oct 2021 09:02:51 -0700 (PDT) Received: by mail-pf1-x430.google.com with SMTP id 187so2854328pfc.10 for ; Wed, 13 Oct 2021 09:02:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=55jBdElmI7vGZUDfiyYYs7/r8iE1Q78jQcOtXK2VrgE=; b=CLhkh67xp+nTgG3pyUWx/y3RsOIjiSOR4R19Y4NrjeOKcOHn1PlyHfsBSAmlABQrze U3zuAUyUCgd6BmYLB5CfNmibTRBt/AVzgbg/T1L2dMUv1dZratLvw/mHjT+sZhi4kUmu Nd0hb/SbN0Y3Ud14Nc6XtFL9FLmrGswLhGxWRGy982a45bCzfW6b7j6XyDBuD8lh7CHK lBLpdzwpouH1h+5FIj3zkHOYNxJuinFd2WlWRDbaAdz4yOURRABQz0Az5UE+ePVQ9Kbl YnsmEbPQIE9JHRQmb3B1j8hogmZYSc+j3W/kMC/kDCMguuYP/4GWTI3rqKwDG7yQPpRX ZLlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=55jBdElmI7vGZUDfiyYYs7/r8iE1Q78jQcOtXK2VrgE=; b=qzy6cH6uJIGOBR/cbUfBDIjJxzV+te+nxK+teqx092PH3OGB1v652WXHMWWJqYHEiL xySvVtd78NlHhbbXDeIQ5r2UY2Z36FVBAw3/xOpAAALZZjYiNDsHLJa0OH40y5FVl57C FNCIzPVjqz6EOscAacToaMW+NkC8jWjvHCClqTmykEJQW3uMT+lgFOxqIb4kfWavjid5 Pyr7TADYtHpm8QWXlPpBiTx2QwsYIgOhfn+QPoyuItbmzzJkd/z/juoOAMgPbHNBPmws BppmnOOh02iHjbJ4AB5SXA4fuNheYkcz2PcYYi9eh8A8ChTmizwE7rh/qzDRXRq3+xij Gedw== X-Gm-Message-State: AOAM531nQqPM79bDj64ruqZFBxoSjnKnQLaSNSeSkRoIWcz+igHEwt1B GBvCBxFHf1b6EV5Xk+s/wqY= X-Received: by 2002:a63:ed4a:: with SMTP id m10mr29005775pgk.448.1634140970820; Wed, 13 Oct 2021 09:02:50 -0700 (PDT) Received: from smtpclient.apple (c-24-6-216-183.hsd1.ca.comcast.net. [24.6.216.183]) by smtp.gmail.com with ESMTPSA id p16sm12622116pfh.97.2021.10.13.09.02.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Oct 2021 09:02:50 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\)) Subject: Re: [RFC PATCH] userfaultfd: support control over mm of remote PIDs From: Nadav Amit In-Reply-To: Date: Wed, 13 Oct 2021 09:02:48 -0700 Cc: Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrea Arcangeli , Mike Rapoport Content-Transfer-Encoding: quoted-printable Message-Id: <03C026D4-EBE8-4649-9C42-63F82941B781@gmail.com> References: <20210926170637.245699-1-namit@vmware.com> To: Peter Xu X-Mailer: Apple Mail (2.3654.120.0.1.13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Oct 12, 2021, at 7:18 PM, Peter Xu wrote: >=20 > On Sun, Sep 26, 2021 at 10:06:37AM -0700, Nadav Amit wrote: >> From: Nadav Amit >>=20 >> Non-cooperative mode is useful but only for forked processes. >> Userfaultfd can be useful to monitor, debug and manage memory of = remote >> processes. >>=20 >> To support this mode, add a new flag, UFFD_REMOTE_PID, and an = optional >> second argument to the userfaultfd syscall. When the flag is set, the >> second argument is assumed to be the PID of the process that is to be >> monitored. Otherwise the flag is ignored. >>=20 >> The syscall enforces that the caller has CAP_SYS_PTRACE to prevent >> misuse of this feature. >>=20 >> Cc: Andrea Arcangeli >> Cc: Andrew Morton >> Cc: Mike Rapoport >> Cc: Peter Xu >> Signed-off-by: Nadav Amit >=20 > I think this patch from one pov looks just likes the other patch of = the > process_madvise on DONTNEED - the new interface definitely opens new = way to do > things, however IMHO it would be great to discuss some detailed = scenario that > we can do with it better than the existing facilities. >=20 > The thing is uffd already provides some mechanism for doing things = like > customized swapping, so that's not something new IMHO that this patch = brings > (neither is what the DONTNEED patch brings), just like when I raised = in the > other thread about umap. >=20 > So IMHO it'll be great if there can be some elaboration on how the = "remote" > capability could help us do things better (e.g., use cases that we may = not > solve with linking against another uffd-supported library, or we can't = do with > register uffd then fork()). >=20 > (I skipped the security side of things, as I replied in the other = thread that I > think I buy in your point on depending on PTRACE capability and also = the > examples you gave on ptrace() and process_vm_writev() are persuasive = to me, > but no expert on that..) Fair enough. Let me get back to you once I can provide more data. For now, I just ask you to have this patch in the back of your mind if = any other change to userfaultfd syscall is proposed to prevent a potential conflict.=