| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Mar 2021 23:14:08 -0700
From: Kalesh Singh <kaleshsingh@...gle.com>
To: Kees Cook <keescook@...omium.org>
Cc: Jann Horn <jannh@...gle.com>,
Jeffrey Vander Stoep <jeffv@...gle.com>,
Suren Baghdasaryan <surenb@...gle.com>,
Minchan Kim <minchan@...nel.org>,
Hridya Valsaraju <hridya@...gle.com>,
Randy Dunlap <rdunlap@...radead.org>,
Christian König <christian.koenig@....com>,
Matthew Wilcox <willy@...radead.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
"Cc: Android Kernel" <kernel-team@...roid.com>,
Alexey Dobriyan <adobriyan@...il.com>,
Jonathan Corbet <corbet@....net>,
Andrew Morton <akpm@...ux-foundation.org>,
Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
Michal Hocko <mhocko@...e.com>,
Alexey Gladkov <gladkov.alexey@...il.com>,
Szabolcs Nagy <szabolcs.nagy@....com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Christian Brauner <christian.brauner@...ntu.com>,
Michel Lespinasse <walken@...gle.com>,
Bernd Edlinger <bernd.edlinger@...mail.de>,
Andrei Vagin <avagin@...il.com>, Helge Deller <deller@....de>,
James Morris <jamorris@...ux.microsoft.com>,
LKML <linux-kernel@...r.kernel.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>
Subject: Re: [RESEND PATCH v6 1/2] procfs: Allow reading fdinfo with PTRACE_MODE_READ
On Wed, Mar 17, 2021 at 10:55 PM Kees Cook <keescook@...omium.org> wrote:
>
> On Mon, Mar 08, 2021 at 05:06:40PM +0000, Kalesh Singh wrote:
> > Android captures per-process system memory state when certain low memory
> > events (e.g a foreground app kill) occur, to identify potential memory
> > hoggers. In order to measure how much memory a process actually consumes,
> > it is necessary to include the DMA buffer sizes for that process in the
> > memory accounting. Since the handle to DMA buffers are raw FDs, it is
> > important to be able to identify which processes have FD references to
> > a DMA buffer.
> >
> > Currently, DMA buffer FDs can be accounted using /proc/<pid>/fd/* and
> > /proc/<pid>/fdinfo -- both are only readable by the process owner,
> > as follows:
> > 1. Do a readlink on each FD.
> > 2. If the target path begins with "/dmabuf", then the FD is a dmabuf FD.
> > 3. stat the file to get the dmabuf inode number.
> > 4. Read/ proc/<pid>/fdinfo/<fd>, to get the DMA buffer size.
> >
> > Accessing other processes' fdinfo requires root privileges. This limits
> > the use of the interface to debugging environments and is not suitable
> > for production builds. Granting root privileges even to a system process
> > increases the attack surface and is highly undesirable.
> >
> > Since fdinfo doesn't permit reading process memory and manipulating
> > process state, allow accessing fdinfo under PTRACE_MODE_READ_FSCRED.
> >
> > Suggested-by: Jann Horn <jannh@...gle.com>
> > Signed-off-by: Kalesh Singh <kaleshsingh@...gle.com>
>
> Reviewed-by: Kees Cook <keescook@...omium.org>
>
> Who would be best to pick this up? Maybe akpm?
Thanks Kees. Andrew has queued the patchset for the mm tree.
>
> --
> Kees Cook
Powered by blists - more mailing lists