| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Jun 2022 15:06:05 -0700
From: Kalesh Singh <kaleshsingh@...gle.com>
To: ckoenig.leichtzumerken@...il.com, christian.koenig@....com,
viro@...iv.linux.org.uk, hch@...radead.org,
stephen.s.brennan@...cle.com, David.Laight@...LAB.COM
Cc: ilkos@...gle.com, tjmercier@...gle.com, surenb@...gle.com,
kernel-team@...roid.com, Kalesh Singh <kaleshsingh@...gle.com>,
Jonathan Corbet <corbet@....net>,
Sumit Semwal <sumit.semwal@...aro.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Christoph Anton Mitterer <mail@...istoph.anton.mitterer.name>,
Johannes Weiner <hannes@...xchg.org>,
Mike Rapoport <rppt@...nel.org>,
Colin Cross <ccross@...gle.com>,
Paul Gortmaker <paul.gortmaker@...driver.com>,
Randy Dunlap <rdunlap@...radead.org>,
linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-doc@...r.kernel.org, linux-media@...r.kernel.org,
dri-devel@...ts.freedesktop.org, linaro-mm-sig@...ts.linaro.org
Subject: [PATCH v2 0/2] procfs: Add file path and size to /proc/<pid>/fdinfo
Hi all,
This is v2 of the fdinfo patches. The main update is adding path
field only for files with anon inodes. Rebased on 5.19-rc3.
The previous cover letter is copied below for convenience.
Thanks,
Kalesh
-----------
Processes can pin shared memory by keeping a handle to it through a
file descriptor; for instance dmabufs, memfd, and ashmem (in Android).
In the case of a memory leak, to identify the process pinning the
memory, userspace needs to:
- Iterate the /proc/<pid>/fd/* for each process
- Do a readlink on each entry to identify the type of memory from
the file path.
- stat() each entry to get the size of the memory.
The file permissions on /proc/<pid>/fd/* only allows for the owner
or root to perform the operations above; and so is not suitable for
capturing the system-wide state in a production environment.
This issue was addressed for dmabufs by making /proc/*/fdinfo/*
accessible to a process with PTRACE_MODE_READ_FSCREDS credentials[1]
To allow the same kind of tracking for other types of shared memory,
add the following fields to /proc/<pid>/fdinfo/<fd>:
path - This allows identifying the type of memory based on common
prefixes: e.g. "/memfd...", "/dmabuf...", "/dev/ashmem..."
This was not an issued when dmabuf tracking was introduced
because the exp_name field of dmabuf fdinfo could be used
to distinguish dmabuf fds from other types.
size - To track the amount of memory that is being pinned.
dmabufs expose size as an additional field in fdinfo. Remove
this and make it a common field for all fds.
Access to /proc/<pid>/fdinfo is governed by PTRACE_MODE_READ_FSCREDS
-- the same as for /proc/<pid>/maps which also exposes the path and
size for mapped memory regions.
This allows for a system process with PTRACE_MODE_READ_FSCREDS to
account the pinned per-process memory via fdinfo.
Kalesh Singh (2):
procfs: Add 'size' to /proc/<pid>/fdinfo/
procfs: Add 'path' to /proc/<pid>/fdinfo/
Documentation/filesystems/proc.rst | 22 ++++++++++++++++++++--
drivers/dma-buf/dma-buf.c | 1 -
fs/libfs.c | 9 +++++++++
fs/proc/fd.c | 18 ++++++++++++++----
include/linux/fs.h | 1 +
5 files changed, 44 insertions(+), 7 deletions(-)
base-commit: a111daf0c53ae91e71fd2bfe7497862d14132e3e
--
2.37.0.rc0.161.g10f37bed90-goog
Powered by blists - more mailing lists