From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 63D6A423DA for ; Sun, 15 Jan 2023 03:27:57 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 61E0B40156; Sun, 15 Jan 2023 03:27:57 +0100 (CET) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mails.dpdk.org (Postfix) with ESMTP id 2A10F40042 for ; Sun, 15 Jan 2023 03:27:56 +0100 (CET) Received: by mail-pl1-f174.google.com with SMTP id b17so19583926pld.7 for ; Sat, 14 Jan 2023 18:27:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=P5sARMTo6TiPew9z4kf2ZC1wMS5JNB1EB/19lsVO8Gk=; b=yZCWNfArTfSdFhLb1Z93KakLroL2vNGW4r3XtWW/b27hMTMO+FkyQ3GANS9OtlVAH+ CSAMUDAGRUf/5sv6TchU5qrl92kXCylNiknhl+fjHssY2zEBWUmoiPpiVacM9C/U0wFu pHUg5IDB72FWc5q5IhdYJ1/r5RUroo0sZw965ia5kvrjOH9P1KYzZ5q9Q7G9iaWPEWkx WBJhC+q9+Nh8IviePvRXttzI9MNCRk5LgYxTQrn8REvZfjvsBT3eaL5/0zVh6dOF+Xov Qg/sVKQFVtSeoQQzaVuJn758LT/qK/QqzazuYJb0nYVDLZnfJaYWoREjl+TTkdS+8udZ f9sQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=P5sARMTo6TiPew9z4kf2ZC1wMS5JNB1EB/19lsVO8Gk=; b=VB/YxOb4V9LUWx5gpLJqtAqVRs9s+mLgUtlQq1LArryunaipZVAp7SJ99PQ6G5XX0k trJ0biCBtsC4jDqv5v8gtVCJ+VMzN/MTzn8+dN9t+dn4KDcLelm+bVZNOTDxEi8dRvGA A3/pReUeJxMcvk79o5l2kxL1jrYL6SAcGZYAZojm7E3vPBD9t3TOtXUPQyCD6fkvSMgS 38ZTIFoOaJRx73IlnSc85gkPVATK5knkItzNfRhk7vrM5pXC+6+rgBhtVa873T7Kfvfz EoYt9h7YgdZZgyRZynFTcoSJxR6P/NcsEIq1Gn1WljB4l/E5o8Pwm019nvzYFdIXAksB 4ACA== X-Gm-Message-State: AFqh2kqxsn0yri+m2igx5J6l8TeMeW2QBeaXZjMlon1shdJ4612Ex7PG ViJrYE9BDq8eS+Lc+F+G96pVYQ== X-Google-Smtp-Source: AMrXdXshSnaydal59+T5kWVJo+ashK0Pgc6ZDiNpu94jeZIOCCzcYwcfSCFUljEpj0OnFKQ4TuvZJg== X-Received: by 2002:a17:90a:19c8:b0:229:19bf:1da6 with SMTP id 8-20020a17090a19c800b0022919bf1da6mr9476844pjj.31.1673749675032; Sat, 14 Jan 2023 18:27:55 -0800 (PST) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id c4-20020a63da04000000b0047911890728sm13741090pgh.79.2023.01.14.18.27.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Jan 2023 18:27:54 -0800 (PST) Date: Sat, 14 Jan 2023 18:27:52 -0800 From: Stephen Hemminger To: Dmitry Kozlyuk Cc: dev@dpdk.org, stable@dpdk.org, Boris Ouretskey , Isaac Boukris , Bruce Richardson Subject: Re: [PATCH] doc: add capability to access physical addresses Message-ID: <20230114182752.0fa60bf7@hermes.local> In-Reply-To: <20230114225802.136625-1-dmitry.kozliuk@gmail.com> References: <20230114225802.136625-1-dmitry.kozliuk@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org On Sun, 15 Jan 2023 01:58:02 +0300 Dmitry Kozlyuk wrote: > CAP_DAC_OVERRIDE capability is required to access /proc/self/pagemap, > but it was missing from the Linux guide, causing issues for users. > > Fixes: 979bb5d493fb ("doc: add more instructions for running as non-root") > Cc: stable@dpdk.org > > Signed-off-by: Dmitry Kozlyuk > Reported-by: Boris Ouretskey > Reported-by: Isaac Boukris DAC_OVERRIDE is like having the master key. It opens all doors and if so, running as non-root really doesn't matter that much. Ideally, a finer grain permission could be used. Recommending this to users seems wrong. According proc.5 man page. /proc/[pid]/pagemap (since Linux 2.6.25) This file shows the mapping of each of the process's virtual pages into physical page frames or swap area. ... Permission to access this file is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2). Which distro is this? What security module are you using. For example, on Debian (kernel 5.17) running as non-root it is possible to read pagemap.