On Tue, Oct 18, 2022 at 4:51 PM Zach OKeefe <zokeefe@xxxxxxxxxx> wrote:
>
> From: Zach O'Keefe <zokeefe@xxxxxxxxxx>
>
> The initial commit of process_madvise(2) to man-pages project included
> an error, indicating that CAP_SYS_ADMIN capability was required when, in
> fact, CAP_SYS_NICE was the required capability.
>
> The initial commit of process_madvise(2) to Linux, commit ecb8ac8b1f14
> ("mm/madvise: introduce process_madvise() syscall: an external memory
> hinting API"), relied on PTRACE_MODE_ATTACH_FSCREDS (see ptrace(2)),
> but was amended by commit 96cfe2c0fd23 ("mm/madvise: replace ptrace
> attach requirement for process_madvise") which replaced this with a
> combination of PTRACE_MODE_READ and CAP_SYS_NICE (PTRACE_MODE_READ to
> prevent leaking ASLR metadata and CAP_SYS_NICE for influencing process
> performance).
>
> Correct this in the man-page for process_madvise(2).
Thanks for fixing my mistake!
>
> Fixes: a144f458b ("process_madvise.2: Document process_madvise(2)")
> Cc: Suren Baghdasaryan <surenb@xxxxxxxxxx>
> Cc: Minchan Kim <minchan@xxxxxxxxxx>
> Signed-off-by: Zach O'Keefe <zokeefe@xxxxxxxxxx>
Reviewed-by: Suren Baghdasaryan <surenb@xxxxxxxxxx>
> ---
> man2/process_madvise.2 | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/man2/process_madvise.2 b/man2/process_madvise.2
> index 6208206e4..7bee1a098 100644
> --- a/man2/process_madvise.2
> +++ b/man2/process_madvise.2
> @@ -113,7 +113,8 @@ check (see
> in addition,
> because of the performance implications of applying the advice,
> the caller must have the
> -.B CAP_SYS_ADMIN
> +.\" commit 96cfe2c0fd23ea7c2368d14f769d287e7ae1082e
> +.B CAP_SYS_NICE
> capability.
> .SH RETURN VALUE
> On success,
> --
> 2.38.0.413.g74048e4d9e-goog
>
