Skip to content

Commit e4e7cb9

Browse files
ldorauldorau
committed
Add info about the PTRACE_MODE_ATTACH_REALCREDS permission
Add info about the `PTRACE_MODE_ATTACH_REALCREDS` permission required by the OS and the L0 providers to `README.md`. Signed-off-by: Lukasz Dorau <[email protected]>
1 parent 19bd9fd commit e4e7cb9

File tree

1 file changed

+23
-1
lines changed

1 file changed

+23
-1
lines changed

README.md

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,14 @@ OS memory provider supports two types of memory mappings (set by the `visibility
149149

150150
IPC API requires the `UMF_MEM_MAP_SHARED` memory `visibility` mode
151151
(`UMF_RESULT_ERROR_INVALID_ARGUMENT` is returned otherwise).
152+
IPC API uses the file descriptor duplication. It requires using `pidfd_getfd(2)` to obtain
153+
a duplicate of another process's file descriptor (`pidfd_getfd(2)` is supported since Linux 5.6).
154+
Permission to duplicate another process's file descriptor is governed by a ptrace access mode
155+
`PTRACE_MODE_ATTACH_REALCREDS` check (see `ptrace(2)`) that can be changed using
156+
the `/proc/sys/kernel/yama/ptrace_scope` interface in the following way:
157+
```sh
158+
$ sudo bash -c "echo 0 > /proc/sys/kernel/yama/ptrace_scope"
159+
```
152160

153161
There are available two mechanisms for the shared memory mapping:
154162
1) a named shared memory object (used if the `shm_name` parameter is not NULL) or
@@ -162,17 +170,31 @@ An anonymous file descriptor for the shared memory mapping will be created using
162170

163171
##### Requirements
164172

165-
Required packages for tests (Linux-only yet):
173+
IPC API on Linux requires the `PTRACE_MODE_ATTACH_REALCREDS` permission (see `ptrace(2)`)
174+
to duplicate an another process's file descriptor (see above).
175+
176+
Packages required for tests (Linux-only yet):
166177
- libnuma-dev
167178

168179
#### Level Zero memory provider
169180

170181
A memory provider that provides memory from L0 device.
171182

183+
IPC API uses the file descriptor duplication. It requires using `pidfd_getfd(2)` to obtain
184+
a duplicate of another process's file descriptor (`pidfd_getfd(2)` is supported since Linux 5.6).
185+
Permission to duplicate another process's file descriptor is governed by a ptrace access mode
186+
`PTRACE_MODE_ATTACH_REALCREDS` check (see `ptrace(2)`) that can be changed using
187+
the `/proc/sys/kernel/yama/ptrace_scope` interface in the following way:
188+
```sh
189+
$ sudo bash -c "echo 0 > /proc/sys/kernel/yama/ptrace_scope"
190+
```
191+
172192
##### Requirements
173193

174194
1) Linux or Windows OS
175195
2) The `UMF_BUILD_LEVEL_ZERO_PROVIDER` option turned `ON` (by default)
196+
3) IPC API on Linux requires the `PTRACE_MODE_ATTACH_REALCREDS` permission (see `ptrace(2)`)
197+
to duplicate an another process's file descriptor (see above).
176198

177199
Additionally, required for tests:
178200

0 commit comments

Comments
 (0)