Re: [RFC, PATCH] pagemap: do not leak physical addresses to non-privileged userspace

From: Pavel Machek
Date: Mon Mar 16 2015 - 17:11:30 EST

Next message: Pavel Machek: "Re: [PATCH v2 4/9] nbd: Replace kthread_create with kthread_run"
Previous message: Pavel Machek: "Re: [PATCH] i8042 / PM: Allow PC keyboard to wake up from suspend-to-idle"
Next in thread: Mark Seaborn: "Re: [RFC, PATCH] pagemap: do not leak physical addresses to non-privileged userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon 2015-03-09 23:11:12, Kirill A. Shutemov wrote:
> From: "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>
>
> As pointed by recent post[1] on exploiting DRAM physical imperfection,
> /proc/PID/pagemap exposes sensitive information which can be used to do
> attacks.
>
> This is RFC patch which disallow anybody without CAP_SYS_ADMIN to read
> the pagemap.
>
> Any comments?
>
> [1]
http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html

Note that this kind of attack still works without pagemap, it just
takes longer. Actually the first demo program is not using pagemap.

Can we do anything about that? Disabling cache flushes from userland
should make it no longer exploitable.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: [PATCH v2 4/9] nbd: Replace kthread_create with kthread_run"
Previous message: Pavel Machek: "Re: [PATCH] i8042 / PM: Allow PC keyboard to wake up from suspend-to-idle"
Next in thread: Mark Seaborn: "Re: [RFC, PATCH] pagemap: do not leak physical addresses to non-privileged userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]