Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged

From: Jann Horn
Date: Sat Jan 05 2019 - 17:57:16 EST

Next message: Linus Torvalds: "Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged"
Previous message: Dmitry Torokhov: "Re: [PATCH] Input: goodix - decouple irq and reset lines"
In reply to: kbuild test robot: "Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged"
Next in thread: Linus Torvalds: "Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jan 5, 2019 at 6:27 PM Jiri Kosina <jikos@xxxxxxxxxx> wrote:
> There are possibilities [1] how mincore() could be used as a converyor of
> a sidechannel information about pagecache metadata.
>
> Provide vm.mincore_privileged sysctl, which makes it possible to mincore()
> start returning -EPERM in case it's invoked by a process lacking
> CAP_SYS_ADMIN.
>
> The default behavior stays "mincore() can be used by anybody" in order to
> be conservative with respect to userspace behavior.
>
> [1] https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/

Just checking: I guess /proc/$pid/pagemap (iow, the pagemap_read()
handler) is less problematic because it only returns data about the
state of page tables, and doesn't query the address_space? In other
words, it permits monitoring evictions, but non-intrusively detecting
that something has been loaded into memory by another process is
harder?

Next message: Linus Torvalds: "Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged"
Previous message: Dmitry Torokhov: "Re: [PATCH] Input: goodix - decouple irq and reset lines"
In reply to: kbuild test robot: "Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged"
Next in thread: Linus Torvalds: "Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]