Received: by 10.192.165.148 with SMTP id m20csp4062171imm; Tue, 8 May 2018 02:10:03 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpDPBcPaWetIUQazw0SKKOZTGr1BsDv6zCkbTcDICn+7sb0VmhacQge7PwrXFkLc2RBmgsO X-Received: by 2002:a63:2c13:: with SMTP id s19-v6mr18046567pgs.427.1525770603144; Tue, 08 May 2018 02:10:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525770603; cv=none; d=google.com; s=arc-20160816; b=sGKcbYhIxQcETQeHlcRwltICZcnWRFg9jm671EWndx5QyoA+A8np/PYaREg3G25Naf 1lnLulJlBEfFlX54hfGteTLRiIeVkBD9V+7tfCfB+3P891xnJrOzsV8JpVJfaBA9WmE9 1TuSAu8bE3YoB4Fn7cc29kgJ68pbJVwH2kiQ6glPoua/fJzN7AOoqD+4fKTIKVPiBPX/ wQJ7fiZ0PG7es/xpxy+bZlUUS1XjX9DkVn6vnYqtwX+AG3bXb+mHoEjZEen/Ju8c5oj0 lJEBHcCx/YmwV+QRqEuosnAUPCZmVklJ/CcNZy7y+CvAZob040y0NGOkOdfsAnZPWGn1 I5Mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-id:content-language:accept-language:in-reply-to:references :message-id:date:thread-index:thread-topic:subject:cc:to:from :arc-authentication-results; bh=GipDcnvUiK15E2bz40qF7hWGMnP3HkHS2jwnMxUTMeI=; b=JVz5aThnbdGbtf37p8qdmrcNmivdfNzbt3hdtVhOgbqRpH7mcO4XY9mrF+0DJQMgar OS0kK+BqSpFpSbynJ6QllACzoNoxtjSY0RrvffbzrX/AJwXsGOizEU4gO/jdmB77NxhK crA0hkmAlIrDF19LWb5Q+43uFvbnn9lUsQHy8smT1GJRdYLLi3MwIYDlM/H7b5iBY5Cv vPf7Umv5ed3+CyxcOsrhQiS5DL3dGpJrOjyjI0N8ycFvedkWHmNqpSUk4fWZH4YtZ1Eu lDblTEK//iDBO0NAkJhj1SsoTPkwSwBkv3YI6FBm3pLWFcqOeu1iaDIG3dfV5wkbhyN8 kJZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g31-v6si15388420pld.3.2018.05.08.02.09.49; Tue, 08 May 2018 02:10:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932538AbeEHJJg convert rfc822-to-8bit (ORCPT + 99 others); Tue, 8 May 2018 05:09:36 -0400 Received: from tyo162.gate.nec.co.jp ([114.179.232.162]:59821 "EHLO tyo162.gate.nec.co.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754465AbeEHJJe (ORCPT ); Tue, 8 May 2018 05:09:34 -0400 Received: from mailgate02.nec.co.jp ([114.179.233.122]) by tyo162.gate.nec.co.jp (8.15.1/8.15.1) with ESMTPS id w4898wY1009536 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 8 May 2018 18:08:58 +0900 Received: from mailsv01.nec.co.jp (mailgate-v.nec.co.jp [10.204.236.94]) by mailgate02.nec.co.jp (8.15.1/8.15.1) with ESMTP id w4898wJa032590; Tue, 8 May 2018 18:08:58 +0900 Received: from mail02.kamome.nec.co.jp (mail02.kamome.nec.co.jp [10.25.43.5]) by mailsv01.nec.co.jp (8.15.1/8.15.1) with ESMTP id w4896JDb026083; Tue, 8 May 2018 18:08:58 +0900 Received: from bpxc99gp.gisp.nec.co.jp ([10.38.151.148] [10.38.151.148]) by mail02.kamome.nec.co.jp with ESMTP id BT-MMP-274282; Tue, 8 May 2018 18:07:35 +0900 Received: from BPXM23GP.gisp.nec.co.jp ([10.38.151.215]) by BPXC20GP.gisp.nec.co.jp ([10.38.151.148]) with mapi id 14.03.0319.002; Tue, 8 May 2018 18:07:35 +0900 From: Naoya Horiguchi To: "Huang, Ying" CC: Andrew Morton , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" , Konstantin Khlebnikov , Andrei Vagin , Michal Hocko , Jerome Glisse , Daniel Colascione , Zi Yan , "Kirill A. Shutemov" Subject: Re: [PATCH -mm] mm, pagemap: Hide swap entry for unprivileged users Thread-Topic: [PATCH -mm] mm, pagemap: Hide swap entry for unprivileged users Thread-Index: AQHT5mvVWujS9GcLcU+EklToaBi6vaQk9EkA Date: Tue, 8 May 2018 09:07:34 +0000 Message-ID: <20180508090734.GA27996@hori1.linux.bs1.fc.nec.co.jp> References: <20180508012745.7238-1-ying.huang@intel.com> In-Reply-To: <20180508012745.7238-1-ying.huang@intel.com> Accept-Language: en-US, ja-JP Content-Language: ja-JP X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.51.8.80] Content-Type: text/plain; charset="iso-2022-jp" Content-ID: Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 X-TM-AS-MML: disable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 08, 2018 at 09:27:45AM +0800, Huang, Ying wrote: > From: Huang Ying > > In ab676b7d6fbf ("pagemap: do not leak physical addresses to > non-privileged userspace"), the /proc/PID/pagemap is restricted to be > readable only by CAP_SYS_ADMIN to address some security issue. In > 1c90308e7a77 ("pagemap: hide physical addresses from non-privileged > users"), the restriction is relieved to make /proc/PID/pagemap > readable, but hide the physical addresses for non-privileged users. > But the swap entries are readable for non-privileged users too. This > has some security issues. For example, for page under migrating, the > swap entry has physical address information. So, in this patch, the > swap entries are hided for non-privileged users too. > > Fixes: 1c90308e7a77 ("pagemap: hide physical addresses from non-privileged users") > Signed-off-by: "Huang, Ying" > Suggested-by: Kirill A. Shutemov > Cc: Konstantin Khlebnikov > Cc: Andrei Vagin > Cc: Michal Hocko > Cc: Jerome Glisse > Cc: Daniel Colascione > Cc: Zi Yan > Cc: Naoya Horiguchi Hi ying huang, This patch looks good to me. Reviewed-by: Naoya Horiguchi > --- > fs/proc/task_mmu.c | 26 ++++++++++++++++---------- > 1 file changed, 16 insertions(+), 10 deletions(-) > > diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c > index a20c6e495bb2..ff947fdd7c71 100644 > --- a/fs/proc/task_mmu.c > +++ b/fs/proc/task_mmu.c > @@ -1258,8 +1258,9 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, > if (pte_swp_soft_dirty(pte)) > flags |= PM_SOFT_DIRTY; > entry = pte_to_swp_entry(pte); > - frame = swp_type(entry) | > - (swp_offset(entry) << MAX_SWAPFILES_SHIFT); > + if (pm->show_pfn) > + frame = swp_type(entry) | > + (swp_offset(entry) << MAX_SWAPFILES_SHIFT); > flags |= PM_SWAP; > if (is_migration_entry(entry)) > page = migration_entry_to_page(entry); > @@ -1310,11 +1311,14 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, > #ifdef CONFIG_ARCH_ENABLE_THP_MIGRATION > else if (is_swap_pmd(pmd)) { > swp_entry_t entry = pmd_to_swp_entry(pmd); > - unsigned long offset = swp_offset(entry); > + unsigned long offset; > > - offset += (addr & ~PMD_MASK) >> PAGE_SHIFT; > - frame = swp_type(entry) | > - (offset << MAX_SWAPFILES_SHIFT); > + if (pm->show_pfn) { > + offset = swp_offset(entry) + > + ((addr & ~PMD_MASK) >> PAGE_SHIFT); > + frame = swp_type(entry) | > + (offset << MAX_SWAPFILES_SHIFT); > + } > flags |= PM_SWAP; > if (pmd_swp_soft_dirty(pmd)) > flags |= PM_SOFT_DIRTY; > @@ -1332,10 +1336,12 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, > err = add_to_pagemap(addr, &pme, pm); > if (err) > break; > - if (pm->show_pfn && (flags & PM_PRESENT)) > - frame++; > - else if (flags & PM_SWAP) > - frame += (1 << MAX_SWAPFILES_SHIFT); > + if (pm->show_pfn) { > + if (flags & PM_PRESENT) > + frame++; > + else if (flags & PM_SWAP) > + frame += (1 << MAX_SWAPFILES_SHIFT); > + } > } > spin_unlock(ptl); > return err; > -- > 2.17.0 > >