Received: by 10.192.165.148 with SMTP id m20csp4173059imm; Tue, 8 May 2018 04:19:11 -0700 (PDT) X-Google-Smtp-Source: AB8JxZovezyJOHLmxEWEI82uTyMZGBfoOGXTTTmOX4RinlmBvA3h0P2872z5j385Y/cslTSs4d3A X-Received: by 10.98.7.140 with SMTP id 12mr28291441pfh.178.1525778351672; Tue, 08 May 2018 04:19:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525778351; cv=none; d=google.com; s=arc-20160816; b=R3BzVBLAFIo+JQa8zrbVwyzLUxC0po54fKExJRgJxr2g18KGU3bnsm1vUzMCRX6gIt AEdWipAQ36o6n2K+Yyic6MLn4SGsZjNAGF6pD6xdhiMvr/YwrANtEHsPf6WymbsOVa4y At2/YygX6lpdUrS+76QiYSCZAAzx86acgj5C5GtoplytMFk7xFQR3QW80kVVk0VJqqFC RhEdSd/ovfGvW+0nGsppL9QDMAR9CARwEZAO/PwDJgeKdyTzwgJ/8bgEgwwJgX8HS2Ik E3lukV4ZOmEZYTTtAY7UIbmUdDkaypCvheCrDa9yWCrCfUqhJmRxFXbhQmtlLQyHnw9z MEUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=whAmlWigubPbdMaH1s0uVWv4c8owKPZAu7p8gHT4zQk=; b=ydGOLAWNMTWv1oTejl4OwfwWoTSh6M8WaWD5iNGLgrKgM9LCuPGJ+aNqyY8/RlJcOj ZUGpRRR1HcInxWDRJj2K5uBoi0GGMRSHZXVADLutuDv4IlWYB3ae9bLR1ux6TAyeh70M 81s8sXWlBTn70oJOMUe6StC17wSF/lV5ISCrS+J0kOCHRr0HFxDFAYe1X3L0u3UE6cxm Y23afDS+tUjGF/xA/W5drqwko1KQJDkYtArQpb9JVLmsFxV3PUcTP0SHfOMCY3Kr4el8 icHkMNxsLnCmPlxCFDpsmqbSiebqQ5sQR1RREiJ5bVxFBG9/RgevapK9R/IlPg86kXOo 1ang== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yandex-team.ru header.s=default header.b=aakECl99; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex-team.ru Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f85si24605573pfj.125.2018.05.08.04.18.57; Tue, 08 May 2018 04:19:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yandex-team.ru header.s=default header.b=aakECl99; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex-team.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754406AbeEHLRn (ORCPT + 99 others); Tue, 8 May 2018 07:17:43 -0400 Received: from forwardcorp1o.cmail.yandex.net ([37.9.109.47]:45031 "EHLO forwardcorp1o.cmail.yandex.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754297AbeEHLRm (ORCPT ); Tue, 8 May 2018 07:17:42 -0400 Received: from smtpcorp1o.mail.yandex.net (smtpcorp1o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::30]) by forwardcorp1o.cmail.yandex.net (Yandex) with ESMTP id 58C53216CC; Tue, 8 May 2018 14:17:40 +0300 (MSK) Received: from smtpcorp1o.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtpcorp1o.mail.yandex.net (Yandex) with ESMTP id 55B8B2440DDD; Tue, 8 May 2018 14:17:40 +0300 (MSK) Received: from unknown (unknown [2a02:6b8:0:40c:fd7c:73e6:b819:b4c2]) by smtpcorp1o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id Zk9cfV7axA-HeWGLpkC; Tue, 08 May 2018 14:17:40 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1525778260; bh=whAmlWigubPbdMaH1s0uVWv4c8owKPZAu7p8gHT4zQk=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=aakECl99mtIyOjq4zxEntt9mnRMpnHghvrZ/jWWIAweujfIWX01Tb86FofuK1EeK6 8xp08nuxLBPIqk4YMV9R6b/MtNEBb4tDbrgeZkRcqPydpx0Lzw6cOM24nlJRgD0qQx xYp2glUhSso56Ipq23P/mLogFwE6/7kNH4CyBzYE= Authentication-Results: smtpcorp1o.mail.yandex.net; dkim=pass header.i=@yandex-team.ru Subject: Re: [PATCH -mm] mm, pagemap: Hide swap entry for unprivileged users To: "Huang, Ying" , Andrew Morton Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrei Vagin , Michal Hocko , Jerome Glisse , Daniel Colascione , Zi Yan , Naoya Horiguchi , "Kirill A. Shutemov" References: <20180508012745.7238-1-ying.huang@intel.com> From: Konstantin Khlebnikov Message-ID: <19a9a3f8-3113-f2bb-b83f-1c423069e3d0@yandex-team.ru> Date: Tue, 8 May 2018 14:17:39 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180508012745.7238-1-ying.huang@intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-CA Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 08.05.2018 04:27, Huang, Ying wrote: > From: Huang Ying > > In ab676b7d6fbf ("pagemap: do not leak physical addresses to > non-privileged userspace"), the /proc/PID/pagemap is restricted to be > readable only by CAP_SYS_ADMIN to address some security issue. In > 1c90308e7a77 ("pagemap: hide physical addresses from non-privileged > users"), the restriction is relieved to make /proc/PID/pagemap > readable, but hide the physical addresses for non-privileged users. > But the swap entries are readable for non-privileged users too. This > has some security issues. For example, for page under migrating, the > swap entry has physical address information. So, in this patch, the > swap entries are hided for non-privileged users too. > > Fixes: 1c90308e7a77 ("pagemap: hide physical addresses from non-privileged users") > Signed-off-by: "Huang, Ying" > Suggested-by: Kirill A. Shutemov > Cc: Konstantin Khlebnikov > Cc: Andrei Vagin > Cc: Michal Hocko > Cc: Jerome Glisse > Cc: Daniel Colascione > Cc: Zi Yan > Cc: Naoya Horiguchi Looks good. Reviewed-by: Konstantin Khlebnikov > --- > fs/proc/task_mmu.c | 26 ++++++++++++++++---------- > 1 file changed, 16 insertions(+), 10 deletions(-) > > diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c > index a20c6e495bb2..ff947fdd7c71 100644 > --- a/fs/proc/task_mmu.c > +++ b/fs/proc/task_mmu.c > @@ -1258,8 +1258,9 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, > if (pte_swp_soft_dirty(pte)) > flags |= PM_SOFT_DIRTY; > entry = pte_to_swp_entry(pte); > - frame = swp_type(entry) | > - (swp_offset(entry) << MAX_SWAPFILES_SHIFT); > + if (pm->show_pfn) > + frame = swp_type(entry) | > + (swp_offset(entry) << MAX_SWAPFILES_SHIFT); > flags |= PM_SWAP; > if (is_migration_entry(entry)) > page = migration_entry_to_page(entry); > @@ -1310,11 +1311,14 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, > #ifdef CONFIG_ARCH_ENABLE_THP_MIGRATION > else if (is_swap_pmd(pmd)) { > swp_entry_t entry = pmd_to_swp_entry(pmd); > - unsigned long offset = swp_offset(entry); > + unsigned long offset; > > - offset += (addr & ~PMD_MASK) >> PAGE_SHIFT; > - frame = swp_type(entry) | > - (offset << MAX_SWAPFILES_SHIFT); > + if (pm->show_pfn) { > + offset = swp_offset(entry) + > + ((addr & ~PMD_MASK) >> PAGE_SHIFT); > + frame = swp_type(entry) | > + (offset << MAX_SWAPFILES_SHIFT); > + } > flags |= PM_SWAP; > if (pmd_swp_soft_dirty(pmd)) > flags |= PM_SOFT_DIRTY; > @@ -1332,10 +1336,12 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, > err = add_to_pagemap(addr, &pme, pm); > if (err) > break; > - if (pm->show_pfn && (flags & PM_PRESENT)) > - frame++; > - else if (flags & PM_SWAP) > - frame += (1 << MAX_SWAPFILES_SHIFT); > + if (pm->show_pfn) { > + if (flags & PM_PRESENT) > + frame++; > + else if (flags & PM_SWAP) > + frame += (1 << MAX_SWAPFILES_SHIFT); > + } > } > spin_unlock(ptl); > return err; >