Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3317704imu; Sun, 11 Nov 2018 12:14:28 -0800 (PST) X-Google-Smtp-Source: AJdET5cKWu2HgdR1p4+bEmwcwboqWVHytRac/d1cBTFUc4BGBCzVHR0fc6TybsJLndoWmUF0HKJh X-Received: by 2002:a62:d703:: with SMTP id b3-v6mr17632189pfh.90.1541967268771; Sun, 11 Nov 2018 12:14:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541967268; cv=none; d=google.com; s=arc-20160816; b=XiLwK72+5ph095TvR8WSbIY058oF10ca6CGiA1Nfd4eDD4wETVLL62TU8EQCtyo41Z FQXXJU3DNV7UVV53FNrhSNOyS78dKdJks7xmAcy3lz/sc0KfdAV5fPdF5AuGPxs8XU/s UfVEg5QHf1VkVBs6dBDeSS5Pt88RTELDvegRV3Gd644e/9aJdJbV+6hjtXN9Ds9FMaAK gI04LOTUQGnZtBmm5IDopb8GI7z8NC0fURUssb9okdLNnbiqr7E92Vl5lzPSJT1u0gXW M56SHzE973iAXlw73ylaLos/+q3pes0SqKY6u20JyD6nYmE3R2K0I34ekM4PtH4t6/Eg Citw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition; bh=tkFxpKWwk/Gsay8+Ghe1cVO7snrIVQfBH1hZB4Lq9aA=; b=izXStTnOnBcuKrA9SVa6tNVvptS2hrw4zBwDBQJcSSgxAOGRlh8AG/WCVEuxdankZj qcjBkmXvtwoUUIIrLVc+Bz5/Xa7I4kHVUTLhMBRuB3MIrdoJgKaZyYn1tR+fcNFV3Rjg /29eGtqsMH8O/JW6w7r/NT13NuXFs0EK3arVZ80Eqe5BstTL5YXD30Uyaxz9PiRivWJD Comj5A3nPKAiqOWCbsy8f0wzzu5b/sX1WPEZd7ajG0MAXDP6TvLHWL8WfZEliPuMCmOJ FrjeTMmWN+nj1Sc/WqqDSE+CyAClyj700eqdsAtK3cvYciV8055YnpC+W+uc17JHXeKc PYsA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v1-v6si14833148plo.134.2018.11.11.12.14.13; Sun, 11 Nov 2018 12:14:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731530AbeKLGBz (ORCPT + 99 others); Mon, 12 Nov 2018 01:01:55 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:52590 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730702AbeKLGBy (ORCPT ); Mon, 12 Nov 2018 01:01:54 -0500 Received: from [192.168.4.242] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1gLvt3-0000l4-Dq; Sun, 11 Nov 2018 19:59:13 +0000 Received: from ben by deadeye with local (Exim 4.91) (envelope-from ) id 1gLvsR-0001Wx-Lc; Sun, 11 Nov 2018 19:58:35 +0000 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Linus Torvalds" , "Zi Yan" , "Daniel Colascione" , "Andrei Vagin" , "Naoya Horiguchi" , "Huang Ying" , "Jerome Glisse" , "Konstantin Khlebnikov" , "Michal Hocko" , "Kirill A. Shutemov" Date: Sun, 11 Nov 2018 19:49:05 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 125/366] mm: /proc/pid/pagemap: hide swap entries from unprivileged users In-Reply-To: X-SA-Exim-Connect-IP: 192.168.4.242 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.61-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Huang Ying commit ab6ecf247a9321e3180e021a6a60164dee53ab2e upstream. In commit ab676b7d6fbf ("pagemap: do not leak physical addresses to non-privileged userspace"), the /proc/PID/pagemap is restricted to be readable only by CAP_SYS_ADMIN to address some security issue. In commit 1c90308e7a77 ("pagemap: hide physical addresses from non-privileged users"), the restriction is relieved to make /proc/PID/pagemap readable, but hide the physical addresses for non-privileged users. But the swap entries are readable for non-privileged users too. This has some security issues. For example, for page under migrating, the swap entry has physical address information. So, in this patch, the swap entries are hided for non-privileged users too. Link: http://lkml.kernel.org/r/20180508012745.7238-1-ying.huang@intel.com Fixes: 1c90308e7a77 ("pagemap: hide physical addresses from non-privileged users") Signed-off-by: "Huang, Ying" Suggested-by: Kirill A. Shutemov Reviewed-by: Naoya Horiguchi Reviewed-by: Konstantin Khlebnikov Acked-by: Michal Hocko Cc: Konstantin Khlebnikov Cc: Andrei Vagin Cc: Jerome Glisse Cc: Daniel Colascione Cc: Zi Yan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds [bwh: Backported to 3.16: - Only PTEs can be swap entries - Adjust context] Signed-off-by: Ben Hutchings --- --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -938,8 +938,9 @@ static void pte_to_pagemap_entry(pagemap if (pte_swp_soft_dirty(pte)) flags2 |= __PM_SOFT_DIRTY; entry = pte_to_swp_entry(pte); - frame = swp_type(entry) | - (swp_offset(entry) << MAX_SWAPFILES_SHIFT); + if (pm->show_pfn) + frame = swp_type(entry) | + (swp_offset(entry) << MAX_SWAPFILES_SHIFT); flags = PM_SWAP; if (is_migration_entry(entry)) page = migration_entry_to_page(entry);