Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2106133imu; Sat, 5 Jan 2019 14:58:04 -0800 (PST) X-Google-Smtp-Source: ALg8bN6vNcAnoyzouvEsRcd6kOz8om4/ceZTL+T+eMRnXCzssbu4MByNn+e4p19E8SJKyYB1fwmd X-Received: by 2002:a62:6503:: with SMTP id z3mr56084690pfb.169.1546729084286; Sat, 05 Jan 2019 14:58:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546729084; cv=none; d=google.com; s=arc-20160816; b=ZIgOYg61Vr7lJdrrUcjPXIfRcChhZHBG7MY5ev0a9VgOKxhskTulGERf/RG+8ksjUX FX/Abd8fLssOs4uzhK8LrOg2ieW09vzk0fRGX62OC0fmZXZybMV19SIHmhmWDLQfnZ72 FwY6dbjHLzrgyah0mx+xlbIRhIdDS6jEEJmuN51lk32Y6emQA+22M/lffIztyAnvEX4Z CO8AyO+ecQHDJbbvQ/Yzj3rB2EA/j1B1pS/SFGP45LSTg/SDSSV57Vrri6vz4MeT8mBa hJQQ5yVQKWww8ByrOUTsxWU9IrF0jfkyhXha70kgAzo6bJvIOmlN5/o1cLzy3+rJ8NYI NH2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=AWttGSuK6p3ZjKI0uWuqGI1eUFhgSNn7XCSj6cGkh3c=; b=xgfrwkvr9/hrdfHsc8fAUmJZgLDmFkgIjCrXY9LYn6WFRQi9E55ILGuWkJzj2+xuEW h4cwyXbrAOO1zZvkwrfihR5hC/ZxpG9tcVMXq024I2hZTTwgBzC+M9ivVLIiu8S8/4ap H6TYyCHpT8uD1Y149rJgETv8kY1DOBEAJ+7cXlI4JzON/zv1gN1fYx1lfSPUz6qd+Wqs xp7nDsGmCP6saV6FLWToCpV9zOYkss9ZN4x3tAQgbl/Be/Nf9N7Q5eL1xTDzSIXQl31p wyBWWuSd0Ua6PmL1R6dvlHz9x4p6m1KoXyH5V2mXHjrkepAbVgfE3N27m32k1HqHh92F DdiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=eqx40GO4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b6si6199889pls.367.2019.01.05.14.57.34; Sat, 05 Jan 2019 14:58:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=eqx40GO4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726412AbfAEWy7 (ORCPT + 99 others); Sat, 5 Jan 2019 17:54:59 -0500 Received: from mail-oi1-f195.google.com ([209.85.167.195]:43175 "EHLO mail-oi1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726395AbfAEWy7 (ORCPT ); Sat, 5 Jan 2019 17:54:59 -0500 Received: by mail-oi1-f195.google.com with SMTP id u18so33135341oie.10 for ; Sat, 05 Jan 2019 14:54:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AWttGSuK6p3ZjKI0uWuqGI1eUFhgSNn7XCSj6cGkh3c=; b=eqx40GO4zIHPgE+QjMGQalPzUUHZbK7ytCQV+2CmGTqAUsFauvbP9beoaPzxmfh4d+ QU4cVFLFYhOt/plmBGqWDbEMqcof5mtji5luIYrMfZuR87Vmn9mcGAGLmARrd8WY8w5J wsnO2lspdw7kaXOjpkWdVqh3lt8wOKbujTIYogecUOZqLuhilFfHIEtaxiJuqjlwpjx7 ITEVR+0BTJp+xdMwflGSwgGQPgU3Y3a4HfKHs6hF2QJFwys4JpD4J/WJNo9vfADUtat6 7zW/F1xVn3DSNj8gWosEo4KlI2TRjW5aDrfDQidAT+Td6IYrQsMl4UGKPh6jF0qkafFu r+NQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AWttGSuK6p3ZjKI0uWuqGI1eUFhgSNn7XCSj6cGkh3c=; b=T3wjjSx6qazPTWqe92r1vJPTYlqCwai2wf7g2e/le5soxl9Mm2k6qzI4vEFzGoTiEJ cOmbqrmQEP6pofBXbKrTnvvxGEy+O4IjVIBbDOI9uOFFg8szWXbTRJoxCBp6rOB38+J9 uHWYaKn7zl5Hvr7O2iNP+wJtceYhXxvxukVIrBS1xF96JIFg2C7m4AM4JqxCLEvlgl9i 3/VSEqpDPVa4mK3ke2t1z1QJpdz1Mx/3WvMKAUvcYzedH1vIf35e2Oe+1JcqXwi/iAr/ 05GayvwxMvKD4nwhmC8XpL6h21RYOIpIhE1IO5etF5FoyLpvndT1/PbOWA9WwpVS4Ejp J8iA== X-Gm-Message-State: AJcUuke6e/SZ8IO9wJOFDWG6s8xJ51PZSxbzNJ1DnAaE3vfuSy8gNMN/ PVLC/i5KgKnOY/ENBfn2enOiURbQ1kAeAqOb4hwQqQ== X-Received: by 2002:aca:bcc6:: with SMTP id m189mr4630820oif.337.1546728898294; Sat, 05 Jan 2019 14:54:58 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Jann Horn Date: Sat, 5 Jan 2019 23:54:32 +0100 Message-ID: Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged To: Jiri Kosina Cc: Linus Torvalds , Andrew Morton , Greg KH , Peter Zijlstra , Michal Hocko , Linux-MM , kernel list , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 5, 2019 at 6:27 PM Jiri Kosina wrote: > There are possibilities [1] how mincore() could be used as a converyor of > a sidechannel information about pagecache metadata. > > Provide vm.mincore_privileged sysctl, which makes it possible to mincore() > start returning -EPERM in case it's invoked by a process lacking > CAP_SYS_ADMIN. > > The default behavior stays "mincore() can be used by anybody" in order to > be conservative with respect to userspace behavior. > > [1] https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/ Just checking: I guess /proc/$pid/pagemap (iow, the pagemap_read() handler) is less problematic because it only returns data about the state of page tables, and doesn't query the address_space? In other words, it permits monitoring evictions, but non-intrusively detecting that something has been loaded into memory by another process is harder?