Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3790215imu; Mon, 7 Jan 2019 09:28:29 -0800 (PST) X-Google-Smtp-Source: ALg8bN40pLspIDzflsKuvYI2kLUpAYZM/0uJpv5i/9pcGA+DuQTUJr+Vp9lxBDqYmngSwj0+H1P2 X-Received: by 2002:a65:40c5:: with SMTP id u5mr11315810pgp.46.1546882108985; Mon, 07 Jan 2019 09:28:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546882108; cv=none; d=google.com; s=arc-20160816; b=a6SdLEy1fIEpPs7AtKdHp5TBMk8MTT6XYST3rgTcxA6i6CCcw8k71qa/Axy4i3XEnv Nge1i5I6vD9yqG3hZhzXL5aJCnsSAhqTYMub494PUpkcsheaFCc8oPjOUNtJjTY4d0vQ dgcbzrZ0hWz4QA9BgYq1x7BDZWmDBllYrZ4VM6lA3gHBC9favVOdGx7B02A/1CDPPByV xsn1GSI1NSSflI6axGkERjcb/vM65YSGLNcebAhGiLXuVC105nVKRzkE1VGRI8/IfhYb KZnvBmzqrUPE6cvVQBY37BiVnPA3YulCtLfeKDG32lZ9J/2vFv55RnpDBnsqWxhsv0et Dc4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject; bh=jdAQI7h4nZBiI2MoZVDg7XVwpo/XlD0FnI1SHy8cPYs=; b=vJWrDajJ/sVw1YvmLYl4tMtAQIyn+mYhKc2PoMpBTL53JrbKxrVxpLagfxqSLXtW9c Nbft40PAFkl/9dHEZSJwwiigBn0FaGPZu8EQ+3gz+JbsjAotT+pExyWSqEPFzq7iQUYE imkgqJ8jMG33wMq+T4nw1+NsIM7v8GGSqH/2A43XJ8A7ezPtIUm4QMR3VmeAbsw4d1BJ so823p3cBfb/8bTZxyud1UvfHaXGE7ADEuhCPV8JY3Phe27gaDrhbRGPIb02OQ8TyC73 pPBvl8X5v7slHMh35H3F1ABX6uNWSby0n5G2sgcjjHU0f8L4nNA4KD//VbK88uUk4VVi P2iw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x3si60296226pgf.453.2019.01.07.09.28.13; Mon, 07 Jan 2019 09:28:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727397AbfAGNiA (ORCPT + 99 others); Mon, 7 Jan 2019 08:38:00 -0500 Received: from gruss.cc ([80.82.209.135]:51704 "EHLO mail.gruss.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726886AbfAGNiA (ORCPT ); Mon, 7 Jan 2019 08:38:00 -0500 X-Greylist: delayed 533 seconds by postgrey-1.27 at vger.kernel.org; Mon, 07 Jan 2019 08:37:59 EST Received: from [192.168.0.30] (80-110-159-138.static.upcbusiness.at [80.110.159.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: lava@gruss.cc) by mail.gruss.cc (Postfix) with ESMTPSA id 519502A00C5; Mon, 7 Jan 2019 13:29:04 +0000 (UTC) Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged To: Dominique Martinet , Vlastimil Babka Cc: Linus Torvalds , Matthew Wilcox , Jann Horn , Jiri Kosina , Andrew Morton , Greg KH , Peter Zijlstra , Michal Hocko , Linux-MM , kernel list , Linux API References: <20190107043227.GA3325@nautica> <151b4ac8-5cfc-ed30-db30-e4d67a324c4b@suse.cz> <20190107110827.GA15249@nautica> From: Daniel Gruss Openpgp: preference=signencrypt Autocrypt: addr=daniel@gruss.cc; prefer-encrypt=mutual; keydata= mQINBFok/U0BEADLXryCuJ5Y11N5tOGwyRJU4H02+4wrG8cwA6n0yLi7Ff57c/1/MQvCbnEj /Bc9YnujAJJb18QdauUVj9D8AbqDpPk6mR6GUCpeBXLMnzhtK8z/yvNpstwXG7+0J8S7xV7C 7Lht+t75urEjOlB/pL7c0us0ofcXDh5QNfq8jJy5u1hsV+S1JzMC8XAfK6yPfAaOi6K+P1b4 5XAUna6iagIbthivY7ZRa5LLIQFAisrjMHFB1tGklBzm3IxKBowggQJ7zukZHCIFTm3wB2ES SOhmaSvYa7NTOnySAm5WBfmnQ6bbfktFd6D0t+nCo4PVCid6poBr0JuvHIQdPzoUTObSpdBX hNeF+o+ZqnIa0pogddqRA3+PBQ6wqnAm21O8VQNX0sTOSFR0udVURWiZf600l+pY2s+qtxLT 3yFVLIs1sU8qjHcjUtJLSkCw6waM69PCzBeHGxnP6hMdYTwlqatr3OrcfcdH0jNlE3ln05SY 0Emo0zHN2D9Hf1y18iyUu1ygM8rdt48xEJZai3nkw/F/A318Fu98lIXFKBzKFd1uvAc3i59E Y5IVxklQNZhPYq9gUq/unnFmpF5ezeyex0Y+hElUlXGk9YgLvSygsXvIO+T3DpDpVycHIu5k AZ4GC8/YmVgwXRweaMuNeIEnsIKmPCqIQ0fWUMBF90D4C3vcjQARAQABtB5EYW5pZWwgR3J1 c3MgPGRhbmllbEBncnVzcy5jYz6JAlQEEwEIAD4CGyMFCwkIBwIGFQgJCgsCBBYCAwECHgEC F4AWIQTczWCjO7iAPF0Z2t17BWSF5qix3QUCXA/kowUJFLbqUwAKCRB7BWSF5qix3TbpD/90 oA1OIcDUVJ6DaElXjzD38JWNwkGgnE8+biv2dBS2erT9PJ1aQb6jkXXb0gv4Am/P3Bt+t7A8 KAS4PUeEXG7054NtYdPjVahE263CpRcPlpXfWyNhbq6pcQUMG6UCrY9ELaxPNiSngmcjoMAP gfnItCTsCZKDGiZjp+eoS/7SlAMJ0y7a5MDMMFMo/daYM7b5iqBhNAT89kdzUNzeZrWG2wJS 8H//USkNnHfLbXMw3gNbC1fVmh90qXDgpfd/TVxQG2DVFPDVgX4im/mfM56tByEaMqqaTg7V 1L+dJswgthZ54arojBfFJwxZ3jcasAHADzqj/E371sG1JV/WBE/C3u95QmTLTVKL7lYWZdhg pCgUAPP4/XJNUa6NkERcOdol/3WCIm9tl9L73UFkCAgekjMIKzvBTosga9nVueLt7kNmb12a f7r+J0/YfXgG6urK/DoF2J/YbbmtDVy4qCRYI3XAf1tLThhs+mBM5v4lYB8aevkzv+H74Cbf f5O7rqmSxYncKJYvt92BdmXQR+3MxfNUmKTGfcxsQSkOiBt7q4zxlZ2UHwy1X6kHAo5HLC4B DuhNiq0h1T9+mwB+f+0Sf7m6LfyRJ4lN//8ZQSHk0O49r8VoN2MEf09+Wp3982n2+QMI+XbS x9vRUxCsXm2/M1wDIAQ9onlXHv63iZJnBrkCDQRaJP1NARAA4C+gbA3gw/fRQ4qgnqCnebzS 8m1Knc6Q8v7TXE8wO5DSltiEBRWSTwLfJpBaCEwlZsxPUiOZVv008LW5AiXq6xWiETXxz/6A o1Qq2T/t5SY+jEDa8yFTyHZOhh0BxlGMh0iCfb3OJik0bifa/MdXdlEcKIi56IrhZ08voNQB ABsLcBuUMWFU8gIY8q7vVWd/i5BlQJs6rWf/DF4xP1flxhXrYtWNCr8tv9t6lYbxvUsqv/4Q ET87rYaHcSbPEqm3Jvfs3yhvQDfXTA/Ez1pLS4Rg7pyrKtYi/wPJtO26L49I6+u3+Zf7jngp W1QqSOr2Hwmc9vIr2MOGEEF/a3MrI+Mfh98dMvGJV+PJq2/KQpWYynldE25jdblt7Pv8P0HK 3DYrkq2ZQDNbIzMUXB7xb0+P7GJyx5bUr/vwDxdndpVKFKAlMTYNVwuL2o7F0LS2T/xlZqzY x6r/Is8EFU/YprOR6h8W3plxkoGw/DASbE4BnfhxUHMz5DAEWn4cxfCqvZThZuRbjN3eCz40 EB0qRI1sIGuoazlzr5D+fr0RQspecPUzZjsyWABxLBB75vqiqnYpXmD/YHsEWveLQQXdhkKM 0ugKXSMLFzVO7V/87GLvSio8Nf669gvWrIsruT1eh2d58wB4JXh1caz8SUmLbJVRTQByVKnP 82Y10jtCf0kAEQEAAYkCPAQYAQgAJgIbDBYhBNzNYKM7uIA8XRna3XsFZIXmqLHdBQJcD+Sj BQkUtupWAAoJEHsFZIXmqLHdIRsP/i9NmhzJp1BWVrNo6Th6ngKetuGZnSokffT9qObh3gLW oRrBDcN68eYzjBOS8GSntuhgwUA3tbKHlUwl7Ce27ST9SuJAZJ8BnDPxJ14ksLzD4uN/OsuC lys8KLKxdGRx4indm2d4xDvMhJQejPLLqpDFBvkZVLN/jaPeptLW4GM9J1PqoxelYN1+mpme rw45E7+Knv0sfmxDGcrFvHT8Zpa3XY5+M+wUeds7tWLfZk7n3jOUhuYCJ5Ld/7ueJCpUwebe 5KE9v54lPu+cTjMCCaGC/25kn+A0KaSuTD3gbTt4JqlCk9+TX4foOhnD6iqumvxSjGuFCMYA ToK0aXnChfrx9P7ceNvDfnNlAK0XDIp9w67mhdBsiv1yZVlnhsZk7IgdtS76PcN7l+XJbmcU JARl0bZxxNyP7bY91KqippU3fxHScnvfURSWQpsydLil2WEvhgTKt74lAKvjnSFSZJk4E2vq Yu01qV1YLfOyi3Es6VAEIZNkAhnnQhP7S/ew+67iMio/yVU6ViP6XraMkEaTouX1Ofk9/+bj YpW9AKDKhq5JxFRNRLM6wL+hnlwpY7wJi2fWzeXcNaakEWOZFJ5ybHXYD02gG9zMFw5xV1EZ o0tIyWv7O6P8gsESw6LU6LEO2jjBK03OAh9Q7VfkIP1gzRGF6DcbQxLev8D8ArI3 Message-ID: <3b6525a6-4d8b-b5f4-67cd-0e230eb2691e@gruss.cc> Date: Mon, 7 Jan 2019 14:29:03 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <20190107110827.GA15249@nautica> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/7/19 12:08 PM, Dominique Martinet wrote: >> That's my bigger concern here. In [1] there's described a remote attack >> (on webserver) using the page fault timing differences for present/not >> present page cache pages. Noisy but works, and I expect locally it to be >> much less noisy. Yet the countermeasures section only mentions >> restricting mincore() as if it was sufficient (and also how to make >> evictions harder, but that's secondary IMHO). > > I'd suggest making clock rougher for non-root users but javascript tried > that and it wasn't enough... :) > Honestly won't be of much help there, good luck? Restricting mincore() is sufficient to fix the hardware-agnostic part. If the attack is not hardware-agnostic anymore, an attacker could also just use a hardware cache attack, which has a higher temporal and spatial resolution, so there's no reason why the attacker would use page cache attacks instead then. Cheers, Daniel