Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5066838imu; Tue, 8 Jan 2019 10:54:46 -0800 (PST) X-Google-Smtp-Source: ALg8bN4IN5s4yyJebSHknDksBsuhHMuIAqipnMrcfwCxyir7ASfCJHNwdkKVPL8Y+77GYgjrq5ui X-Received: by 2002:a63:184a:: with SMTP id 10mr2521079pgy.81.1546973686894; Tue, 08 Jan 2019 10:54:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546973686; cv=none; d=google.com; s=arc-20160816; b=NtucAbhF8vArxYZcZept08wF4OSI1uAagz0velydoGhHn4QjLZEwvxYQturZ77DiD1 oXNwoQadB2YTHN73xAu5RTZ3MwaHbAXqvQLunI8BQ+9yb30TEeO/GXetaWH3If75aiJ4 6Ait75s68463pW5YbViP5U2vKsecudjvbi15lkrJ+7Tsl0gKu87XgQzXdCdOD1+x1kXz 3N5AzBlI8hPLepn6wx6XnSGuaQu5TrXyKuuSdYBujDzinEXgzU9yQAghBwjWrlzZ1VDC EIv0LjE15q7AygUOa+utItG+cXp3g7w2CN7WiQLD3kZOHcnsOC+3otBidcCxOOxbvyIh wBew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=db+M0hMXHCoSkBdeDd5EZtIcwj8USIPc3aH5GApnu2E=; b=IF4LPE9vPq1+3rFYHUgfwsiBrWUSzDodM3SlzxrFDXcN6rHDifvXoxJcoDl8nRGZe3 /KOCR8liniNa5QoqNNRxNIh5g5TGUd/zwWHZSqZPJFGF4ZljdWxN3Mh4NFStBSGOLo8l P1/qoDGaggem6z3bxNll+nUjhijYZbZlAfhql8804WqX13K4imfqE8pow9fAPrDQAAN6 zOS2T1vnvjCCAWApQ0y/noq5lwLJ6k27UucfNfvoxdLvRSYt1aPVx54rpLALWQyI+WXX acMrHUvSQDD41Di4WrPtKc2Gq3MInILMlmz+cDEbzz5onDlmqte5iy+dobw/ryeAWTqO vSwQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=GokJAs66; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v25si26975833pfj.139.2019.01.08.10.54.31; Tue, 08 Jan 2019 10:54:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=GokJAs66; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729240AbfAHR6L (ORCPT + 99 others); Tue, 8 Jan 2019 12:58:11 -0500 Received: from mail-lf1-f65.google.com ([209.85.167.65]:32916 "EHLO mail-lf1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728977AbfAHR6L (ORCPT ); Tue, 8 Jan 2019 12:58:11 -0500 Received: by mail-lf1-f65.google.com with SMTP id i26so3623819lfc.0 for ; Tue, 08 Jan 2019 09:58:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=db+M0hMXHCoSkBdeDd5EZtIcwj8USIPc3aH5GApnu2E=; b=GokJAs66VB328JuQAj7nCMPOAKLlFcIc1p0dIohaE7gWVg6SFWJMtUNk8AtOJne6fl ykxMuYplWSTTnqZD6aJrfG9Fs/q+OYzkO7lTF3D5CUolWfqub2ihmQauLhXG90AsQt1c 6/pQk57mtM2CylvQftRJfayqv1m0lTg+9u4aM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=db+M0hMXHCoSkBdeDd5EZtIcwj8USIPc3aH5GApnu2E=; b=McPhyMT/aDu6hnUEvcNEV4FQsRgQ0f2KsSgHlZc1bvt7gSLxMwWwNSA4OfL2Gs/RCy 6ZQlXUM8dbNAp6XSsozZDpqyM0jfFEz0aOeUP/+X5K4ngSvZVBhCA0al/7eQmqfYGPeQ TAmEeb0N6n7g96Tb/LEx8Gu4nm+cXZms2afoIabUpsZqt79ZVqF0u4NdhpOt3lYM4qr6 jFil2r5038ucDGZfFPIKv1ei4GLHiJylYA8AcW5mWGWPHrTlfUaQOiYUjWmxrkKFgifg yjyk6KllmrYmPKx6VICliZVQ9S7sjJlPxBM30PSxDtj5gG56uQ5MnJwWvIrJOr0H3H4N v5gw== X-Gm-Message-State: AJcUukfQBWY2OlRfZIGSqh12wV/BmPZKW5uDWbaFzgmxLuLQ7a6KodaY ovfb8lOGTJTCK5rQFYbZ7ZJyDsGXcbGOZQ== X-Received: by 2002:a19:10a4:: with SMTP id 36mr1626956lfq.60.1546970288376; Tue, 08 Jan 2019 09:58:08 -0800 (PST) Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com. [209.85.167.48]) by smtp.gmail.com with ESMTPSA id m1sm13295384lfb.56.2019.01.08.09.58.06 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Jan 2019 09:58:07 -0800 (PST) Received: by mail-lf1-f48.google.com with SMTP id y11so3608247lfj.4 for ; Tue, 08 Jan 2019 09:58:06 -0800 (PST) X-Received: by 2002:a19:6e0b:: with SMTP id j11mr1719606lfc.124.1546970286304; Tue, 08 Jan 2019 09:58:06 -0800 (PST) MIME-Version: 1.0 References: <20190106001138.GW6310@bombadil.infradead.org> <20190108044336.GB27534@dastard> In-Reply-To: <20190108044336.GB27534@dastard> From: Linus Torvalds Date: Tue, 8 Jan 2019 09:57:49 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged To: Dave Chinner Cc: Matthew Wilcox , Jann Horn , Jiri Kosina , Andrew Morton , Greg KH , Peter Zijlstra , Michal Hocko , Linux-MM , kernel list , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 7, 2019 at 8:43 PM Dave Chinner wrote: > > So, I read the paper and before I was half way through it I figured > there are a bunch of other similar page cache invalidation attacks > we can perform without needing mincore. i.e. Focussing on mmap() and > mincore() misses the wider issues we have with global shared caches. Oh, agreed, and that was discussed in the original report too. The thing is, you can also depend on our pre-faulting of pages in the page fault handler, and use that to get the cached status of nearby pages. So do something like "fault one page, then do mincore() to see how many pages near it were mapped". See our "do_fault_around()" logic. But mincore is certainly the easiest interface, and the one that doesn't require much effort or setup. It's also the one where our old behavior was actually arguably simply stupid and actively wrong (ie "in caches" isn't even strictly speaking a valid question, since the caches in question may be invalid). So let's try to see if giving mincore() slightly more well-defined semantics actually causes any pain. I do think that the RWF_NOWAIT case might also be interesting to look at. Linus