Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp232141imu;
        Tue, 8 Jan 2019 18:35:50 -0800 (PST)
X-Google-Smtp-Source: ALg8bN6Q//ymT1bNPETGHPp42JfOzfhkWrDdO/7tWtMkil6mqjqjihcdnklgZ4QYbDAsQltCuNyi
X-Received: by 2002:a65:65c9:: with SMTP id y9mr3870898pgv.438.1547001349948;
        Tue, 08 Jan 2019 18:35:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547001349; cv=none;
        d=google.com; s=arc-20160816;
        b=Yt1cT05i5JS5N259YbHJ5Ua6zVKq0Au9j6MvUDfoaFP3IdhqwZLigU/W2bYAq0ca9P
         LCXnm3vzwqeMxMgRiUrGTOUpPe7V5ud7Bju4d8FHjt4HZSPtMcEE3RBXlz+qKioIB8rs
         qBHbf0B5vtBxioatfz4dBiaGScT391/Xhee435/A8jJW0WM5BXOT4v5UFxqUT3x0Mmcx
         RFazBrBl0BfRjX2++PY1+bNsjPxqamqyZ65bl6AciGWeeORanpVqaiZvxWzwfVkpb7Gl
         C92ghyLDihwKI2t2tjfrlXZp5SqT+paIqi6FL6c6syvz15A0Ngxm+07Lt4Ja2QZcCuuS
         BZnQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=TZE1yZrtEyR+lBk0N8kxSweADarJQTGJbRD12vzgFwE=;
        b=apaLlCLosSLzR1rFyXrWD32E17RKxLVuJ7KJK3t1aCRN/AR8asNmd7ZHvK0NEVriyU
         ibfFhXD5h97z61UdrWDqVrI2KDxrLB3OKraUJpPEmbiimx2cOabnGj2FXFkkXCsB+fJi
         JKhUanphuwGPHLThhX6AFKdjijkktAo1qRPgtWnyeDXIzR/OXtC5Xer+zLw1hKI+/56S
         rQai6GWWcjAF21/d6K59aPQBbsLq9POz0Y1iIlyXFPyy1qe5NIxm0dvouYSSZWf43rxH
         FeqC3cnj4EkCRWiAUeeR4Vub0xroOcKrGG8cNNqw1l5emqSVcR6JQwWTpJBlzOU7/wH5
         6pRg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a124si35241551pfb.263.2019.01.08.18.35.22;
        Tue, 08 Jan 2019 18:35:49 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729144AbfAICbi (ORCPT <rfc822;zjuysxie86@gmail.com>
        + 99 others); Tue, 8 Jan 2019 21:31:38 -0500
Received: from mx2.suse.de ([195.135.220.15]:35052 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1728253AbfAICbh (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 8 Jan 2019 21:31:37 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 3C8A2AEAD;
        Wed,  9 Jan 2019 02:31:36 +0000 (UTC)
Date:   Wed, 9 Jan 2019 03:31:35 +0100 (CET)
From:   Jiri Kosina <jikos@kernel.org>
To:     Dave Chinner <david@fromorbit.com>
cc:     Linus Torvalds <torvalds@linux-foundation.org>,
        Matthew Wilcox <willy@infradead.org>,
        Jann Horn <jannh@google.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Greg KH <gregkh@linuxfoundation.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Michal Hocko <mhocko@suse.com>, Linux-MM <linux-mm@kvack.org>,
        kernel list <linux-kernel@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged
In-Reply-To: <20190109022430.GE27534@dastard>
Message-ID: <nycvar.YFH.7.76.1901090326460.16954@cbobk.fhfr.pm>
References: <CAG48ez2jAp9xkPXQmVXm0PqNrFGscg9BufQRem2UD8FGX-YzPw@mail.gmail.com> <CAHk-=whL4sZiM=JcdQAYQvHm7h7xEtVUh+gYGYhoSk4vi38tXg@mail.gmail.com> <CAHk-=wg5Kk+r36=jcGBaLUj+gjopjgiW5eyvkdMqvn0jFkD_iQ@mail.gmail.com> <CAHk-=wiMQeCEKESWTmm15x79NjEjNwFvjZ=9XenxY7yH8zqa7A@mail.gmail.com>
 <20190106001138.GW6310@bombadil.infradead.org> <CAHk-=wiT=ov+6zYcnw_64ihYf74Amzqs67iVGtJMQq65PxiVYw@mail.gmail.com> <CAHk-=wg1A44Roa8C4dmfdXLRLmNysEW36=3R7f+tzZzbcJ2d2g@mail.gmail.com> <CAHk-=wiqbKEC5jUXr3ax+oUuiRrp=QMv_ZnUfO-SPv=UNJ-OTw@mail.gmail.com>
 <20190108044336.GB27534@dastard> <CAHk-=wjvzEFQcTGJFh9cyV_MPQftNrjOLon8YMMxaX0G1TLqkg@mail.gmail.com> <20190109022430.GE27534@dastard>
User-Agent: Alpine 2.21 (LSU 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 9 Jan 2019, Dave Chinner wrote:

> > But mincore is certainly the easiest interface, and the one that
> > doesn't require much effort or setup.
> 
> Off the top of my head, here's a few vectors for reading the page
> cache residency state without perturbing the page cache residency
> pattern:
> 	- mincore
> 	- preadv2(RWF_NOWAIT)
> 	- fadvise(POSIX_FADV_RANDOM); timed read(2) syscalls
> 	- madvise(MADV_RANDOM); timed read of first byte in each page

While I obviously agree that all those are creating pagecache sidechannel 
in principle, I think we really should mostly focus on the first two (with 
mincore() already having been covered).

Rationale has been provided by Daniel Gruss in this thread -- if the 
attacker is left with cache timing as the only available vector, he's 
going to be much more successful with mounting hardware cache timing 
attack anyway.

Thanks,

-- 
Jiri Kosina
SUSE Labs