Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp232141imu; Tue, 8 Jan 2019 18:35:50 -0800 (PST) X-Google-Smtp-Source: ALg8bN6Q//ymT1bNPETGHPp42JfOzfhkWrDdO/7tWtMkil6mqjqjihcdnklgZ4QYbDAsQltCuNyi X-Received: by 2002:a65:65c9:: with SMTP id y9mr3870898pgv.438.1547001349948; Tue, 08 Jan 2019 18:35:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547001349; cv=none; d=google.com; s=arc-20160816; b=Yt1cT05i5JS5N259YbHJ5Ua6zVKq0Au9j6MvUDfoaFP3IdhqwZLigU/W2bYAq0ca9P LCXnm3vzwqeMxMgRiUrGTOUpPe7V5ud7Bju4d8FHjt4HZSPtMcEE3RBXlz+qKioIB8rs qBHbf0B5vtBxioatfz4dBiaGScT391/Xhee435/A8jJW0WM5BXOT4v5UFxqUT3x0Mmcx RFazBrBl0BfRjX2++PY1+bNsjPxqamqyZ65bl6AciGWeeORanpVqaiZvxWzwfVkpb7Gl C92ghyLDihwKI2t2tjfrlXZp5SqT+paIqi6FL6c6syvz15A0Ngxm+07Lt4Ja2QZcCuuS BZnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=TZE1yZrtEyR+lBk0N8kxSweADarJQTGJbRD12vzgFwE=; b=apaLlCLosSLzR1rFyXrWD32E17RKxLVuJ7KJK3t1aCRN/AR8asNmd7ZHvK0NEVriyU ibfFhXD5h97z61UdrWDqVrI2KDxrLB3OKraUJpPEmbiimx2cOabnGj2FXFkkXCsB+fJi JKhUanphuwGPHLThhX6AFKdjijkktAo1qRPgtWnyeDXIzR/OXtC5Xer+zLw1hKI+/56S rQai6GWWcjAF21/d6K59aPQBbsLq9POz0Y1iIlyXFPyy1qe5NIxm0dvouYSSZWf43rxH FeqC3cnj4EkCRWiAUeeR4Vub0xroOcKrGG8cNNqw1l5emqSVcR6JQwWTpJBlzOU7/wH5 6pRg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a124si35241551pfb.263.2019.01.08.18.35.22; Tue, 08 Jan 2019 18:35:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729144AbfAICbi (ORCPT + 99 others); Tue, 8 Jan 2019 21:31:38 -0500 Received: from mx2.suse.de ([195.135.220.15]:35052 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728253AbfAICbh (ORCPT ); Tue, 8 Jan 2019 21:31:37 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 3C8A2AEAD; Wed, 9 Jan 2019 02:31:36 +0000 (UTC) Date: Wed, 9 Jan 2019 03:31:35 +0100 (CET) From: Jiri Kosina To: Dave Chinner cc: Linus Torvalds , Matthew Wilcox , Jann Horn , Andrew Morton , Greg KH , Peter Zijlstra , Michal Hocko , Linux-MM , kernel list , Linux API Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged In-Reply-To: <20190109022430.GE27534@dastard> Message-ID: References: <20190106001138.GW6310@bombadil.infradead.org> <20190108044336.GB27534@dastard> <20190109022430.GE27534@dastard> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 9 Jan 2019, Dave Chinner wrote: > > But mincore is certainly the easiest interface, and the one that > > doesn't require much effort or setup. > > Off the top of my head, here's a few vectors for reading the page > cache residency state without perturbing the page cache residency > pattern: > - mincore > - preadv2(RWF_NOWAIT) > - fadvise(POSIX_FADV_RANDOM); timed read(2) syscalls > - madvise(MADV_RANDOM); timed read of first byte in each page While I obviously agree that all those are creating pagecache sidechannel in principle, I think we really should mostly focus on the first two (with mincore() already having been covered). Rationale has been provided by Daniel Gruss in this thread -- if the attacker is left with cache timing as the only available vector, he's going to be much more successful with mounting hardware cache timing attack anyway. Thanks, -- Jiri Kosina SUSE Labs