Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2008645imu; Thu, 10 Jan 2019 06:52:05 -0800 (PST) X-Google-Smtp-Source: ALg8bN4EXRe0q4Nq7wmyOosAlS/Mz3kwxOjdKLKqK7fCskalQNUlnEywgXcDyetvYUisKzLsz8nz X-Received: by 2002:a17:902:7c82:: with SMTP id y2mr10471509pll.33.1547131925222; Thu, 10 Jan 2019 06:52:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547131925; cv=none; d=google.com; s=arc-20160816; b=0XrT1rrpzh5TmviguBraJMXrKc4j8Tmx6tqypPCzxuDaONf1R34xHx6QLX9GU2/1fi FGPJwyX3BgRWM2YwFxD23/JsxsRgmP5NUGanjqekVoWpBsEcvBXqzG4F/VhjnFb8uq95 vCT5ol5InjxBdQR0jFHHxLnmjUxajmV05Arlsbb9GWsBmJ8c9Xpee/q8pRjZoIAvgpQY NVhAcpPtneO/e275ARmyzyFNq5+eYC5OB7d4JEX1k43DdnVJHB9ZElXwXbEfXLkERM1s ay7HUvpfV0zC0GznZ09opE8YlS8dIWNvb1z5TnwPV/FlSWkENCF6ME12lSJHliGOl/Ua 7QvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=yf2o7Qr2A0EynpqG9ISnaaUomBOS5WiwMGXUM9f9/Bw=; b=ar7cZtlow4P1Cl/3nbxVg50eKbpQy3qHl9qU2MUU1sSDQb4gwC2a2qrF7Hd2UTrkOg ZWIYXhdWwIhPJtabD2A4LwNXxY59ubLn6ngE5Lt+ep/i5dxylpmt7uFYPkY2dawB9voO 3doSKGpaaY+52h4CYiHksAfG4nxfxFEJe/mw1E2BYZGUaH68d4CdWo30Xx9RPUEXm/Te w7oRmu2y1JmW9ZEGEFXAy72vmtDnF1V6xGBwGa8TzhCxEP+2u0K7aVWMXnL7uQ+bwyUp e0Wd6GLjIr7EEpa96K9IUccdgpVZ5TmVbXyP87quT8JGydqtoXo7D9pGJdCBdte7OtLM uskA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=TbmC6P61; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id be11si850852plb.134.2019.01.10.06.51.49; Thu, 10 Jan 2019 06:52:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=TbmC6P61; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729316AbfAJOu0 (ORCPT + 99 others); Thu, 10 Jan 2019 09:50:26 -0500 Received: from bombadil.infradead.org ([198.137.202.133]:47618 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728162AbfAJOuZ (ORCPT ); Thu, 10 Jan 2019 09:50:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=yf2o7Qr2A0EynpqG9ISnaaUomBOS5WiwMGXUM9f9/Bw=; b=TbmC6P61VuVcfg3sapG+k2XPN OF6DMx4XacypBaKDCKS33Q8595To2868TqaRLjTKv/pzW1Gq6eypAYxhMD9EEetDuNkXc7OLhFjir QjBO4s6tyeA9XXO81ZhVgzxO9hryOl+DSCnB29aRRkAIYolcGa2fL5EkgP+ExRh4IL/Gje/F6jQVy afw+5WoVzQTxsxxU4eyZJKevZaC3f6NANGCj6xwrhDlLh6m/nEWUQDNh0Xagzd+G+zwHy1r+iXzQR +xmsZISm4i4rTgOQ6P4NhXGaUpEgw6h4Wrfi/8ZWC8gWWz/gWsEUREM2+ZDlENv73pUZYUE0oNWW5 ohPSoU3cg==; Received: from willy by bombadil.infradead.org with local (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghbf3-0000D7-06; Thu, 10 Jan 2019 14:50:21 +0000 Date: Thu, 10 Jan 2019 06:50:20 -0800 From: Matthew Wilcox To: Dave Chinner Cc: Linus Torvalds , Jiri Kosina , Jann Horn , Andrew Morton , Greg KH , Peter Zijlstra , Michal Hocko , Linux-MM , kernel list , Linux API Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged Message-ID: <20190110145020.GW6310@bombadil.infradead.org> References: <20190108044336.GB27534@dastard> <20190109022430.GE27534@dastard> <20190109043906.GF27534@dastard> <20190110004424.GH27534@dastard> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190110004424.GH27534@dastard> User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 10, 2019 at 11:44:24AM +1100, Dave Chinner wrote: > And, really, this would be just another band-aid over a symptom of > the information leak - it doesn't prevent users from being able to > control page cache invalidation. It just removes one method, just > like hacking mincore only removes one method of observing the page > cache. And, like mincore(), there's every chance it impacts on > userspace in a negative manner and so we need to be very careful > here. Putting the mincore() / cache timing information leak aside though, the current behaviour of XFS means that an attacker can screw up the performance of random applications just by repeatedly doing O_DIRECT reads of libc.so. Maybe O_DIRECT reads should be forbidden from files on XFS unless you also have write access to them? (eg owner).