Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp907544imu; Wed, 16 Jan 2019 09:25:32 -0800 (PST) X-Google-Smtp-Source: ALg8bN6dpNdGSKwOcCa4+RYoKO6OJrXApuxgIhNhhroeC94LtvGuszB9dkWX+MFUKE4wR7uN2UIg X-Received: by 2002:a65:4646:: with SMTP id k6mr5153715pgr.153.1547659532318; Wed, 16 Jan 2019 09:25:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547659532; cv=none; d=google.com; s=arc-20160816; b=ywRjMuHv+mfhvpM/Rkn7JM0SuGE2q56HeopZAgd6aPPKDhDM9YPG+l6z4uk6SEhfnJ RXpVFuarJ8uEQEEuj9vup0nRrCC+A4L+gGT/4kW4jlhOYx+cLuPS8BM11xJ+bx9YsmNd TQJMQPCe3UIKIQX9omT/Fqm6U3IWT3qQE4i9IncvXnFMoBVJcU4sZnp4vxSul/ZF2/V/ i5DFTL+l5KrejNULH4aU/Pr+rdySOy26X4JMTkWI+enOBxYclAbGlwrqiFNhraiCxS3l nNPvB7C/WmFNCk2Gsjx8OVbXAVomaYWsGaeSCLmswEtLFIebliC8PDnLWUbpat0k4v/t 3esA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=M21/VTIYKz3XQ0U+wB1ShfQtCKTAmBH/nSwi1TiUtAk=; b=Lj5MCydU+R2j2llZDgRcaviQp3skT2FIr9aXK4LMqyUhuwhBZAOrbYGV3fLJv/vybW piTe5tKjjrRCmku9xQhBf4klCfTbeAvVVyn/4zBymd7fE0VtGsQ5d4IVQmV0UyHf+tKo SMHCN+562p8KED1ywRxZtx6Xxhz3tk33PkmaidkmWK9HsATbhYjfJdGO9SDIJJwDXuNj 1N/rJfLrJ9cCsgAX2HnnLsqemcfvNPtaJX2D9SSIPVwEcWnZ70cYuIHh9Fhv/4V3K5ik RNU0xGz5PYhVrQcIpuj/vh5lHaQHhYvdpzzPeUVYPapUj8iA6Z5QsRyIuuZoianwMsQ6 lpTQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k62si309868pfc.208.2019.01.16.09.25.16; Wed, 16 Jan 2019 09:25:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391511AbfAOXpP (ORCPT + 99 others); Tue, 15 Jan 2019 18:45:15 -0500 Received: from ipmail06.adl6.internode.on.net ([150.101.137.145]:15465 "EHLO ipmail06.adl6.internode.on.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728841AbfAOXpP (ORCPT ); Tue, 15 Jan 2019 18:45:15 -0500 Received: from ppp59-167-129-252.static.internode.on.net (HELO dastard) ([59.167.129.252]) by ipmail06.adl6.internode.on.net with ESMTP; 16 Jan 2019 10:15:11 +1030 Received: from dave by dastard with local (Exim 4.80) (envelope-from ) id 1gjYOM-0001my-FI; Wed, 16 Jan 2019 10:45:10 +1100 Date: Wed, 16 Jan 2019 10:45:10 +1100 From: Dave Chinner To: Linus Torvalds Cc: Dominique Martinet , Jiri Kosina , Matthew Wilcox , Jann Horn , Andrew Morton , Greg KH , Peter Zijlstra , Michal Hocko , Linux-MM , kernel list , Linux API Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged Message-ID: <20190115234510.GA6173@dastard> References: <20190110070355.GJ27534@dastard> <20190110122442.GA21216@nautica> <20190111020340.GM27534@dastard> <20190111040434.GN27534@dastard> <20190111073606.GP27534@dastard> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 11, 2019 at 08:26:14AM -0800, Linus Torvalds wrote: > On Thu, Jan 10, 2019 at 11:36 PM Dave Chinner wrote: > > > > > It's only that single page that *matters*. That's the page that the > > > probe reveals the status of - but it's also the page that the probe > > > then *changes* the status of. > > > > It changes the state of it /after/ we've already got the information > > we need from it. It's not up to date, it has to come from disk, we > > return EAGAIN, which means it was not in the cache. > > Oh, I see the confusion. > > Yes, you get the information about whether something was in the cache > or not, so the side channel does exist to some degree. > > But it's actually hugely reduced for a rather important reason: the > _primary_ reason for needing to know whether some page is in the cache > or not is not actually to see if it was ever accessed - it's to see > that the cache has been scrubbed (and to _guide_ the scrubbing), and > *when* it was accessed. Oh, you're assuming that you need to probe the page cache to determine if brute force invalidation has progressed far enough to invalidate the page in question. I'm assuming that you can invalidate the page cache reliably by a means that does not repeated require probing to detect invalidation has occurred. I've mentioned one method in this discussion already... IOWs, just because the specific brute force attack documented in the paper required repeated probing it doesn't mean all future invalidation attacks will require repeated probing. Hence a robust defense mechanism should not rely on the attacker requiring multiple observations of the page cache to extract the information they are seeking... Cheers, Dave. -- Dave Chinner david@fromorbit.com