Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp4485968imb; Wed, 6 Mar 2019 14:49:00 -0800 (PST) X-Google-Smtp-Source: APXvYqyAzdg6KYOB1hB+shPKSgSpFjEmDltUCUsRGm+u3YiW98VP/jH55WChAUpO/TKE4GDxCovs X-Received: by 2002:a63:a11:: with SMTP id 17mr8550144pgk.310.1551912540116; Wed, 06 Mar 2019 14:49:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551912540; cv=none; d=google.com; s=arc-20160816; b=Pzi6LxqKHHiuMk2dtYgr0ZWAP3qhedDCg27RHvA7GKeFgxPpqCfFWDMOv51R9U/v3L xKp1bELRKIrmx9WFzcfiQmwSeH2I+odJ4wrtg5/aDpDkZoV9PRKcY15Pbj+xITxDKVUz m0ATHCvvY2Rjwz0BA9+ygsMCP7jqn8wzcfCaWq9S70s7XsNUSkAs2DKU2F3rwGkEMnrx 8OrclTJA9fi7zV8ka5UHjENHXP9IN4G0Ljb0fxz3en/2xgjAidAESnd9jw4aJn3sRfyz f4dh3bPYUwxRBZFPxQPYyDvgUWcRqPkbb24OMoYvObcgaftoVmZ3XEzv8gi3XeY4Rgoa xYGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature; bh=soZWRnZFDAu8eyVknTj3xABsMQImB044ENoSiineYnc=; b=APErol9aTOlGUTuH70KyfvMk++PVGritDATe67cX4LSwQguriJmZS4jKR2whU+N/XL g68zr57ny6RpnmbKxEB1kyORcr8O1mWJ6XVBMAcsH7bZBY0JEb5NU8WHLmEa72pri+iB 4iMfmRGHlxbvjW/vPkMG2794BvCIB5MMyp0kSQkMiss4mlbqpm7RG4o8PzUa65UGtjnl /nUYRWY4vfkf78HAOIT7bZbfXMibvcXOHuMV7nCl9cR5rg4RFMXyKyAyh6NruawaWQhD kaYW0A6iuuW2SslADeY240ME60/jriMLO7UZKC8gAImqurV/qJRy9q5Qzhc+hb4oaiQj yKVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fwYQm7zP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 62si2558507plf.154.2019.03.06.14.48.44; Wed, 06 Mar 2019 14:49:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fwYQm7zP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726138AbfCFWsM (ORCPT + 99 others); Wed, 6 Mar 2019 17:48:12 -0500 Received: from mail.kernel.org ([198.145.29.99]:57744 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725783AbfCFWsL (ORCPT ); Wed, 6 Mar 2019 17:48:11 -0500 Received: from pobox.suse.cz (prg-ext-pat.suse.com [213.151.95.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 23AA420675; Wed, 6 Mar 2019 22:48:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1551912490; bh=e9RSnELXLOjF1US988iwHM5qMpBbVvt+Th4lFBfyF3A=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=fwYQm7zP2769SP+uuMgs5aFPFjAMChvalElqTU0GL5DR5mYI9mvuhGBGUWILIh+QV jT77XiDHJTbm2Z6njrqg8qwby36azquuPpsZuoCuuHxLmXDOGJAvPmvz/I8Bh5UqTt r/u5DdUkBzFZ5KPMcoHfuXvOr1FDRi9jJKqOUTK0= Date: Wed, 6 Mar 2019 23:48:03 +0100 (CET) From: Jiri Kosina To: Andrew Morton cc: Vlastimil Babka , Linus Torvalds , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-api@vger.kernel.org, Peter Zijlstra , Greg KH , Jann Horn , Andy Lutomirski , Cyril Hrubis , Daniel Gruss , Dave Chinner , Dominique Martinet , Kevin Easton , "Kirill A. Shutemov" , Matthew Wilcox , Tejun Heo Subject: Re: [PATCH 0/3] mincore() and IOCB_NOWAIT adjustments In-Reply-To: <20190306143547.c686225447822beaf3b6e139@linux-foundation.org> Message-ID: References: <20190130124420.1834-1-vbabka@suse.cz> <20190306143547.c686225447822beaf3b6e139@linux-foundation.org> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 6 Mar 2019, Andrew Morton wrote: > > could you please take at least the correct and straightforward fix for > > mincore() before we figure out how to deal with the slightly less > > practical RWF_NOWAIT? Thanks. > > I assume we're talking about [1/3] and [2/3] from this thread? > > Can we have a resend please? Gather the various acks and revisions, > make changelog changes to address the review questions and comments? 1/3 is clearly the one to be merged. The version with all the acks gathered is in this thread, at https://lore.kernel.org/lkml/de52b3bd-4e39-c133-542a-0a9c5e357404@suse.cz/ Attaching the patch also at the end of this mail so that it could be easily picked up. I am unfortunately not sure what changelog changes you are talking about, there were none requested during the review as far as I know. 2/3 is clearly postponed for now, it needs more thinking. 3/3 is actually waiting for your decision, see https://lore.kernel.org/lkml/20190212063643.GL15609@dhcp22.suse.cz/ The 1/3 patch to be merged in any case: === cut here === From: Jiri Kosina Date: Wed, 16 Jan 2019 20:53:17 +0100 Subject: [PATCH v2] mm/mincore: make mincore() more conservative The semantics of what mincore() considers to be resident is not completely clear, but Linux has always (since 2.3.52, which is when mincore() was initially done) treated it as "page is available in page cache". That's potentially a problem, as that [in]directly exposes meta-information about pagecache / memory mapping state even about memory not strictly belonging to the process executing the syscall, opening possibilities for sidechannel attacks. Change the semantics of mincore() so that it only reveals pagecache information for non-anonymous mappings that belog to files that the calling process could (if it tried to) successfully open for writing. [mhocko@suse.com: restructure can_do_mincore() conditions] Originally-by: Linus Torvalds Originally-by: Dominique Martinet Cc: Dominique Martinet Cc: Andy Lutomirski Cc: Dave Chinner Cc: Kevin Easton Cc: Matthew Wilcox Cc: Cyril Hrubis Cc: Tejun Heo Cc: Kirill A. Shutemov Cc: Daniel Gruss Signed-off-by: Jiri Kosina Signed-off-by: Vlastimil Babka Acked-by: Josh Snyder Acked-by: Michal Hocko --- mm/mincore.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/mm/mincore.c b/mm/mincore.c index 218099b5ed31..b8842b849604 100644 --- a/mm/mincore.c +++ b/mm/mincore.c @@ -169,6 +169,16 @@ static int mincore_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end, return 0; } +static inline bool can_do_mincore(struct vm_area_struct *vma) +{ + if (vma_is_anonymous(vma)) + return true; + if (!vma->vm_file) + return false; + return inode_owner_or_capable(file_inode(vma->vm_file)) || + inode_permission(file_inode(vma->vm_file), MAY_WRITE) == 0; +} + /* * Do a chunk of "sys_mincore()". We've already checked * all the arguments, we hold the mmap semaphore: we should @@ -189,8 +199,13 @@ static long do_mincore(unsigned long addr, unsigned long pages, unsigned char *v vma = find_vma(current->mm, addr); if (!vma || addr < vma->vm_start) return -ENOMEM; - mincore_walk.mm = vma->vm_mm; end = min(vma->vm_end, addr + (pages << PAGE_SHIFT)); + if (!can_do_mincore(vma)) { + unsigned long pages = (end - addr) >> PAGE_SHIFT; + memset(vec, 1, pages); + return pages; + } + mincore_walk.mm = vma->vm_mm; err = walk_page_range(addr, end, &mincore_walk); if (err < 0) return err; -- Jiri Kosina SUSE Labs