Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp4527988imb; Wed, 6 Mar 2019 16:02:29 -0800 (PST) X-Google-Smtp-Source: APXvYqwIN268nRhC3GfiLiKbT2ScvBqSwn+pqOhS2+qjfbKBAVsgtV79vXKI0j849WQp+MWNccOF X-Received: by 2002:a17:902:2848:: with SMTP id e66mr9795195plb.181.1551916949176; Wed, 06 Mar 2019 16:02:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551916949; cv=none; d=google.com; s=arc-20160816; b=DPL5ix8AvfSHZo8BZyyR8WsOGOKQgZxfe+X6CIhqVJpmdSeh+y9eygdSSXfxJIgn78 aZGgTuvdNQ8f4kg+HXaBjaeF4LVysfEcFgxkOXn27uUg+nvCys+J1AaxiauP+LvDpq4z ghQDo/5kSkLdIReZMjidk3d2x9geRi3XG8+RMvaENgSiGGtOqplBMUW8qrWRsUfACzbX MtDvdfFnPENZTJfiTisynefsdBwbYhmnQxfjCphUI1/pgk22dpyhKjhzs66X+b4XxoZQ Tdg3Gdw5I2OhITBXOOljSEnVrHDsnqUAofgzy8Nc4iOwx6qgiHVnMAUxe+WwzjD/iHcK 086w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature; bh=Nv8vDJQ6+mkbdkTRlfbgsy0+eCmPqtCD5evf2w1R7lo=; b=JpX2twhuTdXl6ZwwQ7JNm1JlFNl0uAwYdunNMQxhXc+2Jo9JknexPXKYb9wizedmjs nZyV75T+wa1YVi3WhPTMmfYODFHrv+ohCutjmfbh2KQCtYdoJxWV5hdTmr+KiqQDwJSt CkJdkrdfDNYEw+ZhixjMVU8JhD6Pc/6uqint2xatIvnI7fCej8OPT1tecknL/DE/XAvR KGbD71GqUJKyYQOLB3tH9jGRMMHE3vqxX/KbuVlO73Q1y4i0g50BW5Bfl7moahmd0pqM MYeGlUTgHXqF4ufIT6ZtfYrJJ61+JU2zo5N0wq9sJ+tH53UGPf586B5xJBFDiEN4UMw3 mY4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=OTMXPM78; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b12si2546726pgq.421.2019.03.06.16.02.13; Wed, 06 Mar 2019 16:02:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=OTMXPM78; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726392AbfCGABS (ORCPT + 99 others); Wed, 6 Mar 2019 19:01:18 -0500 Received: from mail.kernel.org ([198.145.29.99]:58092 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726127AbfCGABR (ORCPT ); Wed, 6 Mar 2019 19:01:17 -0500 Received: from pobox.suse.cz (prg-ext-pat.suse.com [213.151.95.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DA77F20663; Thu, 7 Mar 2019 00:01:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1551916877; bh=HgFOMLICi1QJiVbm5oWtZL/K+Q/vZOFKt42rHTdGeK4=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=OTMXPM78hTmYuQgl1sjZB0quC4zqJCCgtl4Cv35/WOtanjStfH1Mn020uhu2C9pCv tPaoozOqW8KvPTcm8IU7jr/1nSQtel/PR22JIhqglbwLcVWLy9BrwCCj9S+Ft712hQ Nk9MLH289O4h65C1ValoAO08JCbKndlBg+BAgmuo= Date: Thu, 7 Mar 2019 01:01:10 +0100 (CET) From: Jiri Kosina To: Andrew Morton cc: Vlastimil Babka , Linus Torvalds , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-api@vger.kernel.org, Peter Zijlstra , Greg KH , Jann Horn , Dominique Martinet , Andy Lutomirski , Dave Chinner , Kevin Easton , Matthew Wilcox , Cyril Hrubis , Tejun Heo , "Kirill A . Shutemov" , Daniel Gruss Subject: Re: [PATCH 1/3] mm/mincore: make mincore() more conservative In-Reply-To: <20190306151351.f8ae1acae51ccad1a3537284@linux-foundation.org> Message-ID: References: <20190130124420.1834-1-vbabka@suse.cz> <20190130124420.1834-2-vbabka@suse.cz> <20190306151351.f8ae1acae51ccad1a3537284@linux-foundation.org> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 6 Mar 2019, Andrew Morton wrote: > > The semantics of what mincore() considers to be resident is not completely > > clear, but Linux has always (since 2.3.52, which is when mincore() was > > initially done) treated it as "page is available in page cache". > > > > That's potentially a problem, as that [in]directly exposes meta-information > > about pagecache / memory mapping state even about memory not strictly belonging > > to the process executing the syscall, opening possibilities for sidechannel > > attacks. > > > > Change the semantics of mincore() so that it only reveals pagecache information > > for non-anonymous mappings that belog to files that the calling process could > > (if it tried to) successfully open for writing. > > "for writing" comes as a bit of a surprise. Why not for reading? I guess this is a rhetorical question from you :) but fair enough, good point, I'll explain this a bit more in the changelog and in the code comments. > > @@ -189,8 +197,13 @@ static long do_mincore(unsigned long addr, unsigned long pages, unsigned char *v > > vma = find_vma(current->mm, addr); > > if (!vma || addr < vma->vm_start) > > return -ENOMEM; > > - mincore_walk.mm = vma->vm_mm; > > end = min(vma->vm_end, addr + (pages << PAGE_SHIFT)); > > + if (!can_do_mincore(vma)) { > > + unsigned long pages = (end - addr) >> PAGE_SHIFT; > > I'm not sure this is correct in all cases. If > > addr = 4095 > vma->vm_end = 4096 > pages = 1000 > > then `end' is 4096 and `(end - addr) << PAGE_SHIFT' is zero, but it > should have been 1. Good catch! It should rather be something like unsigned long pages = (end >> PAGE_SHIFT) - (addr >> PAGE_SHIFT); I'll fix that up and resend tomorrow. Thanks, -- Jiri Kosina SUSE Labs