From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> To: linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>, Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: "Kirill A. Shutemov" <kirill@shutemov.name>, Mark Williamson <mwilliamson@undo-software.com>, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org Subject: [PATCH v4 4/5] pagemap: hide physical addresses from non-privileged users Date: Tue, 14 Jul 2015 18:37:47 +0300 [thread overview] Message-ID: <20150714153747.29844.13543.stgit@buzz> (raw) In-Reply-To: <20150714152516.29844.69929.stgit@buzz> This patch makes pagemap readable for normal users and hides physical addresses from them. For some use-cases PFN isn't required at all. Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Fixes: ab676b7d6fbf ("pagemap: do not leak physical addresses to non-privileged userspace") Link: http://lkml.kernel.org/r/1425935472-17949-1-git-send-email-kirill@shutemov.name --- fs/proc/task_mmu.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 040721fa405a..3a5d338ea219 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -937,6 +937,7 @@ typedef struct { struct pagemapread { int pos, len; /* units: PM_ENTRY_BYTES, not bytes */ pagemap_entry_t *buffer; + bool show_pfn; }; #define PAGEMAP_WALK_SIZE (PMD_SIZE) @@ -1013,7 +1014,8 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, struct page *page = NULL; if (pte_present(pte)) { - frame = pte_pfn(pte); + if (pm->show_pfn) + frame = pte_pfn(pte); flags |= PM_PRESENT; page = vm_normal_page(vma, addr, pte); if (pte_soft_dirty(pte)) @@ -1063,8 +1065,9 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, */ if (pmd_present(pmd)) { flags |= PM_PRESENT; - frame = pmd_pfn(pmd) + - ((addr & ~PMD_MASK) >> PAGE_SHIFT); + if (pm->show_pfn) + frame = pmd_pfn(pmd) + + ((addr & ~PMD_MASK) >> PAGE_SHIFT); } for (; addr != end; addr += PAGE_SIZE) { @@ -1073,7 +1076,7 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, err = add_to_pagemap(addr, &pme, pm); if (err) break; - if (flags & PM_PRESENT) + if (pm->show_pfn && (flags & PM_PRESENT)) frame++; } spin_unlock(ptl); @@ -1127,8 +1130,9 @@ static int pagemap_hugetlb_range(pte_t *ptep, unsigned long hmask, flags |= PM_FILE; flags |= PM_PRESENT; - frame = pte_pfn(pte) + - ((addr & ~hmask) >> PAGE_SHIFT); + if (pm->show_pfn) + frame = pte_pfn(pte) + + ((addr & ~hmask) >> PAGE_SHIFT); } for (; addr != end; addr += PAGE_SIZE) { @@ -1137,7 +1141,7 @@ static int pagemap_hugetlb_range(pte_t *ptep, unsigned long hmask, err = add_to_pagemap(addr, &pme, pm); if (err) return err; - if (flags & PM_PRESENT) + if (pm->show_pfn && (flags & PM_PRESENT)) frame++; } @@ -1196,6 +1200,9 @@ static ssize_t pagemap_read(struct file *file, char __user *buf, if (!count) goto out_mm; + /* do not disclose physical addresses: attack vector */ + pm.show_pfn = file_ns_capable(file, &init_user_ns, CAP_SYS_ADMIN); + pm.len = (PAGEMAP_WALK_SIZE >> PAGE_SHIFT); pm.buffer = kmalloc(pm.len * PM_ENTRY_BYTES, GFP_TEMPORARY); ret = -ENOMEM; @@ -1265,10 +1272,6 @@ static int pagemap_open(struct inode *inode, struct file *file) { struct mm_struct *mm; - /* do not disclose physical addresses: attack vector */ - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - mm = proc_mem_open(inode, PTRACE_MODE_READ); if (IS_ERR(mm)) return PTR_ERR(mm);
WARNING: multiple messages have this Message-ID (diff)
From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> To: linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>, Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: "Kirill A. Shutemov" <kirill@shutemov.name>, Mark Williamson <mwilliamson@undo-software.com>, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org Subject: [PATCH v4 4/5] pagemap: hide physical addresses from non-privileged users Date: Tue, 14 Jul 2015 18:37:47 +0300 [thread overview] Message-ID: <20150714153747.29844.13543.stgit@buzz> (raw) In-Reply-To: <20150714152516.29844.69929.stgit@buzz> This patch makes pagemap readable for normal users and hides physical addresses from them. For some use-cases PFN isn't required at all. Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Fixes: ab676b7d6fbf ("pagemap: do not leak physical addresses to non-privileged userspace") Link: http://lkml.kernel.org/r/1425935472-17949-1-git-send-email-kirill@shutemov.name --- fs/proc/task_mmu.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 040721fa405a..3a5d338ea219 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -937,6 +937,7 @@ typedef struct { struct pagemapread { int pos, len; /* units: PM_ENTRY_BYTES, not bytes */ pagemap_entry_t *buffer; + bool show_pfn; }; #define PAGEMAP_WALK_SIZE (PMD_SIZE) @@ -1013,7 +1014,8 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, struct page *page = NULL; if (pte_present(pte)) { - frame = pte_pfn(pte); + if (pm->show_pfn) + frame = pte_pfn(pte); flags |= PM_PRESENT; page = vm_normal_page(vma, addr, pte); if (pte_soft_dirty(pte)) @@ -1063,8 +1065,9 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, */ if (pmd_present(pmd)) { flags |= PM_PRESENT; - frame = pmd_pfn(pmd) + - ((addr & ~PMD_MASK) >> PAGE_SHIFT); + if (pm->show_pfn) + frame = pmd_pfn(pmd) + + ((addr & ~PMD_MASK) >> PAGE_SHIFT); } for (; addr != end; addr += PAGE_SIZE) { @@ -1073,7 +1076,7 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, err = add_to_pagemap(addr, &pme, pm); if (err) break; - if (flags & PM_PRESENT) + if (pm->show_pfn && (flags & PM_PRESENT)) frame++; } spin_unlock(ptl); @@ -1127,8 +1130,9 @@ static int pagemap_hugetlb_range(pte_t *ptep, unsigned long hmask, flags |= PM_FILE; flags |= PM_PRESENT; - frame = pte_pfn(pte) + - ((addr & ~hmask) >> PAGE_SHIFT); + if (pm->show_pfn) + frame = pte_pfn(pte) + + ((addr & ~hmask) >> PAGE_SHIFT); } for (; addr != end; addr += PAGE_SIZE) { @@ -1137,7 +1141,7 @@ static int pagemap_hugetlb_range(pte_t *ptep, unsigned long hmask, err = add_to_pagemap(addr, &pme, pm); if (err) return err; - if (flags & PM_PRESENT) + if (pm->show_pfn && (flags & PM_PRESENT)) frame++; } @@ -1196,6 +1200,9 @@ static ssize_t pagemap_read(struct file *file, char __user *buf, if (!count) goto out_mm; + /* do not disclose physical addresses: attack vector */ + pm.show_pfn = file_ns_capable(file, &init_user_ns, CAP_SYS_ADMIN); + pm.len = (PAGEMAP_WALK_SIZE >> PAGE_SHIFT); pm.buffer = kmalloc(pm.len * PM_ENTRY_BYTES, GFP_TEMPORARY); ret = -ENOMEM; @@ -1265,10 +1272,6 @@ static int pagemap_open(struct inode *inode, struct file *file) { struct mm_struct *mm; - /* do not disclose physical addresses: attack vector */ - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - mm = proc_mem_open(inode, PTRACE_MODE_READ); if (IS_ERR(mm)) return PTR_ERR(mm); -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2015-07-14 15:38 UTC|newest] Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top 2015-07-14 15:37 [PATCHSET v4 0/5] pagemap: make useable for non-privilege users Konstantin Khlebnikov 2015-07-14 15:37 ` Konstantin Khlebnikov 2015-07-14 15:37 ` [PATCH v4 1/5] pagemap: check permissions and capabilities at open time Konstantin Khlebnikov 2015-07-14 15:37 ` Konstantin Khlebnikov 2015-07-21 8:06 ` Naoya Horiguchi 2015-07-21 8:06 ` Naoya Horiguchi 2015-07-24 18:16 ` Mark Williamson 2015-07-24 18:16 ` Mark Williamson 2015-07-24 18:16 ` Mark Williamson 2015-07-14 15:37 ` [PATCH v4 2/5] pagemap: switch to the new format and do some cleanup Konstantin Khlebnikov 2015-07-14 15:37 ` Konstantin Khlebnikov 2015-07-21 7:44 ` Naoya Horiguchi 2015-07-21 7:44 ` Naoya Horiguchi 2015-07-14 15:37 ` [PATCH v4 3/5] pagemap: rework hugetlb and thp report Konstantin Khlebnikov 2015-07-14 15:37 ` Konstantin Khlebnikov 2015-07-19 11:10 ` Kirill A. Shutemov 2015-07-19 11:10 ` Kirill A. Shutemov 2015-07-21 8:00 ` Naoya Horiguchi 2015-07-21 8:00 ` Naoya Horiguchi 2015-07-21 8:43 ` Konstantin Khlebnikov 2015-07-21 8:43 ` Konstantin Khlebnikov 2015-07-24 18:17 ` Mark Williamson 2015-07-24 18:17 ` Mark Williamson 2015-07-24 18:17 ` Mark Williamson 2015-07-24 18:19 ` Mark Williamson 2015-07-24 18:19 ` Mark Williamson 2015-07-14 15:37 ` Konstantin Khlebnikov [this message] 2015-07-14 15:37 ` [PATCH v4 4/5] pagemap: hide physical addresses from non-privileged users Konstantin Khlebnikov 2015-07-21 8:11 ` Naoya Horiguchi 2015-07-21 8:11 ` Naoya Horiguchi 2015-07-21 8:39 ` Konstantin Khlebnikov 2015-07-21 8:39 ` Konstantin Khlebnikov 2015-07-24 18:18 ` Mark Williamson 2015-07-24 18:18 ` Mark Williamson 2015-07-14 15:37 ` [PATCH v4 5/5] pagemap: add mmap-exclusive bit for marking pages mapped only here Konstantin Khlebnikov 2015-07-14 15:37 ` Konstantin Khlebnikov 2015-07-21 8:17 ` Naoya Horiguchi 2015-07-21 8:17 ` Naoya Horiguchi 2015-07-21 8:17 ` Naoya Horiguchi 2015-07-24 18:18 ` Mark Williamson 2015-07-24 18:18 ` Mark Williamson 2015-07-14 18:52 ` [PATCHSET v4 0/5] pagemap: make useable for non-privilege users Andrew Morton 2015-07-14 18:52 ` Andrew Morton 2015-07-14 18:52 ` Andrew Morton 2015-07-14 20:15 ` Konstantin Khlebnikov 2015-07-14 20:15 ` Konstantin Khlebnikov 2015-07-14 20:15 ` Konstantin Khlebnikov 2015-07-16 18:47 ` [PATCH] pagemap: update documentation Konstantin Khlebnikov 2015-07-16 18:47 ` Konstantin Khlebnikov 2015-07-16 18:47 ` Konstantin Khlebnikov 2015-07-21 8:35 ` Naoya Horiguchi 2015-07-21 8:35 ` Naoya Horiguchi 2015-07-24 17:34 ` [PATCHSET v4 0/5] pagemap: make useable for non-privilege users Mark Williamson 2015-07-24 17:34 ` Mark Williamson 2015-07-24 17:34 ` Mark Williamson
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20150714153747.29844.13543.stgit@buzz \ --to=khlebnikov@yandex-team.ru \ --cc=akpm@linux-foundation.org \ --cc=kirill@shutemov.name \ --cc=linux-api@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=mwilliamson@undo-software.com \ --cc=n-horiguchi@ah.jp.nec.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.