From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934544AbbCPVL1 (ORCPT ); Mon, 16 Mar 2015 17:11:27 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:42702 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932913AbbCPVLZ (ORCPT ); Mon, 16 Mar 2015 17:11:25 -0400 Date: Mon, 16 Mar 2015 22:11:22 +0100 From: Pavel Machek To: "Kirill A. Shutemov" Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton , Linus Torvalds , "Kirill A. Shutemov" , Pavel Emelyanov , Konstantin Khlebnikov , Mark Seaborn , Andy Lutomirski Subject: Re: [RFC, PATCH] pagemap: do not leak physical addresses to non-privileged userspace Message-ID: <20150316211122.GD11441@amd> References: <1425935472-17949-1-git-send-email-kirill@shutemov.name> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1425935472-17949-1-git-send-email-kirill@shutemov.name> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon 2015-03-09 23:11:12, Kirill A. Shutemov wrote: > From: "Kirill A. Shutemov" > > As pointed by recent post[1] on exploiting DRAM physical imperfection, > /proc/PID/pagemap exposes sensitive information which can be used to do > attacks. > > This is RFC patch which disallow anybody without CAP_SYS_ADMIN to read > the pagemap. > > Any comments? > > [1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html Note that this kind of attack still works without pagemap, it just takes longer. Actually the first demo program is not using pagemap. Can we do anything about that? Disabling cache flushes from userland should make it no longer exploitable. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html