From: Davide Libenzi <davidel@xmailserver.org>
To: Rik van Riel <riel@redhat.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [patch 1/3] MAP_NOZERO - implement a new VM_NOZERO/MAP_NOZERO page retirement policy
Date: Tue, 26 Jun 2007 20:28:49 -0700 (PDT) [thread overview]
Message-ID: <Pine.LNX.4.64.0706262016080.26540@alien.or.mcafeemobile.com> (raw)
In-Reply-To: <4681D37E.2020706@redhat.com>
On Tue, 26 Jun 2007, Rik van Riel wrote:
> SUID programs should not be able to use this feature,
> either.
Why? A SUID programs runs under the UID of the owner, and should be no
problems in it seeing the owners data.
But the patch post was more a quest for possible scenarios where the use
of MAP_NOZERO can result in lower security WRT the same program (under the
same security restrictions) not using such feature.
If you have something specific in mind, please go ahead and shoot.
> > When pages exit (unmapped from) a vma, they are marked with the effective
> > UID of the mm_struct that owns it.
>
>
> > --- linux-2.6.mod.orig/include/linux/mm_types.h 2007-06-21
> > 14:02:06.000000000 -0700
> > +++ linux-2.6.mod/include/linux/mm_types.h 2007-06-25 19:11:22.000000000
> > -0700
> > @@ -64,6 +64,7 @@
> > struct list_head lru; /* Pageout list, eg. active_list
> > * protected by zone->lru_lock !
> > */
> > + int owner_uid; /* Last owner of the page */
> > /*
> > * On machines where all RAM is mapped into kernel address space,
> > * we can simply calculate the virtual address. On machines with
>
> Since this is only set when the page is freed, could
> the owner_uid and security context be put inside a
> union with some fields that are not otherwise used
> for free pages?
I tried to look, and the attempt to reuse _mapcount failed miserably :)
The last time we have the owner info (vma->mm) available, is before
processing of the other fields ends. OTOH I'm not VM guru either, so I may
be wrong. It can share ->virtual (when enabled).
- Davide
next prev parent reply other threads:[~2007-06-27 3:29 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-27 2:44 [patch 1/3] MAP_NOZERO - implement a new VM_NOZERO/MAP_NOZERO page retirement policy Davide Libenzi
2007-06-27 3:03 ` Rik van Riel
2007-06-27 3:28 ` Davide Libenzi [this message]
2007-06-27 4:18 ` Rik van Riel
2007-06-27 4:32 ` Davide Libenzi
2007-06-28 6:19 ` Andy Isaacson
2007-06-28 14:27 ` Rik van Riel
2007-06-28 18:24 ` Davide Libenzi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.64.0706262016080.26540@alien.or.mcafeemobile.com \
--to=davidel@xmailserver.org \
--cc=linux-kernel@vger.kernel.org \
--cc=riel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).