[Devel] [VZ8 PATCH] ms/pagemap: Port diff-ms-pagemap-do-not-leak-physical-addresses-to-non-privileged-userspace

Konstantin Khorenko khorenko at virtuozzo.com
Mon Jun 7 15:31:14 MSK 2021


Dropping this patch.

It's not needed because in mainstream it's obsoleted by

commit 1c90308e7a77af6742a97d1021cca923b23b7f0d
Author: Konstantin Khlebnikov <koct9i at gmail.com>
Date:   Tue Sep 8 15:00:07 2015 -0700

     pagemap: hide physical addresses from non-privileged users

which already presents in vz8.

# git describe --contains 1c90308e7a77af6742a97d1021cca923b23b7f0d
v4.3-rc1~40^2~103

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 06/02/2021 01:06 PM, Valeriy Vdovin wrote:
> From: Vladimir Davydov <vdavydov at parallels.com>
>
> Author: Konstantin Khorenko
> Email: khorenko at parallels.com
> Subject: ms/pagemap: do not leak physical addresses to non-privileged userspace
> Date: Mon, 23 Mar 2015 19:21:49 +0400
>
> ms commit: ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce
>
> Original thread in LKML: https://lkml.org/lkml/2015/3/9/864
>
> https://jira.sw.ru/browse/PSBM-32308
>
> Signed-off-by: Konstantin Khorenko <khorenko at openvz.org>
>
>   From: "Kirill A. Shutemov" <kirill.shutemov at linux.intel.com>
>   Subject: pagemap: do not leak physical addresses to non-privileged userspace
>
> As pointed by recent post[1] on exploiting DRAM physical imperfection,
> /proc/PID/pagemap exposes sensitive information which can be used to do
> attacks.
>
> This disallows anybody without CAP_SYS_ADMIN to read the pagemap.
>
> [1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
>
> [ Eventually we might want to do anything more finegrained, but for now
>   this is the simple model.   - Linus ]
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov at linux.intel.com>
> Acked-by: Konstantin Khlebnikov <khlebnikov at openvz.org>
> Acked-by: Andy Lutomirski <luto at amacapital.net>
> Cc: Pavel Emelyanov <xemul at parallels.com>
> Cc: Andrew Morton <akpm at linux-foundation.org>
> Cc: Mark Seaborn <mseaborn at chromium.org>
> Cc: stable at vger.kernel.org
> Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
> =============================================================================
>
> Related to https://jira.sw.ru/browse/PSBM-33640
>
> Signed-off-by: Vladimir Davydov <vdavydov at parallels.com>
>
> [VvS RHEL77 rebase] it was lost during rebase.
> https://jira.sw.ru/browse/PSBM-97881
>
> Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
> Signed-off-by: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
> ---
>  fs/proc/task_mmu.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
> index ee0c6b420a36..b6e8e4483b91 100644
> --- a/fs/proc/task_mmu.c
> +++ b/fs/proc/task_mmu.c
> @@ -1572,6 +1572,10 @@ static int pagemap_open(struct inode *inode, struct file *file)
>  {
>  	struct mm_struct *mm;
>
> +	/* do not disclose physical addresses: attack vector */
> +	if (!capable(CAP_SYS_ADMIN))
> +		return -EPERM;
> +
>  	mm = proc_mem_open(inode, PTRACE_MODE_READ);
>  	if (IS_ERR(mm))
>  		return PTR_ERR(mm);
>


More information about the Devel mailing list