Dropping this patch. It's not needed because in mainstream it's obsoleted by
commit 1c90308e7a77af6742a97d1021cca923b23b7f0d Author: Konstantin Khlebnikov <[email protected]> Date: Tue Sep 8 15:00:07 2015 -0700 pagemap: hide physical addresses from non-privileged users which already presents in vz8. # git describe --contains 1c90308e7a77af6742a97d1021cca923b23b7f0d v4.3-rc1~40^2~103 -- Best regards, Konstantin Khorenko, Virtuozzo Linux Kernel Team On 06/02/2021 01:06 PM, Valeriy Vdovin wrote:
From: Vladimir Davydov <[email protected]> Author: Konstantin Khorenko Email: [email protected] Subject: ms/pagemap: do not leak physical addresses to non-privileged userspace Date: Mon, 23 Mar 2015 19:21:49 +0400 ms commit: ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce Original thread in LKML: https://lkml.org/lkml/2015/3/9/864 https://jira.sw.ru/browse/PSBM-32308 Signed-off-by: Konstantin Khorenko <[email protected]> From: "Kirill A. Shutemov" <[email protected]> Subject: pagemap: do not leak physical addresses to non-privileged userspace As pointed by recent post[1] on exploiting DRAM physical imperfection, /proc/PID/pagemap exposes sensitive information which can be used to do attacks. This disallows anybody without CAP_SYS_ADMIN to read the pagemap. [1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html [ Eventually we might want to do anything more finegrained, but for now this is the simple model. - Linus ] Signed-off-by: Kirill A. Shutemov <[email protected]> Acked-by: Konstantin Khlebnikov <[email protected]> Acked-by: Andy Lutomirski <[email protected]> Cc: Pavel Emelyanov <[email protected]> Cc: Andrew Morton <[email protected]> Cc: Mark Seaborn <[email protected]> Cc: [email protected] Signed-off-by: Linus Torvalds <[email protected]> ============================================================================= Related to https://jira.sw.ru/browse/PSBM-33640 Signed-off-by: Vladimir Davydov <[email protected]> [VvS RHEL77 rebase] it was lost during rebase. https://jira.sw.ru/browse/PSBM-97881 Signed-off-by: Vasily Averin <[email protected]> Signed-off-by: Valeriy Vdovin <[email protected]> --- fs/proc/task_mmu.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index ee0c6b420a36..b6e8e4483b91 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -1572,6 +1572,10 @@ static int pagemap_open(struct inode *inode, struct file *file) { struct mm_struct *mm; + /* do not disclose physical addresses: attack vector */ + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + mm = proc_mem_open(inode, PTRACE_MODE_READ); if (IS_ERR(mm)) return PTR_ERR(mm);
_______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
