Hi! > commit 134fca9063ad4851de767d1768180e5dede9a881 upstream. > > The semantics of what mincore() considers to be resident is not > completely clear, but Linux has always (since 2.3.52, which is when > mincore() was initially done) treated it as "page is available in page > cache". > > That's potentially a problem, as that [in]directly exposes > meta-information about pagecache / memory mapping state even about > memory not strictly belonging to the process executing the syscall, > opening possibilities for sidechannel attacks. > > Change the semantics of mincore() so that it only reveals pagecache > information for non-anonymous mappings that belog to files that the > calling process could (if it tried to) successfully open for writing; > otherwise we'd be including shared non-exclusive mappings, which > > - is the sidechannel > > - is not the usecase for mincore(), as that's primarily used for data, > not (shared) text
...
> @@ -189,8 +205,13 @@ static long do_mincore(unsigned long add
> vma = find_vma(current->mm, addr);
> if (!vma || addr < vma->vm_start)
> return -ENOMEM;
> - mincore_walk.mm = vma->vm_mm;
> end = min(vma->vm_end, addr + (pages << PAGE_SHIFT));
> + if (!can_do_mincore(vma)) {
> + unsigned long pages = DIV_ROUND_UP(end - addr, PAGE_SIZE);
> + memset(vec, 1, pages);
> + return pages;
> + }
> + mincore_walk.mm = vma->vm_mm;
> err = walk_page_range(addr, end, &mincore_walk);
We normally return errors when we deny permissions; but this one just
returns success and wrong data.
Could we return -EPERM there? If not, should it at least get a
comment?
Thanks,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
signature.asc
Description: Digital signature
