Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged

From: Daniel Gruss
Date: Mon Jan 07 2019 - 08:38:02 EST

Next message: Admin Loterij: "Treat This"
Previous message: Michael S. Tsirkin: "Re: [PATCH RFC 3/4] barriers: convert a control to a data dependency"
In reply to: Vlastimil Babka: "Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged"
Next in thread: Michael Ellerman: "Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/7/19 12:08 PM, Dominique Martinet wrote:
>> That's my bigger concern here. In [1] there's described a remote attack
>> (on webserver) using the page fault timing differences for present/not
>> present page cache pages. Noisy but works, and I expect locally it to be
>> much less noisy. Yet the countermeasures section only mentions
>> restricting mincore() as if it was sufficient (and also how to make
>> evictions harder, but that's secondary IMHO).
>
> I'd suggest making clock rougher for non-root users but javascript tried
> that and it wasn't enough... :)
> Honestly won't be of much help there, good luck?

Restricting mincore() is sufficient to fix the hardware-agnostic part.
If the attack is not hardware-agnostic anymore, an attacker could also
just use a hardware cache attack, which has a higher temporal and
spatial resolution, so there's no reason why the attacker would use page
cache attacks instead then.

Cheers,
Daniel

Next message: Admin Loterij: "Treat This"
Previous message: Michael S. Tsirkin: "Re: [PATCH RFC 3/4] barriers: convert a control to a data dependency"
In reply to: Vlastimil Babka: "Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged"
Next in thread: Michael Ellerman: "Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]