pagemap: do not leak physical addresses to non-privileged userspace
commit ab676b7d6f
upstream.
As pointed by recent post[1] on exploiting DRAM physical imperfection,
/proc/PID/pagemap exposes sensitive information which can be used to do
attacks.
This disallows anybody without CAP_SYS_ADMIN to read the pagemap.
[1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
[ Eventually we might want to do anything more finegrained, but for now
this is the simple model. - Linus ]
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Seaborn <mseaborn@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
bb4ed9fd15
commit
26f7f4d46a
|
@ -1227,6 +1227,9 @@ out:
|
|||
|
||||
static int pagemap_open(struct inode *inode, struct file *file)
|
||||
{
|
||||
/* do not disclose physical addresses: attack vector */
|
||||
if (!capable(CAP_SYS_ADMIN))
|
||||
return -EPERM;
|
||||
pr_warn_once("Bits 55-60 of /proc/PID/pagemap entries are about "
|
||||
"to stop being page-shift some time soon. See the "
|
||||
"linux/Documentation/vm/pagemap.txt for details.\n");
|
||||
|
|
Loading…
Reference in New Issue