From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Konstantin Khlebnikov <khlebnikov@openvz.org>,
Andy Lutomirski <luto@amacapital.net>,
Pavel Emelyanov <xemul@parallels.com>,
Andrew Morton <akpm@linux-foundation.org>,
Mark Seaborn <mseaborn@chromium.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
mancha security <mancha1@zoho.com>
Subject: [PATCH 3.10 34/34] pagemap: do not leak physical addresses to non-privileged userspace
Date: Fri, 17 Apr 2015 15:29:06 +0200 [thread overview]
Message-ID: <20150417132555.829442114@linuxfoundation.org> (raw)
In-Reply-To: <20150417132553.751904098@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
commit ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce upstream.
As pointed by recent post[1] on exploiting DRAM physical imperfection,
/proc/PID/pagemap exposes sensitive information which can be used to do
attacks.
This disallows anybody without CAP_SYS_ADMIN to read the pagemap.
[1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
[ Eventually we might want to do anything more finegrained, but for now
this is the simple model. - Linus ]
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Seaborn <mseaborn@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: mancha security <mancha1@zoho.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/proc/task_mmu.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -1110,9 +1110,19 @@ out:
return ret;
}
+static int pagemap_open(struct inode *inode, struct file *file)
+{
+ /* do not disclose physical addresses to unprivileged
+ userspace (closes a rowhammer attack vector) */
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
+ return 0;
+}
+
const struct file_operations proc_pagemap_operations = {
.llseek = mem_lseek, /* borrow this */
.read = pagemap_read,
+ .open = pagemap_open,
};
#endif /* CONFIG_PROC_PAGE_MONITOR */
next prev parent reply other threads:[~2015-04-17 13:29 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-17 13:28 [PATCH 3.10 00/34] 3.10.75-stable review Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 01/34] ALSA: hda - Add one more node in the EAPD supporting candidate list Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 02/34] ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 03/34] ALSA: hda - Fix headphone pin config for Lifebook T731 Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 04/34] selinux: fix sel_write_enforce broken return value Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 05/34] tcp: Fix crash in TCP Fast Open Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 06/34] IB/core: Avoid leakage from kernel to user space Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 07/34] IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 08/34] iwlwifi: dvm: run INIT firmware again upon .start() Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 09/34] nbd: fix possible memory leak Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 10/34] mm/memory hotplug: postpone the reset of obsolete pgdat Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 11/34] writeback: add missing INITIAL_JIFFIES init in global_update_bandwidth() Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 12/34] writeback: fix possible underflow in write bandwidth calculation Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 14/34] USB: ftdi_sio: Added custom PID for Synapse Wireless product Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 15/34] USB: ftdi_sio: Use jtag quirk for SNAP Connect E10 Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 16/34] Defer processing of REQ_PREEMPT requests for blocked devices Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 17/34] iio: inv_mpu6050: Clear timestamps fifo while resetting hardware fifo Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 18/34] iio: imu: Use iio_trigger_get for indio_dev->trig assignment Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 19/34] dmaengine: omap-dma: Fix memory leak when terminating running transfer Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 20/34] cpuidle: ACPI: do not overwrite name and description of C0 Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 21/34] usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 22/34] cifs: fix use-after-free bug in find_writable_file Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 23/34] be2iscsi: Fix kernel panic when device initialization fails Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 24/34] ocfs2: _really_ sync the right range Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 25/34] iscsi target: fix oops when adding reject pdu Greg Kroah-Hartman
2015-04-17 13:28 ` [PATCH 3.10 26/34] [media] media: s5p-mfc: fix mmap support for 64bit arch Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.10 28/34] ipc: fix compat msgrcv with negative msgtyp Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.10 29/34] net: rds: use correct size for max unacked packets and bytes Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.10 30/34] net: llc: use correct size for sysctl timeout entries Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.10 31/34] kernel.h: define u8, s8, u32, etc. limits Greg Kroah-Hartman
2015-04-20 9:43 ` Konstantin Khlebnikov
2015-04-20 14:35 ` Greg Kroah-Hartman
2015-04-20 15:01 ` Alex Elder
2015-04-20 18:22 ` Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.10 32/34] IB/mlx4: Saturate RoCE port PMA counters in case of overflow Greg Kroah-Hartman
2015-04-17 13:29 ` [PATCH 3.10 33/34] console: Fix console name size mismatch Greg Kroah-Hartman
2015-04-17 13:29 ` Greg Kroah-Hartman [this message]
2015-04-17 17:35 ` [PATCH 3.10 00/34] 3.10.75-stable review Shuah Khan
2015-04-17 20:00 ` Guenter Roeck
2015-04-18 9:02 ` Greg Kroah-Hartman
2015-04-18 13:40 ` Guenter Roeck
2015-04-18 19:10 ` Guenter Roeck
2015-04-18 20:35 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150417132555.829442114@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=khlebnikov@openvz.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mancha1@zoho.com \
--cc=mseaborn@chromium.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).