lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 11 Nov 2018 19:49:05 +0000
From:   Ben Hutchings <ben@...adent.org.uk>
To:     linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC:     akpm@...ux-foundation.org,
        "Linus Torvalds" <torvalds@...ux-foundation.org>,
        "Zi Yan" <zi.yan@...rutgers.edu>,
        "Daniel Colascione" <dancol@...gle.com>,
        "Andrei Vagin" <avagin@...nvz.org>,
        "Naoya Horiguchi" <n-horiguchi@...jp.nec.com>,
        "Huang Ying" <ying.huang@...el.com>,
        "Jerome Glisse" <jglisse@...hat.com>,
        "Konstantin Khlebnikov" <khlebnikov@...dex-team.ru>,
        "Michal Hocko" <mhocko@...e.com>,
        "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: [PATCH 3.16 125/366] mm: /proc/pid/pagemap: hide swap entries
 from unprivileged users

3.16.61-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Huang Ying <ying.huang@...el.com>

commit ab6ecf247a9321e3180e021a6a60164dee53ab2e upstream.

In commit ab676b7d6fbf ("pagemap: do not leak physical addresses to
non-privileged userspace"), the /proc/PID/pagemap is restricted to be
readable only by CAP_SYS_ADMIN to address some security issue.

In commit 1c90308e7a77 ("pagemap: hide physical addresses from
non-privileged users"), the restriction is relieved to make
/proc/PID/pagemap readable, but hide the physical addresses for
non-privileged users.

But the swap entries are readable for non-privileged users too.  This
has some security issues.  For example, for page under migrating, the
swap entry has physical address information.  So, in this patch, the
swap entries are hided for non-privileged users too.

Link: http://lkml.kernel.org/r/20180508012745.7238-1-ying.huang@intel.com
Fixes: 1c90308e7a77 ("pagemap: hide physical addresses from non-privileged users")
Signed-off-by: "Huang, Ying" <ying.huang@...el.com>
Suggested-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
Reviewed-by: Naoya Horiguchi <n-horiguchi@...jp.nec.com>
Reviewed-by: Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
Acked-by: Michal Hocko <mhocko@...e.com>
Cc: Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
Cc: Andrei Vagin <avagin@...nvz.org>
Cc: Jerome Glisse <jglisse@...hat.com>
Cc: Daniel Colascione <dancol@...gle.com>
Cc: Zi Yan <zi.yan@...rutgers.edu>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
[bwh: Backported to 3.16:
 - Only PTEs can be swap entries
 - Adjust context]
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -938,8 +938,9 @@ static void pte_to_pagemap_entry(pagemap
 		if (pte_swp_soft_dirty(pte))
 			flags2 |= __PM_SOFT_DIRTY;
 		entry = pte_to_swp_entry(pte);
-		frame = swp_type(entry) |
-			(swp_offset(entry) << MAX_SWAPFILES_SHIFT);
+		if (pm->show_pfn)
+			frame = swp_type(entry) |
+				(swp_offset(entry) << MAX_SWAPFILES_SHIFT);
 		flags = PM_SWAP;
 		if (is_migration_entry(entry))
 			page = migration_entry_to_page(entry);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ