Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged
From: Matthew Wilcox
Date: Thu Jan 10 2019 - 09:50:28 EST
On Thu, Jan 10, 2019 at 11:44:24AM +1100, Dave Chinner wrote:
> And, really, this would be just another band-aid over a symptom of
> the information leak - it doesn't prevent users from being able to
> control page cache invalidation. It just removes one method, just
> like hacking mincore only removes one method of observing the page
> cache. And, like mincore(), there's every chance it impacts on
> userspace in a negative manner and so we need to be very careful
> here.
Putting the mincore() / cache timing information leak aside though,
the current behaviour of XFS means that an attacker can screw up the
performance of random applications just by repeatedly doing O_DIRECT
reads of libc.so.
Maybe O_DIRECT reads should be forbidden from files on XFS unless you
also have write access to them? (eg owner).