On 16 March 2015 at 14:11, Pavel Machek <pavel@xxxxxx> wrote: > On Mon 2015-03-09 23:11:12, Kirill A. Shutemov wrote: > > From: "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx> > > > > As pointed by recent post[1] on exploiting DRAM physical imperfection, > > /proc/PID/pagemap exposes sensitive information which can be used to do > > attacks. > > > > This is RFC patch which disallow anybody without CAP_SYS_ADMIN to read > > the pagemap. > > > > Any comments? > > > > [1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html > > Note that this kind of attack still works without pagemap, it just > takes longer. Actually the first demo program is not using pagemap. That depends on the machine -- it depends on how bad the machine's DRAM is, and whether the machine has the 2x refresh rate mitigation enabled. Machines with less-bad DRAM or with a 2x refresh rate might still be vulnerable to rowhammer, but only if the attacker has access to huge pages or to /proc/PID/pagemap. /proc/PID/pagemap also gives an attacker the ability to scan for bad DRAM locations, save a list of their addresses, and exploit them in the future. Given that, I think it would still be worthwhile to disable /proc/PID/pagemap. > Can we do anything about that? Disabling cache flushes from userland > should make it no longer exploitable. Unfortunately there's no way to disable userland code's use of CLFLUSH, as far as I know. Maybe Intel or AMD could disable CLFLUSH via a microcode update, but they have not said whether that would be possible. Cheers, Mark -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>