ANDROID: pagemap: do not leak physical addresses to non-privileged userspace

As pointed by recent post[1] on exploiting DRAM physical imperfection, /proc/PID/pagemap exposes sensitive information which can be used to do attacks. This disallows anybody without CAP_SYS_ADMIN to read the pagemap. [1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html [ Eventually we might want to do anything more finegrained, but for now this is the simple model. - Linus ] We add this patch again for pass CTS FileSystemPermissionTest: Assert /proc/self/pagemap not readable Change-Id: Id4bf9ea27af000734356b921cd723868802b4335 Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Acked-by: Konstantin Khlebnikov <khlebnikov@openvz.org> Acked-by: Andy Lutomirski <luto@amacapital.net> Cc: Pavel Emelyanov <xemul@parallels.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Mark Seaborn <mseaborn@chromium.org> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
2015-03-09 23:11:12 +02:00
parent 292ff06061
commit f662f0e624
1 changed files with 10 additions and 0 deletions
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -1396,6 +1396,16 @@ static int pagemap_open(struct inode *inode, struct file *file)
 {
 	struct mm_struct *mm;

+#if defined(CONFIG_ARCH_ROCKCHIP) && defined(CONFIG_ANDROID)
+	/*
+	 * For pass CTS
+	 * FileSystemPermissionTest: Assert /proc/self/pagemap not readable
+	 */
+	/* do not disclose physical addresses: attack vector */
+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+#endif
+
 	mm = proc_mem_open(inode, PTRACE_MODE_READ);
 	if (IS_ERR(mm))
 		return PTR_ERR(mm);