pagemap: do not leak physical addresses to non-privileged userspace

commit ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce upstream.

As pointed by recent post[1] on exploiting DRAM physical imperfection,
/proc/PID/pagemap exposes sensitive information which can be used to do

This disallows anybody without CAP_SYS_ADMIN to read the pagemap.


[ Eventually we might want to do anything more finegrained, but for now
  this is the simple model.   - Linus ]

Signed-off-by: Kirill A. Shutemov <>
Acked-by: Konstantin Khlebnikov <>
Acked-by: Andy Lutomirski <>
Cc: Pavel Emelyanov <>
Cc: Andrew Morton <>
Cc: Mark Seaborn <>
Signed-off-by: Linus Torvalds <>
[mancha security: Backported to 3.10]
Signed-off-by: mancha security <>
Signed-off-by: Ben Hutchings <>
(cherry picked from commit 1ffc3cd9a36b504c20ce98fe5eeb5463f389e1ac)

Signed-off-by: Willy Tarreau <>
Signed-off-by: Stefan Bader <>
1 file changed