|
|
Log in / Subscribe / Register

Mitigations for page cache attacks

Mitigations for page cache attacks

Posted Mar 13, 2026 23:19 UTC (Fri) by alip (subscriber, #170176)
Parent article: More timing side-channels for the page cache

Syd has mitigations for Page Cache attacks: https://man.exherbo.org/syd.7.html#Mitigation_against_Pag...

This is mostly trivial and amounts to preventing mincore(2) and cachestat(2) system calls:
1. As of version 3.25.0, Syd denies the mincore(2) system call by default, which is typically not needed during normal run and has been successfully (ab)used for page cache attacks: https://arxiv.org/pdf/1901.01161
2. As of version 3.35.2, the new system call cachestat(2) is also denied for the same reason as it is a scalable version of the mincore(2) system call. Again, as of version 3.35.2, the option trace/allow_unsafe_page_cache has been added to relax this restriction at startup. This may be needed to make direct rendering work with Firefox family browsers.

to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds