[$] Defending against page-cache attacks

The kernel's page cache works to improve performance by minimizing disk I/Oand increasing the sharing of physical memory. But, like otherperformance-enhancing techniques that involve resources shared acrosssecurity boundaries, the page cache can be abused as a way to extractinformation that should be kept secret. A recent paper [PDF] by Daniel Grussand colleagues showed how the page cache can be targeted for a number ofdifferent attacks, leading to an abrupt change in how themincore() system call works at the endof the 5.0 merge window. But subsequent discussion has made it clearthat mincore() is just the tip of the iceberg; it is unclear whatwill really need to be done to protect a system against page-cache attacksor what the performance cost might be.