RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak

From: Jiri Kosina
Date: Mon Sep 10 2018 - 15:36:18 EST

On Mon, 10 Sep 2018, Schaufler, Casey wrote:

> Yes, It would require that this patch be tested against all the existing
> security modules that provide a ptrace_access_check hook. It's not like
> the security module writers don't have a bunch of locking issues to deal
> with.

Yeah, that was indeed my concern.

So can we agree on doing this in the 2nd envisioned step, when this is
going to be replaced by LSM as discussed [1] previously?



Jiri Kosina