RE: [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to avoid cross-process data leak

From: Thomas Gleixner
Date: Fri Sep 14 2018 - 07:05:35 EST


On Fri, 14 Sep 2018, Jiri Kosina wrote:
> On Thu, 13 Sep 2018, Schaufler, Casey wrote:
>
> > > - return security_ptrace_access_check(task, mode);
> > > + if (!(mode & PTRACE_MODE_NOACCESS_CHK))
> > > + return security_ptrace_access_check(task, mode);
> > > + return 0;
> >
> > Because PTRACE_MODE_IBPB includes PTRACE_MODE_NOAUDIT you
> > shouldn't need this change.
>
> That is true, but that's not my concern here.
>
> security_ptrace_access_check() -> call_int_hook() -> P->hook.FUNC().
>
> If it's somehow guaranteed that all functions called this ways are fine to
> be called from scheduler context (wrt. locks), then it's all fine and I'll
> happily drop that check.
>
> Is it guaranteed?

The related question is whether it is guaranteed for backports. We don't
want to end up with a separate hell there.

Thanks,

tglx