RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak

From: Jiri Kosina
Date: Mon Sep 10 2018 - 15:36:18 EST

Next message: Thomas Gleixner: "Re: [PATCH v2 3/5] irqchip: RISC-V Local Interrupt Controller Driver"
Previous message: Jacek Anaszewski: "Re: [PATCH v5 0/2] Panasonic AN30259A support"
In reply to: Schaufler, Casey: "RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Next in thread: Schaufler, Casey: "RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 10 Sep 2018, Schaufler, Casey wrote:

> Yes, It would require that this patch be tested against all the existing
> security modules that provide a ptrace_access_check hook. It's not like
> the security module writers don't have a bunch of locking issues to deal
> with.

Yeah, that was indeed my concern.

So can we agree on doing this in the 2nd envisioned step, when this is
going to be replaced by LSM as discussed [1] previously?

[1] http://lkml.kernel.org/r/99FC4B6EFCEFD44486C35F4C281DC67321447094@xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Thanks,

--
Jiri Kosina
SUSE Labs

Next message: Thomas Gleixner: "Re: [PATCH v2 3/5] irqchip: RISC-V Local Interrupt Controller Driver"
Previous message: Jacek Anaszewski: "Re: [PATCH v5 0/2] Panasonic AN30259A support"
In reply to: Schaufler, Casey: "RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Next in thread: Schaufler, Casey: "RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]