RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak

From: Thomas Gleixner
Date: Wed Sep 12 2018 - 08:01:49 EST


On Tue, 11 Sep 2018, Schaufler, Casey wrote:
> How about this? Take Jiri's patch as written. You get everything except checks
> on the security blobs and any "magic" that my safesidechannel module did. I
> will propose a follow on patch that fixes the SELinux code to eliminate the locking
> issue and enables the LSM hooks in the IBPB case. I can then do a revised "magic"
> safesidechannel security module that uses the ptrace hook instead of adding a
> new hook explicitly for IBPB. There is some danger that in the future ptrace and
> IBPB criteria will diverge sufficiently that a common hook becomes nonsensical.
> As no one else seems concerned about this possibility, I won't lose any sleep over
> it either.

Sounds like a plan.