RE: [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to avoid cross-process data leak
From: Schaufler, Casey
Date: Wed Sep 12 2018 - 20:05:07 EST
> -----Original Message-----
> From: Jiri Kosina [mailto:jikos@xxxxxxxxxx]
>
>
> @@ -325,10 +326,13 @@ static int __ptrace_may_access(struct task_struct
> *task, unsigned int mode)
> mm = task->mm;
> if (mm &&
> ((get_dumpable(mm) != SUID_DUMP_USER) &&
> - !ptrace_has_cap(mm->user_ns, mode)))
> + ((mode & PTRACE_MODE_NOACCESS_CHK) ||
> + !ptrace_has_cap(mm->user_ns, mode))))
> return -EPERM;
>
> - return security_ptrace_access_check(task, mode);
> + if (!(mode & PTRACE_MODE_NOACCESS_CHK))
> + return security_ptrace_access_check(task, mode);
> + return 0;
Because PTRACE_MODE_IBPB includes PTRACE_MODE_NOAUDIT you
shouldn't need this change. Do you have a good way to exercise this code
path? I'm having trouble getting to the check, and have yet to get a case
where PTRACE_MODE_NOACCESS_CHK is set.
> }
>
> bool ptrace_may_access(struct task_struct *task, unsigned int mode)
>
> --
> Jiri Kosina
> SUSE Labs