RE: [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to avoid cross-process data leak

From: Jiri Kosina
Date: Fri Sep 14 2018 - 07:00:47 EST


On Thu, 13 Sep 2018, Schaufler, Casey wrote:

> > - return security_ptrace_access_check(task, mode);
> > + if (!(mode & PTRACE_MODE_NOACCESS_CHK))
> > + return security_ptrace_access_check(task, mode);
> > + return 0;
>
> Because PTRACE_MODE_IBPB includes PTRACE_MODE_NOAUDIT you
> shouldn't need this change.

That is true, but that's not my concern here.

security_ptrace_access_check() -> call_int_hook() -> P->hook.FUNC().

If it's somehow guaranteed that all functions called this ways are fine to
be called from scheduler context (wrt. locks), then it's all fine and I'll
happily drop that check.

Is it guaranteed?

Thanks,

--
Jiri Kosina
SUSE Labs