RE: [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to avoid cross-process data leak

From: Jiri Kosina
Date: Fri Sep 14 2018 - 07:00:47 EST

Next message: Thomas Gleixner: "RE: [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Previous message: Kieran Bingham: "Re: [PATCH 2/6] media: vsp1: Correct the pitch on multiplanar formats"
In reply to: Schaufler, Casey: "RE: [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Next in thread: Thomas Gleixner: "RE: [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 13 Sep 2018, Schaufler, Casey wrote:

> > - return security_ptrace_access_check(task, mode);
> > + if (!(mode & PTRACE_MODE_NOACCESS_CHK))
> > + return security_ptrace_access_check(task, mode);
> > + return 0;
>
> Because PTRACE_MODE_IBPB includes PTRACE_MODE_NOAUDIT you
> shouldn't need this change.

That is true, but that's not my concern here.

security_ptrace_access_check() -> call_int_hook() -> P->hook.FUNC().

If it's somehow guaranteed that all functions called this ways are fine to
be called from scheduler context (wrt. locks), then it's all fine and I'll
happily drop that check.

Is it guaranteed?

Thanks,

--
Jiri Kosina
SUSE Labs

Next message: Thomas Gleixner: "RE: [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Previous message: Kieran Bingham: "Re: [PATCH 2/6] media: vsp1: Correct the pitch on multiplanar formats"
In reply to: Schaufler, Casey: "RE: [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Next in thread: Thomas Gleixner: "RE: [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]