RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak

From: Jiri Kosina
Date: Mon Sep 10 2018 - 15:14:17 EST

Next message: Thomas WeiÃschuh: "Re: [PATCH v3] staging: erofs: use explicit unsigned int type"
Previous message: Tom Zanussi: "[PATCH v4 4/8] tracing: Add conditional snapshot"
In reply to: Schaufler, Casey: "RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Next in thread: Schaufler, Casey: "RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 10 Sep 2018, Schaufler, Casey wrote:

> Why are you dropping the LSM check here, when in v4 you fixed the
> SELinux audit locking issue? We can avoid introducing an LSM hook
> and all the baggage around it if you can do the security_ptrace_access_check()
> here.

So what guarantees that none of the hooks that
security_ptrace_access_check() is invoking will not be taking locks (from
scheduler context in this case)?

Thanks,

--
Jiri Kosina
SUSE Labs

Next message: Thomas WeiÃschuh: "Re: [PATCH v3] staging: erofs: use explicit unsigned int type"
Previous message: Tom Zanussi: "[PATCH v4 4/8] tracing: Add conditional snapshot"
In reply to: Schaufler, Casey: "RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Next in thread: Schaufler, Casey: "RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]