RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak

From: Thomas Gleixner
Date: Wed Sep 12 2018 - 08:01:49 EST

Next message: Julien Thierry: "Re: [PATCH v5 02/27] arm64: cpufeature: Use alternatives for VHE cpu_enable"
Previous message: Matti Vaittinen: "[PATCH v2 7/7] regulator: bd718xx: rename bd71837 to 718xx"
In reply to: Schaufler, Casey: "RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Next in thread: Jiri Kosina: "[PATCH v5 2/2] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 11 Sep 2018, Schaufler, Casey wrote:
> How about this? Take Jiri's patch as written. You get everything except checks
> on the security blobs and any "magic" that my safesidechannel module did. I
> will propose a follow on patch that fixes the SELinux code to eliminate the locking
> issue and enables the LSM hooks in the IBPB case. I can then do a revised "magic"
> safesidechannel security module that uses the ptrace hook instead of adding a
> new hook explicitly for IBPB. There is some danger that in the future ptrace and
> IBPB criteria will diverge sufficiently that a common hook becomes nonsensical.
> As no one else seems concerned about this possibility, I won't lose any sleep over
> it either.

Sounds like a plan.

Next message: Julien Thierry: "Re: [PATCH v5 02/27] arm64: cpufeature: Use alternatives for VHE cpu_enable"
Previous message: Matti Vaittinen: "[PATCH v2 7/7] regulator: bd718xx: rename bd71837 to 718xx"
In reply to: Schaufler, Casey: "RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Next in thread: Jiri Kosina: "[PATCH v5 2/2] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]