| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <nycvar.YFH.7.76.1809141259010.15880@cbobk.fhfr.pm>
Date: Fri, 14 Sep 2018 13:00:40 +0200 (CEST)
From: Jiri Kosina <jikos@...nel.org>
To: "Schaufler, Casey" <casey.schaufler@...el.com>
cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
"Woodhouse, David" <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>,
Tim Chen <tim.c.chen@...ux.intel.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"x86@...nel.org" <x86@...nel.org>
Subject: RE: [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to
avoid cross-process data leak
On Thu, 13 Sep 2018, Schaufler, Casey wrote:
> > - return security_ptrace_access_check(task, mode);
> > + if (!(mode & PTRACE_MODE_NOACCESS_CHK))
> > + return security_ptrace_access_check(task, mode);
> > + return 0;
>
> Because PTRACE_MODE_IBPB includes PTRACE_MODE_NOAUDIT you
> shouldn't need this change.
That is true, but that's not my concern here.
security_ptrace_access_check() -> call_int_hook() -> P->hook.FUNC().
If it's somehow guaranteed that all functions called this ways are fine to
be called from scheduler context (wrt. locks), then it's all fine and I'll
happily drop that check.
Is it guaranteed?
Thanks,
--
Jiri Kosina
SUSE Labs
Powered by blists - more mailing lists