| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.21.1811191433100.1537@nanos.tec.linutronix.de>
Date: Mon, 19 Nov 2018 14:36:32 +0100 (CET)
From: Thomas Gleixner <tglx@...utronix.de>
To: Jiri Kosina <jikos@...nel.org>
cc: Tim Chen <tim.c.chen@...ux.intel.com>,
Tom Lendacky <thomas.lendacky@....com>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
David Woodhouse <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>,
Dave Hansen <dave.hansen@...el.com>,
Casey Schaufler <casey.schaufler@...el.com>,
Asit Mallick <asit.k.mallick@...el.com>,
Arjan van de Ven <arjan@...ux.intel.com>,
Jon Masters <jcm@...hat.com>,
Waiman Long <longman9394@...il.com>,
LKML <linux-kernel@...r.kernel.org>, x86@...nel.org,
Willy Tarreau <w@....eu>
Subject: Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app
protection modes
On Sun, 18 Nov 2018, Jiri Kosina wrote:
> On Sat, 17 Nov 2018, Jiri Kosina wrote:
> Subject: [PATCH] x86/speculation: enforce STIBP for SECCOMP tasks in lite mode
>
> If 'lite' mode of app2app protection from spectre_v2 is selected on
> kernel command-line, we are currently applying STIBP protection to
> non-dumpable tasks, and tasks that have explicitly requested such
> protection via
>
> prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_ENABLE, 0, 0);
>
> Let's extend this to cover also SECCOMP tasks (analogically to how we
> apply SSBD protection).
Right. And SSBD does not fiddle with dumpable.
Willy had concerns about the (ab)use of dumpable so I'm holding off on that
bit for now.
Thanks,
tglx
Powered by blists - more mailing lists