lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YBgFDXgX57y5XzOn@hirez.programming.kicks-ass.net>
Date:   Mon, 1 Feb 2021 14:41:33 +0100
From:   Peter Zijlstra <peterz@...radead.org>
To:     Sai Prakash Ranjan <saiprakash.ranjan@...eaurora.org>
Cc:     Mathieu Poirier <mathieu.poirier@...aro.org>,
        Suzuki K Poulose <suzuki.poulose@....com>,
        Mike Leach <mike.leach@...aro.org>,
        Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...hat.com>,
        Namhyung Kim <namhyung@...nel.org>,
        Leo Yan <leo.yan@...aro.org>, coresight@...ts.linaro.org,
        Stephen Boyd <swboyd@...omium.org>,
        Denis Nikitin <denik@...omium.org>,
        Mattias Nissler <mnissler@...omium.org>,
        Al Grant <al.grant@....com>, linux-arm-msm@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        jannh@...gle.com
Subject: Re: [PATCH 1/4] perf/core: Add support to exclude kernel mode
 instruction tracing

On Mon, Feb 01, 2021 at 01:11:04PM +0530, Sai Prakash Ranjan wrote:

> Ok I suppose you mean CONFIG_SECURITY_LOCKDOWN_LSM? But I don't see
> how this new config has to depend on that? This can work independently
> whether complete lockdown is enforced or not since it applies to only
> hardware instruction tracing. Ideally this depends on several hardware
> tracing configs such as ETMs and others but we don't need them because
> we are already exposing PERF_PMU_CAP_ITRACE check in the events core.

If you don't have lockdown, root pretty much owns the kernel, or am I
missing something?

> be used for some speculative execution based attacks. Which other
> kernel level PMUs can be used to get a full branch trace that is not
> locked down? If there is one, then this should probably be applied to
> it as well.

Just the regular counters. The information isn't as accurate, but given
enough goes you can infer plenty.

Just like all the SMT size-channel attacks.

Sure, PT and friends make it even easier, but I don't see a fundamental
distinction.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ