| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Feb 2021 13:08:05 +0530
From: Sai Prakash Ranjan <saiprakash.ranjan@...eaurora.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Mathieu Poirier <mathieu.poirier@...aro.org>,
Suzuki K Poulose <suzuki.poulose@....com>,
Mike Leach <mike.leach@...aro.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...hat.com>,
Namhyung Kim <namhyung@...nel.org>,
Leo Yan <leo.yan@...aro.org>, coresight@...ts.linaro.org,
Stephen Boyd <swboyd@...omium.org>,
Denis Nikitin <denik@...omium.org>,
Mattias Nissler <mnissler@...omium.org>,
Al Grant <al.grant@....com>, linux-arm-msm@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
jannh@...gle.com
Subject: Re: [PATCH 1/4] perf/core: Add support to exclude kernel mode
instruction tracing
Hi Peter,
On 2021-02-02 11:41, Sai Prakash Ranjan wrote:
> Hi Peter,
>
> On 2021-02-01 19:11, Peter Zijlstra wrote:
>> On Mon, Feb 01, 2021 at 01:11:04PM +0530, Sai Prakash Ranjan wrote:
>>
>>> Ok I suppose you mean CONFIG_SECURITY_LOCKDOWN_LSM? But I don't see
>>> how this new config has to depend on that? This can work
>>> independently
>>> whether complete lockdown is enforced or not since it applies to only
>>> hardware instruction tracing. Ideally this depends on several
>>> hardware
>>> tracing configs such as ETMs and others but we don't need them
>>> because
>>> we are already exposing PERF_PMU_CAP_ITRACE check in the events core.
>>
>> If you don't have lockdown, root pretty much owns the kernel, or am I
>> missing something?
>>
>
> You are right in saying that without lockdown root would own kernel but
> this config(EXCLUDE_KERNEL) will independently make sure that kernel
> level pmu tracing is not allowed(we return -EACCES) even if LOCKDOWN
> config is disabled. So I'm saying that we don't need to depend on
> LOCKDOWN config, its good to have LOCKDOWN config enabled but perf
> subsystem doesn't have to care about that.
>
>>> be used for some speculative execution based attacks. Which other
>>> kernel level PMUs can be used to get a full branch trace that is not
>>> locked down? If there is one, then this should probably be applied to
>>> it as well.
>>
>> Just the regular counters. The information isn't as accurate, but
>> given
>> enough goes you can infer plenty.
>>
>> Just like all the SMT size-channel attacks.
>>
>> Sure, PT and friends make it even easier, but I don't see a
>> fundamental
>> distinction.
>
> Right, we should then exclude all kernel level pmu tracing, is it fine?
>
> if (IS_ENABLED(CONFIG_EXCLUDE_KERNEL_HW_ITRACE) &&
> !attr.exclude_kernel))
> return -EACCES;
>
Sorry for being pushy, but does the above make sense?
Thanks,
Sai
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a
member
of Code Aurora Forum, hosted by The Linux Foundation
Powered by blists - more mailing lists