> -----Original Message----- > From: Jiri Kosina [mailto:[email protected]] > Sent: Monday, September 10, 2018 12:36 PM > To: Schaufler, Casey <[email protected]> > Cc: Thomas Gleixner <[email protected]>; Ingo Molnar <[email protected]>; > Peter Zijlstra <[email protected]>; Josh Poimboeuf > <[email protected]>; Andrea Arcangeli <[email protected]>; > Woodhouse, David <[email protected]>; Andi Kleen <[email protected]>; > Tim Chen <[email protected]>; [email protected]; > [email protected] > Subject: RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid > cross-process data leak > > On Mon, 10 Sep 2018, Schaufler, Casey wrote: > > > Yes, It would require that this patch be tested against all the existing > > security modules that provide a ptrace_access_check hook. It's not like > > the security module writers don't have a bunch of locking issues to deal > > with. > > Yeah, that was indeed my concern. > > So can we agree on doing this in the 2nd envisioned step, when this is > going to be replaced by LSM as discussed [1] previously?
It you're going to call __ptrace_access_check(), which already includes an LSM hook, it makes a whole lot of sense to make that the path for doing any module specific checks. It seems wrong to disable the LSM hook there, then turn around and introduce a new one that does the check you just disabled. The patches I had proposed created a new LSM hook because there was not path to an existing hook. With your addition of __ptrace_access_check() that is no longer an issue once any locking problems are resolved. Rather than use a new hook, the existing ptrace hooks ought to work just fine, and any new checks can be added in a new module that has its own ptrace_access_check hook. > [1] > http://lkml.kernel.org/r/99FC4B6EFCEFD44486C35F4C281DC67321447094@OR > SMSX107.amr.corp.intel.com > > Thanks, > > -- > Jiri Kosina > SUSE Labs
