On Mon, 3 Sep 2018, Peter Zijlstra wrote:
> > if (tsk && tsk->mm &&
> > tsk->mm->context.ctx_id != last_ctx_id &&
> > - get_dumpable(tsk->mm) != SUID_DUMP_USER)
> > + ___ptrace_may_access(tsk, current, PTRACE_MODE_IBPB))
> >
On Mon, 3 Sep 2018, Peter Zijlstra wrote:
> > if (tsk && tsk->mm &&
> > tsk->mm->context.ctx_id != last_ctx_id &&
> > - get_dumpable(tsk->mm) != SUID_DUMP_USER)
> > + ___ptrace_may_access(tsk, current, PTRACE_MODE_IBPB))
> >
On Mon, Sep 03, 2018 at 02:45:25PM +0200, Jiri Kosina wrote:
> if (tsk && tsk->mm &&
> tsk->mm->context.ctx_id != last_ctx_id &&
> - get_dumpable(tsk->mm) != SUID_DUMP_USER)
> + ___ptrace_may_access(tsk, current, PTRACE_MODE_IBPB))
>
On Mon, Sep 03, 2018 at 02:45:25PM +0200, Jiri Kosina wrote:
> if (tsk && tsk->mm &&
> tsk->mm->context.ctx_id != last_ctx_id &&
> - get_dumpable(tsk->mm) != SUID_DUMP_USER)
> + ___ptrace_may_access(tsk, current, PTRACE_MODE_IBPB))
>
From: Jiri Kosina
Currently, we are issuing IBPB only in cases when switching into a non-dumpable
process, the rationale being to protect such 'important and security sensitive'
processess (such as GPG) from data leak into a different userspace process via
spectre v2.
This is however completely
From: Jiri Kosina
Currently, we are issuing IBPB only in cases when switching into a non-dumpable
process, the rationale being to protect such 'important and security sensitive'
processess (such as GPG) from data leak into a different userspace process via
spectre v2.
This is however completely
6 matches
Mail list logo