Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933264AbbELPrw (ORCPT <rfc822;w@1wt.eu>);
	Tue, 12 May 2015 11:47:52 -0400
Received: from mail-ie0-f176.google.com ([209.85.223.176]:33252 "EHLO
	mail-ie0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932924AbbELPrt (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 12 May 2015 11:47:49 -0400
Message-ID: <5552209C.501@gmail.com>
Date: Tue, 12 May 2015 11:47:40 -0400
From: Austin S Hemmelgarn <ahferroin7@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Arjan van de Ven <arjanvandeven@gmail.com>, Ingo Molnar <mingo@kernel.org>
CC: Alex Henrie <alexhenrie24@gmail.com>,
        One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
        Kees Cook <keescook@chromium.org>, "H . Peter Anvin" <hpa@zytor.com>,
        Doug Johnson <dougvj@gmail.com>, Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Tyler Hicks <tyhicks@canonical.com>,
        Al Viro <viro@zeniv.linux.org.uk>, LKML <linux-kernel@vger.kernel.org>,
        Andy Lutomirski <luto@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Borislav Petkov <bp@alien8.de>,
        Peter Zijlstra <a.p.zijlstra@chello.nl>,
        Arjan van de Ven <arjan@infradead.org>,
        Denys Vlasenko <dvlasenk@redhat.com>, Brian Gerst <brgerst@gmail.com>
Subject: Re: [PATCH v2] x86: Preserve iopl on fork and execve
References: <1431387505-13410-1-git-send-email-alexhenrie24@gmail.com>	<20150512064032.GA25097@gmail.com>	<CADyApD3Kom234GhvNdxTiF8xpUdqp9cLp8TuGLTkrQ=Z3ESkfg@mail.gmail.com> <CADyApD2-J07zg7gfa+LrFbHB_p2gN5k2P+x7OTCW1_rybTkdQA@mail.gmail.com>
In-Reply-To: <CADyApD2-J07zg7gfa+LrFbHB_p2gN5k2P+x7OTCW1_rybTkdQA@mail.gmail.com>
x-hashcash: 1:21:150512:arjanvandeven@gmail.com::8d7f5f6c231f558922a0c997b90ed2bb:c6be8b675c5d17c9
x-hashcash: 1:21:150512:mingo@kernel.org::fe8fb4622dc4df03ee3a911b708d9613:c76cc80761d8681
x-hashcash: 1:21:150512:alexhenrie24@gmail.com::3de905c6ead1ce084c2f0966087f109f:6b30d7b04ab4bcd6
x-hashcash: 1:21:150512:gnomes@lxorguk.ukuu.org.uk::e699a7dcef2d1e258cc00078c311f6d2:9a69c53faac79d2
x-hashcash: 1:21:150512:keescook@chromium.org::34bd90c0d9e9f35f77cf39d34a6e2e6a:26f45a1c4a12f867
x-hashcash: 1:21:150512:hpa@zytor.com::a6d1e7da807434b95c8462fbb9999a90:b72ae739642ff50c
x-hashcash: 1:21:150512:dougvj@gmail.com::863c0716e6fadcfcf009635f6ef4c742:60699a29117b9e07
x-hashcash: 1:21:150512:tglx@linutronix.de::3acf53df847c37d5f37b10600cc731af:27667865c3f27120
x-hashcash: 1:21:150512:mingo@redhat.com::9fe78813ba174da1fab29fe7b3790984:954b171ab36d41ec
x-hashcash: 1:21:150512:tyhicks@canonical.com::467a440fdf5d17e77140a322a73983a9:45e3fb7771bc1609
x-hashcash: 1:21:150512:viro@zeniv.linux.org.uk::2d699d9346771392881eaf4250bc25d:d5e8624f2cd41982
x-hashcash: 1:21:150512:linux-kernel@vger.kernel.org::611b4f35743ce41973406bdbc38bcf68:d1270b7f2b1eaebd
x-hashcash: 1:21:150512:luto@kernel.org::190a91f92dd6ddbc750236dd3b9fd6da:d4c7d7340fb4c917
x-hashcash: 1:21:150512:torvalds@linux-foundation.org::7f7721b5575f3c977c58683fa3001e0:881531f0b1379555
x-hashcash: 1:21:150512:akpm@linux-foundation.org::96cc666e874f0757fdd8912f5578c773:16b79d8ffc624b31
x-hashcash: 1:21:150512:bp@alien8.de::484b1c2fdfe876eb9314731c2004a19a:44279ee06ba9dcd5
x-hashcash: 1:21:150512:a.p.zijlstra@chello.nl::907db0eaf75424875f0927ae1fab83d5:ed5a78147ef4ea46
x-hashcash: 1:21:150512:arjan@infradead.org::bef58d2d47afe625269a1d89557b9786:1a44fb45e36e1089
x-hashcash: 1:21:150512:dvlasenk@redhat.com::2669aba05b1055499ebe2be4d771b20:ad2f3b8b2686b561
x-hashcash: 1:21:150512:brgerst@gmail.com::67655827545b2a0a4dc8e77306eb39c5:13b152044a65b81
x-stampprotocols: hashcash:1:17;mbound:0:10:3000:5000
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms090203070307020308040203"
X-Antivirus: avast! (VPS 150512-0, 2015-05-12), Outbound message
X-Antivirus-Status: Clean
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 5546
Lines: 92

This is a cryptographically signed message in MIME format.

--------------ms090203070307020308040203
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

On 2015-05-12 11:25, Arjan van de Ven wrote:
>>
>> also the interesting question is:
>> can a process give up these perms?
>> otherwise it becomes a "once given, never gotten rid of" hell hole.
>
> If you look at a modern linux distro, nothing should need/use iopl and
> co anymore, so maybe an interesting
> question is if we can stick these behind a CONFIG_ option (default on
> of course for compatibility)... just like
> some of the /dev/mem like things are now hidable for folks who know
> they don't need them.
Personally, I _really_ like this idea.  The only thing I know of on any=20
modern distro that even considers using ioperm is hwclock, and it only=20
does so if it can't access the RTC through other means (and if you have=20
an RTC, you really should have the /dev interface enabled).



--------------ms090203070307020308040203
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGuDCC
BrQwggScoAMCAQICAxBuVTANBgkqhkiG9w0BAQ0FADB5MRAwDgYDVQQKEwdSb290IENBMR4w
HAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmlu
ZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xNTAz
MjUxOTM0MzhaFw0xNTA5MjExOTM0MzhaMGMxGDAWBgNVBAMTD0NBY2VydCBXb1QgVXNlcjEj
MCEGCSqGSIb3DQEJARYUYWhmZXJyb2luN0BnbWFpbC5jb20xIjAgBgkqhkiG9w0BCQEWE2Fo
ZW1tZWxnQG9oaW9ndC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCdD/zW
2rRAFCLnDfXpWxU1+ODqRVUgzHvrRO7ADUxRo1CBDc3JSX5TIW2OGmQ3DAKGOACp8Z0sgxMc
B05tzAZ/M7m4jajVrwwdVCdrwVGxTdAai7Kwg4ZCVfyMVhcwo8R2eW3QahBx34G0RKumK9sZ
ZQSQ+zULAzpY6uz7T1sAk/erMoivRXF6u8WvOsLkOD1F/Xyv1ZccSUG5YeDgZgc0nZUBvyIp
zXSHjgWerFkrxEM3y2z/Ff3eL1sgGYecV/I1F+I5S01V7Kclt/qRW10c/4JEGRcI1FmrJBPu
BtMYPbg/3Y9LZROYN+mVIFxZxOfrmjfFZ96xt/TaMXo8vcEKtWcNEjhGBjEbfMUEm4aq8ygQ
4MuEcpJc8DJCHBkg2KBk13DkbU2qNepTD6Uip1C+g+KMr0nd6KOJqSH27ZuNY4xqV4hIxFHp
ex0zY7mq6fV2o6sKBGQzRdI20FDYmNjsLJwjH6qJ8laxFphZnPRpBThmu0AjuBWE72GnI1oA
aO+bs92MQGJernt7hByCnDO82W/ykbVz+Ge3Sax8NY0m2Xdvp6WFDY/PjD9CdaJ9nwQGsUSa
N54lrZ2qMTeCI9Vauwf6U69BA42xgk65VvxvTNqji+tZ4aZbarZ7el2/QDHOb/rRwlCFplS/
z4l1f1nOrE6bnDl5RBJyW3zi74P6GwIDAQABo4IBWTCCAVUwDAYDVR0TAQH/BAIwADBWBglg
hkgBhvhCAQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
b3ZlciB0byBodHRwOi8vd3d3LkNBY2VydC5vcmcwDgYDVR0PAQH/BAQDAgOoMEAGA1UdJQQ5
MDcGCCsGAQUFBwMEBggrBgEFBQcDAgYKKwYBBAGCNwoDBAYKKwYBBAGCNwoDAwYJYIZIAYb4
QgQBMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9y
ZzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcvcmV2b2tlLmNybDA0
BgNVHREELTArgRRhaGZlcnJvaW43QGdtYWlsLmNvbYETYWhlbW1lbGdAb2hpb2d0LmNvbTAN
BgkqhkiG9w0BAQ0FAAOCAgEAGvl7xb42JMRH5D/vCIDYvFY3dR2FPd5kmOqpKU/fvQ8ovmJa
p5N/FDrsCL+YdslxPY+AAn78PYmL5pFHTdRadT++07DPIMtQyy2qd+XRmz6zP8Il7vGcEDmO
WmMLYMq4xV9s/N7t7JJp6ftdIYUcoTVChUgilDaRWMLidtslCdRsBVfUjPb1bF5Ua31diKDP
e0M9/e2CU36rbcTtiNCXhptMigzuL3zJXUf2B9jyUV8pnqNEQH36fqJ7YTBLcpq3aYa2XbAH
Hgx9GehJBIqwspDmhPCFZ/QmqUXCkt+XfvinQ2NzKR6P3+OdYbwqzVX8BdMeojh7Ig8x/nIx
mQ+/ufstL1ZYp0bg13fyK/hPYSIBpayaC76vzWovkIm70DIDRIFLi20p/qTd7rfDYy831Hjm
+lDdCECF9bIXEWFk33kA97dgQIMbf5chEmlFg8S0e4iw7LMjvRqMX3eCD8GJ2+oqyZUwzZxy
S0Mx+rBld5rrN7LsXwZ671HsGqNeYbYeU25e7t7/Gcc6Bd/kPfA+adEuUGFcvUKH3trDYqNq
6mOkAd8WO/mQadlc3ztS++XDMhmIpfBre9MPAr6usqf+wc+R8Nk9KLK39kEgrqVfzc/fgf8L
MaD4rHnusdg4gca6Yi+kNrm99anw7SwaBrBvULYBp7ixNRUhaYiNW4YjTrYxggShMIIEnQIB
ATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5v
cmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEW
EnN1cHBvcnRAY2FjZXJ0Lm9yZwIDEG5VMAkGBSsOAwIaBQCgggH1MBgGCSqGSIb3DQEJAzEL
BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MDUxMjE1NDc0MFowIwYJKoZIhvcNAQkE
MRYEFOc00EJvJ4r/eT4l57NICTth3b6UMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEq
MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwIC
AUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgZEGCSsGAQQBgjcQBDGBgzCBgDB5MRAwDgYD
VQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMT
GUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2Fj
ZXJ0Lm9yZwIDEG5VMIGTBgsqhkiG9w0BCRACCzGBg6CBgDB5MRAwDgYDVQQKEwdSb290IENB
MR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2ln
bmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDEG5V
MA0GCSqGSIb3DQEBAQUABIICAAUsGh8sNpoyaGx3baCW9/opj0ZluPBxFTnkp3iNzhmDd68D
Y1MOL0vUgSKhDAN/wLXE4HIfUrNkato8bhjISmfXPHIR3Mr3c5fjKFvgms/b76/QQz4Y5TCy
hPlXeOwor0Gb0KgOPDjZ5LTYunEZpj1BlK6Q3Bbv/IVONMWA6172ClDq7/Ujr6pvIc4L1OGP
2yEDIH6mAouMQO4bGDjwEAee2WjuJxnTJcs970ortbyOlYP8SvxKCH+6mrYIOWF2lKxzxdFs
mxo8Dh6Dg1G5TxhNWMyTmHXNrEl3RvtVnbKYrYEiOVqcGl8ieX9r2XJFmESM4Vy28HJ/BHfy
RbWyskz736UeMTpcIR+iaZblkop/8D4R/aCgMr1NAqOnwRUs2CnLUJegXVoWolSr2swTa914
35XX11JiGVb0qvTb1KouRU/Yz7IaM+5kXV9I3tcawijg4U6WVmIYVvQXxWB8QSdnc12CRvj5
qwbXz1gxX2ApDNTLzRUqBkhSfYTrU9j9S0agJDjxBLGxLDlYpy5QIg24MCYBQVx1YGQQKOvc
7UbX5UEACO4HdLcPtqZTpsurNfz+htp+5R7HLuuBpZzKXrF3RvljRBmghsoqfh688rJaEyGQ
9CQKiYhljKqs8hEyaAEv+iUptiflfJmIcCoT9/FOJi/wNj9FOi4D2hx+d7OkAAAAAAAA
--------------ms090203070307020308040203--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/