Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753278AbeAFUCg (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Sat, 6 Jan 2018 15:02:36 -0500
Received: from www.llwyncelyn.cymru ([82.70.14.225]:56160 "EHLO fuzix.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752397AbeAFUCf (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 6 Jan 2018 15:02:35 -0500
Date: Sat, 6 Jan 2018 20:02:32 +0000
From: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
To: Avi Kivity <avi@scylladb.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: Proposal: CAP_PAYLOAD to reduce Meltdown and Spectre mitigation
 costs
Message-ID: <20180106200232.67387c5a@alans-desktop>
In-Reply-To: <a5398c4e-be02-0de6-5c76-c37320011eef@scylladb.com>
References: <a5398c4e-be02-0de6-5c76-c37320011eef@scylladb.com>
Organization: Intel Corporation
X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

> I propose to create a new capability, CAP_PAYLOAD, that allows the 
> system administrator to designate an application as the main workload in 
> that system. Other processes (like sshd or monitoring daemons) exist to 
> support it, and so it makes sense to protect the rest of the system from 
> their being compromised.

Much more general would be to do this with cgroups both for group-group
trust and group-kernel trust levels.

Alan