Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp6277132imm; Mon, 23 Jul 2018 14:57:25 -0700 (PDT) X-Google-Smtp-Source: AAOMgpf6OKPlWsj4+HRE1rcFEDQcGwb+rz9Y3CgSw6+06ZVPZUqOrnXLuUrgy4QmBbNxFNpL+TJq X-Received: by 2002:a62:93d4:: with SMTP id r81-v6mr14753134pfk.55.1532383045514; Mon, 23 Jul 2018 14:57:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532383045; cv=none; d=google.com; s=arc-20160816; b=B3hk5NpH+RkYPdo1WAyh9YfC7ZLs29p7+ld8E3U/5BPcded3AGp/m3ZHbu0a4+R1IN Bq5zfKML7Bw2f6j7FLX4r1mcscpfbi3/BN92vRXh77az0qQzK7GSmwtfyPjrvVJChbIm vjK1B2kbn+GIQOF60uTs2VAG+MPojJXIsMjzswRAa74e5RHez/9ZwN+GqwoZ/hgvNYuk zkXtmroN25lIxDUwV/23fOlGumbHgfONZ6K0yc1/mPBPkYlmkafPxbgSaQ3kCAbrjehw 4l35Xn6/iS/tht3DH4OyEKfYXfVX0mZB6rN5hWuTxonSVhrrxlPqRLvJ8L40ddQBkrlS 2JqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=8yX2beBv0gKCFAdZBW230iSyKg4HC0qww9xFtWreARo=; b=ryAK406kj9lwk2gkxgN2+dD7iSahPPx5LvX2r1um/hU2lH/OH/OC+XT9+j7G99Ysjk p/UGm3fNT0obxkQ4GtAykSXHRU0HHHUExHHqR9Q+tbh65pnib0WBomGxTa3UsshJ3UXw eZ6wDDHOr8ZRl4kIDHZ6wfpT0m4JrkGHVJOBiIGehbxyYqiv/GJQGr8x2tXwmeShV0Sl 5HgPQn9+OTIG4RNFm5WfN3HfvHyy6mc4kTyivAvNo2M8lsrmViiNSgEKobjCEeka+mOZ 3yGh4s+clE90y46EE43DP6k0pkmMUBswYJpLnGWP7eoS/sx/Q25NokTDmZrrCiH5jnBH bHmA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d26-v6si9090391pge.679.2018.07.23.14.57.09; Mon, 23 Jul 2018 14:57:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388293AbeGWW7O (ORCPT + 99 others); Mon, 23 Jul 2018 18:59:14 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:58109 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388052AbeGWW7N (ORCPT ); Mon, 23 Jul 2018 18:59:13 -0400 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id 0A35B80388; Mon, 23 Jul 2018 23:55:57 +0200 (CEST) Date: Mon, 23 Jul 2018 23:55:57 +0200 From: Pavel Machek To: Andy Lutomirski Cc: Linus Torvalds , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Peter Anvin , the arch/x86 maintainers , Linux Kernel Mailing List , linux-mm , Andrew Lutomirski , Dave Hansen , Josh Poimboeuf , =?iso-8859-1?Q?J=FCrgen_Gro=DF?= , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Greg Kroah-Hartman , Will Deacon , "Liguori, Anthony" , Daniel Gruss , Hugh Dickins , Kees Cook , Andrea Arcangeli , Waiman Long , "David H . Gutteridge" , Joerg Roedel , Arnaldo Carvalho de Melo , Alexander Shishkin , Jiri Olsa , Namhyung Kim Subject: Re: [PATCH 0/3] PTI for x86-32 Fixes and Updates Message-ID: <20180723215557.GA3935@amd> References: <1532103744-31902-1-git-send-email-joro@8bytes.org> <20180723140925.GA4285@amd> <20180723213830.GA4632@amd> <39A1C149-DA03-46D1-801F-0205DCD69A36@amacapital.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zYM0uCDKw75PZbzx" Content-Disposition: inline In-Reply-To: <39A1C149-DA03-46D1-801F-0205DCD69A36@amacapital.net> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --zYM0uCDKw75PZbzx Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > > What I want is "if A can ptrace B, and B has pti disabled, A can have > > pti disabled as well". Now.. I see someone may want to have it > > per-thread, because for stuff like javascript JIT, thread may have > > rights to call ptrace, but is unable to call ptrace because JIT > > removed that ability... hmm... >=20 > No, you don=E2=80=99t want that. The problem is that Meltdown isn=E2=80= =99t a problem that exists in isolation. It=E2=80=99s very plausible that J= avaScript code could trigger a speculation attack that, with PTI off, could= read kernel memory. Yeah, the web browser threads that run javascript code should have PTI on. But maybe I want the rest of web browser with PTI off. So... yes, I see why someone may want it per-thread (and not per-process). I guess per-process would be good enough for me. Actually, maybe even per-uid. I don't have any fancy security here, so anything running uid 0 and 1000 is close enough to trusted. Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAltWTu0ACgkQMOfwapXb+vLAHgCgwm6vHy+tGQo0EQEDMfrLuUJl GoQAn1fCFV/6RZlLyzusdi9BI7Xn3jNe =edDv -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx--