Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1276559imm;
        Fri, 17 Aug 2018 15:19:41 -0700 (PDT)
X-Google-Smtp-Source: AA+uWPwBVARdP4Kn8niZuO+X0YEtVP1ht36vXWNPbb/k72ZWvMFW3jeYP4HfYcebd7FmA8kvVODW
X-Received: by 2002:a63:3d41:: with SMTP id k62-v6mr34491174pga.254.1534544381079;
        Fri, 17 Aug 2018 15:19:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1534544381; cv=none;
        d=google.com; s=arc-20160816;
        b=un4+4XM0H9v5CJks3LAxIS6a6Fr4QLYPJugKDGtJNy+GR6v/bcwxqM8gkUdRlRQVe+
         a09EepLbeS0cQFmWd4IJG78ys6Rl3O5ewuNdYj4rWy1tLuA2HkTBx0Nl8spoGV7A3tOv
         C9wj0CFk8C35anZ6SRcp2+cPY2vuQR9L9F0DPfcbXWuCIJFSfC3pkCuq2dU2Nvji6V+W
         j7lMeGXWAQeap2flWfYccVoCYg/v3BGmcAgTJKnKO7zFiqbr2apnlooaMGkBzwGp2eYV
         yWvt/wZBF0jjImQw1sx1PWRHpY38JnTTNKz8tFFemno/L3M4fr/p+FXWzjlMAI1cNEml
         a51g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:to:from
         :arc-authentication-results;
        bh=5wDySLdzou2kaf+ZUT/OSwGZ7YhV0+H5JYUNG30DTTo=;
        b=t/opV5KbrhPngMXWqgQWrImzFQ6ukbsAZYaLWZi4r0HYGCMlx+D9640K+Da3TZObmr
         yO1uoRgZi4quuadwulnFMVB89tImaC459Unt3gcNcz2ekPacoFEYXDDdwjv30rhHmWqx
         6pYf8rWQ/v1JavnWubJZb5Rp/LzBT1JZOP2aRuQc1F51IRbEWJdOGIcIdegj51cB2JOj
         yqhgFjHw8zP01RhIC4M9WKVsJD7S7E9CZnmRmSs5mzhHrDyrRHhsOrUxiKeOhCCGEXPZ
         Kbz2+nQOyDIuMkfY2GftMa46iJ2N9CmYu+Q7aeYABMko4qc1ydylHGjGWH38lL+LSydX
         1Fuw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e1-v6si3150570pfa.274.2018.08.17.15.19.25;
        Fri, 17 Aug 2018 15:19:41 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727474AbeHRBVd (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Fri, 17 Aug 2018 21:21:33 -0400
Received: from mga11.intel.com ([192.55.52.93]:58247 "EHLO mga11.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726215AbeHRBVd (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 17 Aug 2018 21:21:33 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga006.jf.intel.com ([10.7.209.51])
  by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Aug 2018 15:16:25 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.53,253,1531810800"; 
   d="scan'208";a="67079607"
Received: from cschaufl-mobl.amr.corp.intel.com ([10.254.9.75])
  by orsmga006.jf.intel.com with ESMTP; 17 Aug 2018 15:16:24 -0700
From:   Casey Schaufler <casey.schaufler@intel.com>
To:     kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org,
        linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
        casey.schaufler@intel.com, dave.hansen@intel.com,
        deneen.t.dock@intel.com, kristen@linux.intel.com,
        arjan@linux.intel.com
Subject: [PATCH RFC v2 0/5] LSM: Add and use a hook for side-channel safety checks
Date:   Fri, 17 Aug 2018 15:16:19 -0700
Message-Id: <20180817221624.10232-1-casey.schaufler@intel.com>
X-Mailer: git-send-email 2.17.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

v2: SELinux access policy corrected.
    Use real_cred instead of cred.

This patchset provide a mechanism by which a security module
can advise the system about potential side-channel vulnerabilities.
If security_safe_sidechannel() returns 0 the security modules do
not know of any data that would be subject to a side-channel
attack. If the security module maintains data that it believes
may be susceptible to a side-channel attack it will return -EACCES.

Simple hooks are provided for SELinux and Smack. A new security
module is provided to make determinations regarding traditional
task attributes, including user IDs, capability sets and namespaces.

Signed-off-by: Casey Schaufler <casey.schaufler@intel.com>

---
 MAINTAINERS                        |   6 ++
 arch/x86/mm/tlb.c                  |  12 ++-
 include/linux/lsm_hooks.h          |  12 +++
 include/linux/security.h           |   1 +
 security/Kconfig                   |   1 +
 security/Makefile                  |   2 +
 security/security.c                |   6 ++
 security/selinux/hooks.c           |   9 +++
 security/sidechannel/Kconfig       |  60 ++++++++++++++
 security/sidechannel/Makefile      |   1 +
 security/sidechannel/sidechannel.c | 156 +++++++++++++++++++++++++++++++++++++
 security/smack/smack_lsm.c         |  18 +++++
 12 files changed, 280 insertions(+), 4 deletions(-)