Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp4256579imm; Mon, 20 Aug 2018 12:33:16 -0700 (PDT) X-Google-Smtp-Source: AA+uWPwoJC3jk4jFnILfj6hBss72yQiGfMNHO/7wgXgdo82M1TE0GMgaRD0HUyKRi4492r3ZA9Mt X-Received: by 2002:a63:ba1c:: with SMTP id k28-v6mr16798292pgf.76.1534793596802; Mon, 20 Aug 2018 12:33:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534793596; cv=none; d=google.com; s=arc-20160816; b=XzSzOCw/dLOW+pJCcUrVoL0oNAPvl0AXRqRqme2RoW9ZwTiql9XcUkJBPPcZetGBy7 b73sIEceOEaeM7fFHmFpzm9/Q+0pVgdSwBfEwSC4/MQnTDeaCMD1dsnhD3s27rcyAGrN v6VfZB2jK2dPDFhFXcTXPLvfsPpj95BkFgwIRaI++GH5LVQQYE0WWbSlcLSr+zCKB38H /nyXLNBb9jJtkaq0dZ7aM9swHYfRg8HR+aLHytkAmWvoaRIP8cpG44gJMyfe8SB/Ax/5 j1cj1px80AE64vMx0EsGM/HKPfczLwKw1r/A3SU0WKQb9DuiXgC3+as1HlexAL9MHCH5 au3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :dlp-reaction:dlp-version:dlp-product:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:to:from:arc-authentication-results; bh=snQBsJWMXZ28mOTzGEdEPA8aX+niZC5WDObW09Fo6Zc=; b=XCDYDJjjMwJGgmrSK+nsOfwRLZ27FptgCuzq2suk5UGXYW5/wYR2lrjd2Y0MmoIwoJ r7xTKXMxrsUxqa9ofJpv+W7r8KJihtow1l3FhOKOYl11i3dve8oPpZxAfZfUIsi8SJA+ UGwzoeQDiWPMvYgNHvaLMJkIHnxM0Iprs0t9b2dW4AmbCjs/PpOhoDYkHjYUjwqjR4tB 6qx77zY0kLTHs7f1sgLRXGs9Up2FOWpeyJKDpwkW5bzuKmSUFDpjgrvizuclQ6Z+zDhS 26/dJPCThzX4JGliTxKcVJnRpNFxwSbCSLEVaZC3Ld+17GHqtDOSCWqrkJPcpAmoOjhj oS5A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w25-v6si10942976pfa.359.2018.08.20.12.33.01; Mon, 20 Aug 2018 12:33:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726658AbeHTWsZ (ORCPT + 99 others); Mon, 20 Aug 2018 18:48:25 -0400 Received: from mga01.intel.com ([192.55.52.88]:63306 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726077AbeHTWsZ (ORCPT ); Mon, 20 Aug 2018 18:48:25 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Aug 2018 12:31:14 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,266,1531810800"; d="scan'208";a="84917431" Received: from orsmsx103.amr.corp.intel.com ([10.22.225.130]) by orsmga002.jf.intel.com with ESMTP; 20 Aug 2018 12:30:59 -0700 Received: from orsmsx162.amr.corp.intel.com (10.22.240.85) by ORSMSX103.amr.corp.intel.com (10.22.225.130) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 20 Aug 2018 12:30:59 -0700 Received: from orsmsx107.amr.corp.intel.com ([169.254.1.245]) by ORSMSX162.amr.corp.intel.com ([169.254.3.195]) with mapi id 14.03.0319.002; Mon, 20 Aug 2018 12:30:59 -0700 From: "Schaufler, Casey" To: Stephen Smalley , "kernel-hardening@lists.openwall.com" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" , "selinux@tycho.nsa.gov" , "Hansen, Dave" , "Dock, Deneen T" , "kristen@linux.intel.com" , "arjan@linux.intel.com" Subject: RE: [PATCH RFC v2 5/5] SELinux: Support SELinux determination of side-channel vulnerability Thread-Topic: [PATCH RFC v2 5/5] SELinux: Support SELinux determination of side-channel vulnerability Thread-Index: AQHUNnfzi3NO3xojlUaFqSZKkXNAjaTJRumA//+XoTCAAISJgP//oWPA Date: Mon, 20 Aug 2018 19:30:57 +0000 Message-ID: <99FC4B6EFCEFD44486C35F4C281DC6732143F8DB@ORSMSX107.amr.corp.intel.com> References: <20180817221624.10232-1-casey.schaufler@intel.com> <20180817221624.10232-6-casey.schaufler@intel.com> <6e70b7c7-d932-91c8-35d1-70bd6cef16a5@tycho.nsa.gov> <99FC4B6EFCEFD44486C35F4C281DC6732143F80E@ORSMSX107.amr.corp.intel.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODMwMzJjMmItZTMzNy00ZDYzLWI2NTAtMTBlMDIyNjY3Mzc0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiTjV5U1NFdlpaellWdGtTSDFveHBtemhGUk9iUTFNOUhkS09IQ01GR2pJMzMrbGRwTmRhWGtzbzVySldTVFBtbyJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.22.254.139] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBTdGVwaGVuIFNtYWxsZXkgW21h aWx0bzpzZHNAdHljaG8ubnNhLmdvdl0NCj4gU2VudDogTW9uZGF5LCBBdWd1c3QgMjAsIDIwMTgg MTA6NDQgQU0NCj4gVG86IFNjaGF1ZmxlciwgQ2FzZXkgPGNhc2V5LnNjaGF1ZmxlckBpbnRlbC5j b20+OyBrZXJuZWwtDQo+IGhhcmRlbmluZ0BsaXN0cy5vcGVud2FsbC5jb207IGxpbnV4LWtlcm5l bEB2Z2VyLmtlcm5lbC5vcmc7IGxpbnV4LXNlY3VyaXR5LQ0KPiBtb2R1bGVAdmdlci5rZXJuZWwu b3JnOyBzZWxpbnV4QHR5Y2hvLm5zYS5nb3Y7IEhhbnNlbiwgRGF2ZQ0KPiA8ZGF2ZS5oYW5zZW5A aW50ZWwuY29tPjsgRG9jaywgRGVuZWVuIFQgPGRlbmVlbi50LmRvY2tAaW50ZWwuY29tPjsNCj4g a3Jpc3RlbkBsaW51eC5pbnRlbC5jb207IGFyamFuQGxpbnV4LmludGVsLmNvbQ0KPiBTdWJqZWN0 OiBSZTogW1BBVENIIFJGQyB2MiA1LzVdIFNFTGludXg6IFN1cHBvcnQgU0VMaW51eCBkZXRlcm1p bmF0aW9uIG9mDQo+IHNpZGUtY2hhbm5lbCB2dWxuZXJhYmlsaXR5DQo+IA0KPiBPbiAwOC8yMC8y MDE4IDEyOjU5IFBNLCBTY2hhdWZsZXIsIENhc2V5IHdyb3RlOg0KPiA+PiAtLS0tLU9yaWdpbmFs IE1lc3NhZ2UtLS0tLQ0KPiA+PiBGcm9tOiBTdGVwaGVuIFNtYWxsZXkgW21haWx0bzpzZHNAdHlj aG8ubnNhLmdvdl0NCj4gPj4gU2VudDogTW9uZGF5LCBBdWd1c3QgMjAsIDIwMTggOTowMyBBTQ0K PiA+PiBUbzogU2NoYXVmbGVyLCBDYXNleSA8Y2FzZXkuc2NoYXVmbGVyQGludGVsLmNvbT47IGtl cm5lbC0NCj4gPj4gaGFyZGVuaW5nQGxpc3RzLm9wZW53YWxsLmNvbTsgbGludXgta2VybmVsQHZn ZXIua2VybmVsLm9yZzsgbGludXgtc2VjdXJpdHktDQo+ID4+IG1vZHVsZUB2Z2VyLmtlcm5lbC5v cmc7IHNlbGludXhAdHljaG8ubnNhLmdvdjsgSGFuc2VuLCBEYXZlDQo+ID4+IDxkYXZlLmhhbnNl bkBpbnRlbC5jb20+OyBEb2NrLCBEZW5lZW4gVCA8ZGVuZWVuLnQuZG9ja0BpbnRlbC5jb20+Ow0K PiA+PiBrcmlzdGVuQGxpbnV4LmludGVsLmNvbTsgYXJqYW5AbGludXguaW50ZWwuY29tDQo+ID4+ IFN1YmplY3Q6IFJlOiBbUEFUQ0ggUkZDIHYyIDUvNV0gU0VMaW51eDogU3VwcG9ydCBTRUxpbnV4 IGRldGVybWluYXRpb24gb2YNCj4gPj4gc2lkZS1jaGFubmVsIHZ1bG5lcmFiaWxpdHkNCj4gPj4N Cj4gPj4gT24gMDgvMTcvMjAxOCAwNjoxNiBQTSwgQ2FzZXkgU2NoYXVmbGVyIHdyb3RlOg0KPiA+ Pj4gU0VMaW51eCBjb25zaWRlcnMgdGFza3MgdG8gYmUgc2lkZS1jaGFubmVsIHNhZmUgaWYgdGhl eQ0KPiA+Pj4gaGF2ZSBQUk9DRVNTX1NIQVJFIGFjY2Vzcy4NCj4gPj4NCj4gPj4gTm93IHRoZSBk ZXNjcmlwdGlvbiBhbmQgdGhlIGNvZGUgbm8gbG9uZ2VyIG1hdGNoLg0KPiA+DQo+ID4gWW91J3Jl IHJpZ2h0Lg0KPiA+DQo+ID4+Pg0KPiA+Pj4gU2lnbmVkLW9mZi1ieTogQ2FzZXkgU2NoYXVmbGVy IDxjYXNleS5zY2hhdWZsZXJAaW50ZWwuY29tPg0KPiA+Pj4gLS0tDQo+ID4+PiAgICBzZWN1cml0 eS9zZWxpbnV4L2hvb2tzLmMgfCA5ICsrKysrKysrKw0KPiA+Pj4gICAgMSBmaWxlIGNoYW5nZWQs IDkgaW5zZXJ0aW9ucygrKQ0KPiA+Pj4NCj4gPj4+IGRpZmYgLS1naXQgYS9zZWN1cml0eS9zZWxp bnV4L2hvb2tzLmMgYi9zZWN1cml0eS9zZWxpbnV4L2hvb2tzLmMNCj4gPj4+IGluZGV4IGE4YmYz MjQxMzBmNS4uN2ZiZDdkN2FjMWNiIDEwMDY0NA0KPiA+Pj4gLS0tIGEvc2VjdXJpdHkvc2VsaW51 eC9ob29rcy5jDQo+ID4+PiArKysgYi9zZWN1cml0eS9zZWxpbnV4L2hvb2tzLmMNCj4gPj4+IEBA IC00MjE5LDYgKzQyMTksMTQgQEAgc3RhdGljIHZvaWQgc2VsaW51eF90YXNrX3RvX2lub2RlKHN0 cnVjdA0KPiA+PiB0YXNrX3N0cnVjdCAqcCwNCj4gPj4+ICAgIAlzcGluX3VubG9jaygmaXNlYy0+ bG9jayk7DQo+ID4+PiAgICB9DQo+ID4+Pg0KPiA+Pj4gK3N0YXRpYyBpbnQgc2VsaW51eF90YXNr X3NhZmVfc2lkZWNoYW5uZWwoc3RydWN0IHRhc2tfc3RydWN0ICpwKQ0KPiA+Pj4gK3sNCj4gPj4+ ICsJc3RydWN0IGF2X2RlY2lzaW9uIGF2ZDsNCj4gPj4+ICsNCj4gPj4+ICsJcmV0dXJuIGF2Y19o YXNfcGVybV9ub2F1ZGl0KCZzZWxpbnV4X3N0YXRlLCBjdXJyZW50X3NpZCgpLA0KPiA+PiB0YXNr X3NpZChwKSwNCj4gPj4+ICsJCQkJICAgIFNFQ0NMQVNTX0ZJTEUsIEZJTEVfX1JFQUQsIDAsICZh dmQpOw0KPiA+Pj4gK30NCj4gPj4NCj4gPj4gQW5kIG15IHF1ZXN0aW9uIGZyb20gYmVmb3JlIHN0 aWxsIHN0YW5kczogIHdoeSBkbyB3ZSBuZWVkIGEgbmV3IGhvb2sgYW5kDQo+ID4+IG5ldyBzZWN1 cml0eSBtb2R1bGUgaW5zdGVhZCBvZiBqdXN0IHVzaW5nIHB0cmFjZV9tYXlfYWNjZXNzKCk/DQo+ ID4NCj4gPiBMb2NraW5nLiBUaGUgU0VMaW51eCBjaGVjaywgZm9yIGV4YW1wbGUsIHdpbGwgbG9j ayB1cCBzb2xpZCB3aGlsZSB0cnlpbmcNCj4gPiB0byBnZW5lcmF0ZSBhbiBhdWRpdCByZWNvcmQu IFRoZXJlIGlzIG5vIGdvb2QgcmVhc29uIGFzaWRlIGZyb20gY29kaW5nDQo+ID4gY29udmVuaWVu Y2UgdG8gYXNzdW1lIHRoYXQgdGhlIHNhbWUgcmVzdHJpY3Rpb25zIHdpbGwgYXBwbHkgZm9yIHNp ZGUtY2hhbm5lbA0KPiA+IGFzIGFwcGx5IHRvIHB0cmFjZS4gSSdtIGFjdHVhbGx5IGEgdG91Y2gg c3VycHJpc2VkIHlvdSdyZSBub3Qgc3VnZ2VzdGluZyBhDQo+ID4gc2VwYXJhdGUgU0VDQ0xBU1Mg b3IgYWNjZXNzIG1vZGUgZm9yIHRoZSBTRUxpbnV4IGhvb2suDQo+IA0KPiBUaGUgUFRSQUNFX01P REVfTk9BVURJVCBmbGFnIHRvIHB0cmFjZV9tYXlfYWNjZXNzKCkgd291bGQgYWRkcmVzcyB0aGUN Cj4gbG9ja2luZyBjb25jZXJuLg0KDQpPSyAuLi4NCg0KPiBEdXBsaWNhdGluZyB0aGUgcHRyYWNl IGFjY2VzcyBjaGVja2luZyBsb2dpYyBzZWVtcw0KPiBwcm9uZSB0byBlcnJvcnMgYW5kIGluY29u c2lzdGVuY2llcy4NCg0KVGhhdCdzIHRydWUgb25seSBpZiB0aGUgcHRyYWNlIGxvZ2ljIGFuZCB0 aGUgc2FmZS1zaWRlY2hhbm5lbCBsb2dpYw0KYXJlIGlkZW50aWNhbC4gSSBkb24ndCBiZWxpZXZl IHRoYXQgaXMgYSBzYWZlIGFzc3VtcHRpb24uIEl0IHdvdWxkIHN1cmUNCmJlIGNvbnZlbmllbnQu IEJ1dCBJIHdvdWxkIGhhdGUgdG8gc2VlIGEgY2hhbmdlIG1hZGUgZm9yIGVpdGhlcg0KcHRyYWNl IG9yIHNhZmVfc2lkZWNoYW5uZWwgdGhhdCBpbnRlcmZlcmVkIHdpdGggdGhlIGNvcnJlY3QgYmVo YXZpb3INCm9mIHRoZSBvdGhlci4NCg0KPiBJIGNhbid0IGltYWdpbmUgcG9saWN5IHdyaXRlcnMN Cj4gdW5kZXJzdGFuZGluZyB3aGF0ICJzYWZlIHNpZGVjaGFubmVsIiBtZWFucywgbXVjaCBsZXNz IGRlY2lkaW5nIHdoZW4gdG8NCj4gYWxsb3cgaXQuDQoNCkkgY2FuJ3QgYXJndWUgd2l0aCB0aGF0 LiBCdXQgdGhlbiwgSSBoYXZlIGFsd2F5cyBoYWQgdHJvdWJsZSB3aXRoIHRoZQ0KU0VMaW51eCBw b2xpY3kgc2NoZW1lLg0KDQo=