Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2827375imm;
        Tue, 4 Sep 2018 10:37:21 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdY2MNatlkLvdYDu2NWavLGiUL1whIKMjj552aExbOhSK4Un461FFezukWRSQwy4irR9R+Og
X-Received: by 2002:a62:f610:: with SMTP id x16-v6mr35285653pfh.169.1536082640948;
        Tue, 04 Sep 2018 10:37:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1536082640; cv=none;
        d=google.com; s=arc-20160816;
        b=SR6Uspe12HsqX57Na6oJzNrXIO3Dh3E5yGFcV2zRJjdJOZE1feEe1obMNEBkdOvY5Y
         n9q0YdR4HSPnrzubmp6/9k1bghHvyk8L2EZ+q5UlvTi9BjpUGGXNrcV+ggoPsmXdOUsl
         5d0SiLftCp2PM+RR8cmYk96As4UCFHy8m5icEIX0HdEfGuITyo1ZaUx6Loasv1MmpuFu
         f2UXH5Zv4P0TCDkz0Aa3iEgzcNFhSaB+f9AldTGLjLH+ZZuWQHryEPqWQBNLc8HcYdoF
         sLBkr5q5urR8qWinypqn6ehP6Gb1vh9yoShekuBkPpHznC79OushLU49Wog3WuAkfqv5
         CiSA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date
         :arc-authentication-results;
        bh=3r5ffj8H2MOS9DarIZaewTKaLxgipOu3F2sPsaRoS7E=;
        b=PxrlUMEYCiV9tIXk4DRJTdzX07Jou+GMic5zo9fLyjwr5s33fY7I7DRaj9VltNuI+x
         wUFY8VBpDp2tQeSFTgZGihF2qrJa8RBmbPAlgq6r+HobDHl4RFc3f8fXVwnF3ActUr2O
         rGnea4Swpn/ocpCi/SvRv7f8Z0kLPGMcf1XLZF0YNZ4/E/4GxZmKkTOBBBPJHinIxIKC
         zmg2dq0NZzgMElUXw6elgEpUAWoYyScWOfsG7fylkGQWVKgsOGH6EHM6Vb7Idnq1rrq2
         OpzQQcg9wGZBPpVxo4+I+WEWJaeoqgeaUh2FJthZwNY/SG19Ns9UOFCWaUiPGjUE1Xr1
         /etA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l67-v6si22627337pfl.167.2018.09.04.10.37.04;
        Tue, 04 Sep 2018 10:37:20 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727453AbeIDWBh (ORCPT <rfc822;zzmahb@gmail.com> + 99 others);
        Tue, 4 Sep 2018 18:01:37 -0400
Received: from mx2.suse.de ([195.135.220.15]:43468 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726052AbeIDWBh (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 4 Sep 2018 18:01:37 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 5F661AFA0;
        Tue,  4 Sep 2018 17:35:30 +0000 (UTC)
Date:   Tue, 4 Sep 2018 19:35:29 +0200 (CEST)
From:   Jiri Kosina <jikos@kernel.org>
To:     Tim Chen <tim.c.chen@linux.intel.com>
cc:     Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        "Woodhouse, David" <dwmw@amazon.co.uk>,
        Oleg Nesterov <oleg@redhat.com>,
        Casey Schaufler <casey.schaufler@intel.com>,
        linux-kernel@vger.kernel.org, x86@kernel.org
Subject: Re: [PATCH v3 1/3] ptrace: Provide ___ptrace_may_access() that can
 be applied on arbitrary tasks
In-Reply-To: <31436186-88da-324e-88a0-8fdca7bf60ac@linux.intel.com>
Message-ID: <nycvar.YFH.7.76.1809041932590.15880@cbobk.fhfr.pm>
References: <nycvar.YFH.7.76.1808312242130.25787@cbobk.fhfr.pm> <nycvar.YFH.7.76.1809041619510.15880@cbobk.fhfr.pm> <alpine.LRH.2.00.1809041639340.14475@gjva.wvxbf.pm> <31436186-88da-324e-88a0-8fdca7bf60ac@linux.intel.com>
User-Agent: Alpine 2.21 (LSU 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 4 Sep 2018, Tim Chen wrote:

> > Current ptrace_may_access() implementation assumes that the 'source' task is
> > always the caller (current).
> > 
> > Expose ___ptrace_may_access() that can be used to apply the check on arbitrary
> > tasks.
> 
> Casey recently has proposed putting the decision making of whether to
> do IBPB in the security module.
> 
> https://lwn.net/ml/kernel-hardening/20180815235355.14908-4-casey.schaufler@intel.com/
> 
> That will have the advantage of giving the administrator a more flexibility
> of when to turn on IBPB.  The policy is very similar to what you have proposed here
> but I think the security module is a more appropriate place for the security policy.

Yeah, well, honestly, I have a bit hard time buying the "generic 
sidechannel prevention security module" idea, given how completely 
different in nature all the mitigations have been so far. I don't see that 
trying to abstract this somehow provides more clarity.

So if this should be done in LSM, it'd probably have to be written by 
someone else than me :) who actually understands how the "sidechannel LSM" 
idea works.

Thanks,

-- 
Jiri Kosina
SUSE Labs