Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3431475imm;
        Tue, 4 Sep 2018 23:23:59 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdbExqcq5FOtX2UckSgBlhTRyV0vEPiFW38g6/sdkHPElEkKi7xxDgGrdUqvuM2dCUA8Bivv
X-Received: by 2002:a63:de4b:: with SMTP id y11-v6mr10858983pgi.435.1536128639365;
        Tue, 04 Sep 2018 23:23:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1536128639; cv=none;
        d=google.com; s=arc-20160816;
        b=yZP3FxpfNLZeCwvRhhbNLyJmI57oWgoIV9GfuX6nIXbwzdJP5wVG5IvV2kEGNpzQVK
         Wem86BLq1ZozqF2H50CG2116TO9W4uIvM2R+id9zuC9i7OSO7K3eAjjUCnTia8cChC65
         gxyGbMwuhu2q/2fQJsxb+re7Lls+1GXgl3xiCagKyZUXaCuSHfNAyxWyKpxGYDJML0E7
         3MNCHh/jrgxLonUdH8s7/ajhf+PpPaC0gW3f1WE+Mffk/vBeHgnlOFl22oL5MDHsJqn9
         QBApJTX8UUIdjRI9ur3Ysk/bfE3llDL2SPR5dazMi0ezjasnOCKRim+cPUuIPHtBEVpD
         oS+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=hn5Od42JS88R/uroXGDRj/ioEccZKFH0Aq+6h/e5Rvs=;
        b=fc4KBiuyP0mvGQMwOZtaqXXsvURHEv6WvPfEdrlYtFbZKMEMuq6QWrIeBU2gxhjgWX
         MBUx5UuUywzX6JJ2n4Dd6FwOPAZgZC1vTqQ1onF2LHaYPMd8EAJiepKdTyVprDJfIYzi
         T5hQsCtgipzQczEyOysl9y4UERAAkjhFb8dHhJ9rpS0SO2Za00ZBT304NaCm5ca5v6G+
         qiuKxAZ488+9Kx4CrihIMhurUBdYLb1Fa66B/Ls7opGkdAxd/4BxUlsTJs/i02KlT1hg
         BYrIWl1zjoUI6h8hyv96LgOezwklgtKL+FtN8XiADB69djuw65YEyzvof/Bzi9y5Ze4y
         pRsw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x12-v6si1006971pgj.175.2018.09.04.23.23.44;
        Tue, 04 Sep 2018 23:23:59 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727636AbeIEKur (ORCPT <rfc822;kerneldev.sdk@gmail.com>
        + 99 others); Wed, 5 Sep 2018 06:50:47 -0400
Received: from mx2.suse.de ([195.135.220.15]:32822 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726272AbeIEKur (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 5 Sep 2018 06:50:47 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 7AD28AF05;
        Wed,  5 Sep 2018 06:22:09 +0000 (UTC)
Date:   Wed, 5 Sep 2018 08:22:06 +0200 (CEST)
From:   Jiri Kosina <jikos@kernel.org>
To:     Tim Chen <tim.c.chen@linux.intel.com>
cc:     "Schaufler, Casey" <casey.schaufler@intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        "Woodhouse, David" <dwmw@amazon.co.uk>,
        Oleg Nesterov <oleg@redhat.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "x86@kernel.org" <x86@kernel.org>, Andi Kleen <ak@linux.intel.com>
Subject: Re: [PATCH v3 1/3] ptrace: Provide ___ptrace_may_access() that can
 be applied on arbitrary tasks
In-Reply-To: <3f24e8c8-eab8-66c2-9a8d-957e30cac809@linux.intel.com>
Message-ID: <nycvar.YFH.7.76.1809050725390.15880@cbobk.fhfr.pm>
References: <nycvar.YFH.7.76.1808312242130.25787@cbobk.fhfr.pm> <nycvar.YFH.7.76.1809041619510.15880@cbobk.fhfr.pm> <alpine.LRH.2.00.1809041639340.14475@gjva.wvxbf.pm> <31436186-88da-324e-88a0-8fdca7bf60ac@linux.intel.com> <nycvar.YFH.7.76.1809041932590.15880@cbobk.fhfr.pm>
 <99FC4B6EFCEFD44486C35F4C281DC67321447094@ORSMSX107.amr.corp.intel.com> <nycvar.YFH.7.76.1809042046180.15880@cbobk.fhfr.pm> <3f24e8c8-eab8-66c2-9a8d-957e30cac809@linux.intel.com>
User-Agent: Alpine 2.21 (LSU 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 4 Sep 2018, Tim Chen wrote:

> I think STIBP should be an opt in option as it will have significant
> impact on performance.  The attack from neighbor thread is pretty
> difficult to pull off considering you have to know what the sibling
> thread is running and its address allocation.

In many scenarios the attacker can just easily taskset itself to the 
correct sibling.

> We could also use a security module to opt in the STIBP policy.

I am a bit afraid that we are offloading to sysadmins decisions that are 
very hard for them to make, as they require deep understanding of both the 
technical details of the security issue in the CPU, and the mitigation.

I surely understand that Intel is doing what they could to minimize the 
performance effect, but achieving that by making it a rocket science to 
configure it properly doesn't feel right.

So, after giving it a bit more thought, I still believe "I want spectre V2 
protection" vs. "I do not care about spectre V2 on my system 
(=nospectre_v2)" are the sane options we should provide; so I'll respin v4 
of my patchset, including the ptrace check in switch_mm() (statically 
patched out on !IBPB-capable systems), and we can then later see whether 
the LSM implementation, once it exists, should be used instead.

Thanks,

-- 
Jiri Kosina
SUSE Labs