Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4156364imm;
        Wed, 5 Sep 2018 11:36:55 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdaCaGqNrL5R2vew5I/pxCN2v4KD58tYayEbkHi7OjGRpXOB5EeLpVY/KRqC7jYCC8JIdRZ8
X-Received: by 2002:a63:221b:: with SMTP id i27-v6mr30368443pgi.212.1536172614939;
        Wed, 05 Sep 2018 11:36:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1536172614; cv=none;
        d=google.com; s=arc-20160816;
        b=XDItUnqibNUfS4h+uaXD9mcfcIkIZoKbCtzqxDzWxSXyqTqTFPSnfTApQFOEVHyzXI
         tTDNcnGdR1YtQUz4ZHoMESgEubqA0Jc94MPBhuXPqBYXRoTRsoAYqpg7xRKqK2nvLbgO
         ENSczzNXdrg3rzOGECKKBeBSxV1o17Pq+iMQHvtH5gqIhhesrsp7f1CvStMkatv4GafN
         r/z/69IVarcA1K1K5piNLX1E7nDzvjr5GtqTEB4mBTgiYN0yhXt8nV3q2YDoPIn2HBq2
         Ksk8xR8UXoJo6lzwAQxjF5uo74RJ+Zf+VJ4MTrpqSX9TIk1IGfkop/wt7DS/j+wyFbKI
         e6sQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=YhnfoMjx6rOHfxzWlZRd3AQI4xPsu+3HMwikG0Wt6gA=;
        b=D4NnQBFK6Pd52zR+3kK/PQppID//yLLUxnGRhQN48PUH1Tf6Lm2oqiblGyS59FqD54
         UXKAyWwez+8+QPCqN6jB+XciIkl3oOMOHvw2rIdK/hxbORoUQUnrKIYutiylpqshNci+
         rsnR9D02kRm6Hnk29O+uvYNn38fKSh9tY2I1wQcgcb8/yD4aBATAEyFdhG1FLOchcsZU
         wpPIv0lTLDDKrXWFlwU2xZC0PYFuL1LLbDXo3561CZXy2j2VbFr29fhWsuxJoO997n8I
         aZ9V6945WDf2vbFfppdnPqplKddkt0zZYAp6OymeQAtIK6jf5ykkgMvSTnIfHes4qHOb
         ZyhA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b8-v6si2615943ple.171.2018.09.05.11.36.35;
        Wed, 05 Sep 2018 11:36:54 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727627AbeIEXGp (ORCPT <rfc822;kerneldev.sdk@gmail.com>
        + 99 others); Wed, 5 Sep 2018 19:06:45 -0400
Received: from mx2.suse.de ([195.135.220.15]:50742 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1727195AbeIEXGp (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 5 Sep 2018 19:06:45 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 66FB8ACC8;
        Wed,  5 Sep 2018 18:35:20 +0000 (UTC)
Date:   Wed, 5 Sep 2018 20:35:19 +0200 (CEST)
From:   Jiri Kosina <jikos@kernel.org>
To:     Andi Kleen <ak@linux.intel.com>
cc:     Tim Chen <tim.c.chen@linux.intel.com>,
        "Schaufler, Casey" <casey.schaufler@intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        "Woodhouse, David" <dwmw@amazon.co.uk>,
        Oleg Nesterov <oleg@redhat.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "x86@kernel.org" <x86@kernel.org>
Subject: Re: [PATCH v3 1/3] ptrace: Provide ___ptrace_may_access() that can
 be applied on arbitrary tasks
In-Reply-To: <20180905155823.GL27886@tassilo.jf.intel.com>
Message-ID: <nycvar.YFH.7.76.1809052029160.15880@cbobk.fhfr.pm>
References: <nycvar.YFH.7.76.1808312242130.25787@cbobk.fhfr.pm> <nycvar.YFH.7.76.1809041619510.15880@cbobk.fhfr.pm> <alpine.LRH.2.00.1809041639340.14475@gjva.wvxbf.pm> <31436186-88da-324e-88a0-8fdca7bf60ac@linux.intel.com> <nycvar.YFH.7.76.1809041932590.15880@cbobk.fhfr.pm>
 <99FC4B6EFCEFD44486C35F4C281DC67321447094@ORSMSX107.amr.corp.intel.com> <nycvar.YFH.7.76.1809042046180.15880@cbobk.fhfr.pm> <3f24e8c8-eab8-66c2-9a8d-957e30cac809@linux.intel.com> <nycvar.YFH.7.76.1809050725390.15880@cbobk.fhfr.pm>
 <20180905155823.GL27886@tassilo.jf.intel.com>
User-Agent: Alpine 2.21 (LSU 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 5 Sep 2018, Andi Kleen wrote:

> Please if you repost include plenty of performance numbers for multi 
> threaded workloads.  It's ridiculous to even discuss this without them.

Talking about ridiculous ... I find it a bit sad that Intel has let this 
be unfixed for 3/4 years in linux; that doesn't really signal deep 
dedication to customer safety. Have any STIBP patches been even submitted?

This is not the same situation as IBRS which was mostly ignored -- there 
we have retpolines to protect the kernel, and it's debatable whether it's 
exploitable on SKL at all.

Ignoring IBPB and STIBP is keeping the system plain vulnerable to 
user-user attacks, and us not providing users with possibiliy to easily 
mitigate, is a bit embarassing in my eyes.

Thanks,

-- 
Jiri Kosina
SUSE Labs