Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp634120imm;
        Fri, 14 Sep 2018 04:06:47 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdZ5J0JPUCBkL6fLgsOq5tD4cW5tfahp9h4z42Gn2oj5Md9Nr9TWj7ySd4IVcNA4ckpHkHo1
X-Received: by 2002:a62:d2c4:: with SMTP id c187-v6mr12051115pfg.8.1536923207550;
        Fri, 14 Sep 2018 04:06:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1536923207; cv=none;
        d=google.com; s=arc-20160816;
        b=MsW17wT03hm1bD3fHZVlAEfUI9lQP4z+g7AOtiqrGs9U52OjMAAxhPCuCQF8bXN886
         318WODn0GhO1n/DEAFuMsaSZYci2W0l/Se9FSIzYQIbsFRAqniWAd3McHDUrK8WbAMcp
         TBdZv6kdWaysU4aHOho0bbX4uo8cnCJpQE3PPeKncTkI8iCm7+08trUr4jJFnORLIU+U
         lRZyw329fAYk/gVFYvQolbGlDcEBnrQt2kudQTRX+Y7WS/rNLT/g2yBJkFplz2VnVUuO
         WiIMctW+13r4mLk9WGIBPToFiQRZxiYjmfEEyAkUCvhFWM0ikCzusbDiYKX4oLCr/HPh
         iFoA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=q67BgQYH5cQhimVg5FhvQhYVINRrk/ovd3zzgoy6qIU=;
        b=aOXiF8oKttKQOrznwHW1uvZ6IOmII0GkDRXZxHDlJMwVfjFSm7nAs8lLkr9hQXVPqK
         tJSvL8sJY96T5OAufhsF8uQVvyJpdV7nqU+ZnnxlnhEWJcBdOVuGnF7dWNBgVw51yl5X
         0RYdp7bJ5G+8zNKr/e+FsDn7VX6J5Ng9/cWHvLk4zMS4X2DuRagpAsWp0JlS7s8sAGaQ
         +mTk2VX90KwJ4fQTHkz/XK9gxD0bv3+XJXVjEkJ3dEsbNcbAemPnHB9HUUWR/3dt5dRy
         j3ygVFrKjo8Cz9AvB+UwrM/5BMamZ4oglcm8jea8TZB7IkT0AQCTU/u7RNgrGjPwiPV2
         3JcA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d37-v6si6816370pla.40.2018.09.14.04.06.31;
        Fri, 14 Sep 2018 04:06:47 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727726AbeINQT3 (ORCPT <rfc822;parkch98@gmail.com> + 99 others);
        Fri, 14 Sep 2018 12:19:29 -0400
Received: from Galois.linutronix.de ([146.0.238.70]:47541 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726872AbeINQT3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 14 Sep 2018 12:19:29 -0400
Received: from p4fea45ac.dip0.t-ipconnect.de ([79.234.69.172] helo=nanos)
        by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
        (Exim 4.80)
        (envelope-from <tglx@linutronix.de>)
        id 1g0luR-0002ck-R2; Fri, 14 Sep 2018 13:05:11 +0200
Date:   Fri, 14 Sep 2018 13:05:10 +0200 (CEST)
From:   Thomas Gleixner <tglx@linutronix.de>
To:     Jiri Kosina <jikos@kernel.org>
cc:     "Schaufler, Casey" <casey.schaufler@intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        "Woodhouse, David" <dwmw@amazon.co.uk>,
        Andi Kleen <ak@linux.intel.com>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "x86@kernel.org" <x86@kernel.org>
Subject: RE: [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to
 avoid cross-process data leak
In-Reply-To: <nycvar.YFH.7.76.1809141259010.15880@cbobk.fhfr.pm>
Message-ID: <alpine.DEB.2.21.1809141304180.1473@nanos.tec.linutronix.de>
References: <nycvar.YFH.7.76.1809101119280.15880@cbobk.fhfr.pm> <nycvar.YFH.7.76.1809121055070.15880@cbobk.fhfr.pm> <nycvar.YFH.7.76.1809121105330.15880@cbobk.fhfr.pm> <99FC4B6EFCEFD44486C35F4C281DC6732144BFBC@ORSMSX107.amr.corp.intel.com>
 <nycvar.YFH.7.76.1809141259010.15880@cbobk.fhfr.pm>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Linutronix-Spam-Score: -1.0
X-Linutronix-Spam-Level: -
X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required,  ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 14 Sep 2018, Jiri Kosina wrote:
> On Thu, 13 Sep 2018, Schaufler, Casey wrote:
> 
> > > -	return security_ptrace_access_check(task, mode);
> > > +	if (!(mode & PTRACE_MODE_NOACCESS_CHK))
> > > +		return security_ptrace_access_check(task, mode);
> > > +	return 0;
> > 
> > Because PTRACE_MODE_IBPB includes PTRACE_MODE_NOAUDIT you
> > shouldn't need this change. 
> 
> That is true, but that's not my concern here. 
> 
> 	security_ptrace_access_check() -> call_int_hook() -> P->hook.FUNC().
> 
> If it's somehow guaranteed that all functions called this ways are fine to 
> be called from scheduler context (wrt. locks), then it's all fine and I'll 
> happily drop that check.
> 
> Is it guaranteed?

The related question is whether it is guaranteed for backports. We don't
want to end up with a separate hell there.

Thanks,

	tglx