Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp431081imm; Sat, 22 Sep 2018 03:21:42 -0700 (PDT) X-Google-Smtp-Source: ACcGV62oEicp5IcQ7gRH9Dr5BeET+Nu5cZLGpAQoGXHzeMPvs4UA8wAhBo5oU7oArOcc3IAZ+5ub X-Received: by 2002:a17:902:da4:: with SMTP id 33-v6mr2019990plv.193.1537611702236; Sat, 22 Sep 2018 03:21:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537611702; cv=none; d=google.com; s=arc-20160816; b=EY9ZiviT+0zFUiRsLtAdyKhL1WDRul6eLZQ251u55Hzd32jBwWMb06weuVQ57PyhUP tWL63C9D6lrfAM4B5M607TQzKEbVqnm/A+hRwk5JudJKlEBVXOJrUTplGUCSssX7an/7 ezt8+ciO0zkxcq5klawtpZEKf2P1gXik9YrBB+9lnumCfecXR+MgScT2tHnD9DlVMYHV i24bJ7CaP/kBdmw++neBt64GdknjNRu8O28/WFPQ20JPJqJY/lk3wK/hOX6h9agtE6Tk pxqnDeG3+A34q+cHEiS+qT7wdTG7EDhtuLh5YFZY+zeDcEXD0u3M6JGVNPVe6FdCGMmV QkVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=ntlSzyJXbWsFYvqWAhMY8qoTjWi5BhJqrpku8oj3gII=; b=MCgDi2iFoNR6SXq6eukbyLpjyI+kiX4uD1fISMqkmPB7OOmjeYpvkYYlKQyzz7QE0g fHSp+Ng8GXNGcfXb1wRqimhIC39U3faduLjBw+aA0mtkZnDA0nhg8x4o6KSa9c7OvisD D8er4D9feQRwO3pJt72/nWSbHqGHEXOVhRboNT7sfkNfZ9+gfJnih/BlDq7a3U1uSClV 0IdGTiBMEB6JwXu9aBviAjYrUfWel8qtGNSSm/8lojv/jRQJ3vWBGSeB7zMhRBlalIky +NOHCIaFg7sSSbnpBbjfPcguXpXAi76jaHlW/WehtggUsMLMGEgEcnoHgswffPjXnQaI HZ6Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t29-v6si2365030pgn.442.2018.09.22.03.21.26; Sat, 22 Sep 2018 03:21:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727337AbeIVQOH (ORCPT + 99 others); Sat, 22 Sep 2018 12:14:07 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:41441 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726039AbeIVQOG (ORCPT ); Sat, 22 Sep 2018 12:14:06 -0400 Received: from tmo-109-175.customers.d1-online.com ([80.187.109.175] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1g3f1t-0007Qm-K5; Sat, 22 Sep 2018 12:20:49 +0200 Date: Sat, 22 Sep 2018 12:20:48 +0200 (CEST) From: Thomas Gleixner To: Peter Zijlstra cc: Jiri Kosina , "Schaufler, Casey" , Ingo Molnar , Josh Poimboeuf , Andrea Arcangeli , "Woodhouse, David" , Andi Kleen , Tim Chen , "linux-kernel@vger.kernel.org" , "x86@kernel.org" Subject: Re: [PATCH v6 0/3] Harden spectrev2 userspace-userspace protection In-Reply-To: <20180922101844.GF24124@hirez.programming.kicks-ass.net> Message-ID: References: <99FC4B6EFCEFD44486C35F4C281DC6732144EA58@ORSMSX107.amr.corp.intel.com> <20180919154828.GJ24124@hirez.programming.kicks-ass.net> <20180922101844.GF24124@hirez.programming.kicks-ass.net> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 22 Sep 2018, Peter Zijlstra wrote: > On Sat, Sep 22, 2018 at 11:53:14AM +0200, Thomas Gleixner wrote: > > +bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode) > > +{ > > + struct mm_struct *mm; > > + int res; > > + > > + res = __ptrace_may_access_basic(task, mode); > > + if (res <= 0) > > + return !res; > > + > > + rcu_read_lock(); > > + res = __ptrace_may_access_cred(__task_cred(task), mode); > > rcu_read_unlock(); > > + if (res) > > + return false; > > + > > + mm = task->mm; > > + if (mm && get_dumpable(mm) != SUID_DUMP_USER) > > + return false; > > + return true; > > +} > > + > > +/* Returns 0 on success, -errno on denial. */ > > +static int __ptrace_may_access(struct task_struct *task, unsigned int mode) > > +{ > > + const struct cred *tcred; > > + struct mm_struct *mm; > > + int res; > > + > > + res = __ptrace_may_access_basic(task, mode); > > + if (res <= 0) > > + return res; > > + > > + rcu_read_lock(); > > + tcred = __task_cred(task); > > + res = __ptrace_may_access_cred(tcred, mode); > > + if (res > 0) > > + res = ptrace_has_cap(tcred->user_ns, mode) ? 0 : -EPERM; > > rcu_read_unlock(); > > + if (res < 0) > > + return res; > > + > > mm = task->mm; > > + if (mm && (get_dumpable(mm) != SUID_DUMP_USER && > > + !ptrace_has_cap(mm->user_ns, mode))) > > + return -EPERM; > > > > return security_ptrace_access_check(task, mode); > > } > > This has some unfortunate duplication. > > Lets go with it for now, but I'll see if I can do something about that > later. Yes, I know. I tried to make the duplication smaller, but all attempts ended up being a convoluted mess. I'll try again after applying more coffee. Thanks, tglx