Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp1623787ima;
        Sun, 21 Oct 2018 16:38:22 -0700 (PDT)
X-Google-Smtp-Source: ACcGV62QjVB8uUM2jApY5iGIGWFcwOvq4I7CLUcDpHeIOWNC74qQIsO2lyY2N2/KpRd3fBVEiat0
X-Received: by 2002:a63:46:: with SMTP id 67-v6mr9609854pga.92.1540165102315;
        Sun, 21 Oct 2018 16:38:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540165102; cv=none;
        d=google.com; s=arc-20160816;
        b=G91sulgiY0E+pYlfK+wkpZ4fgNawn+rBCGhAb7aNJqgpcJplPYxf7ocsyVvhaHbW0J
         55KsHH6+goAYJCwWZZG8Btop/ZBsxHX3K1hcH5kIJRZRoYKQXQ/COrXRX5wW1DDyxEEt
         +MA/Tazix0Sj4AaGsRxPZyZAF2csfQd3Pl3dSkPaMZkp9YHEh0VC/ItD4T886Bvrhfih
         2CS3YtYpFwe8M2PavR/QQ6QRPnaWNVbftwbcJPO3f/iQ8O1HXuUsbg3mdv8M5Halb/xf
         UWA8Dv1qeQPef/LMswW9BwphRy0FJInjI33Acnl0vV9XmGeieNQfsOV4TJOo5Fb/6Q03
         mfHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=vN5EvXuI8XjW4i9mRxPFdns8rYDGS3GQnx5ENioskQg=;
        b=D/zX7VsgxRlOSVGVfdoM5gUUrGmU7a4IrUXcW9+laWVbfpHxt/mbCEPpqCtJVScuf6
         zCn7LoCo9oyVb0jyBUYXO2cGTl+7C+636btI/sUOlJsf0aus0R/Mv2/MLhBa4SKPNjNQ
         OPX/LAjfLSYigi1EmRK/mUuudfYkPaA4fcwq/2TIz7oiG/MTEnReRHZA4Dqf6Oux06ON
         mEG5iN2BoVrZ5XUxoiZhra/maiQUiaGcieL7fUIIc1Wv+EOJ16T9RXQ2llMr7Po6M1mZ
         nA9T+PznQ0E3GPq0bPISfjGqkQ7P1V9dRnbpt8OKLmHkjeWWjeKsSkpOjDnisjRbYh2B
         hRdw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x21-v6si7293151plr.70.2018.10.21.16.38.07;
        Sun, 21 Oct 2018 16:38:22 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728138AbeJVHsK (ORCPT <rfc822;gklkml16@gmail.com> + 99 others);
        Mon, 22 Oct 2018 03:48:10 -0400
Received: from mx2.suse.de ([195.135.220.15]:39740 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1727278AbeJVHsK (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 22 Oct 2018 03:48:10 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 0B396AF40;
        Sun, 21 Oct 2018 23:32:06 +0000 (UTC)
Date:   Mon, 22 Oct 2018 01:32:04 +0200 (CEST)
From:   Jiri Kosina <jikos@kernel.org>
To:     Pavel Machek <pavel@ucw.cz>
cc:     Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        "Woodhouse, David" <dwmw@amazon.co.uk>,
        Andi Kleen <ak@linux.intel.com>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        "Schaufler, Casey" <casey.schaufler@intel.com>,
        linux-kernel@vger.kernel.org, x86@kernel.org
Subject: Re: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to
 avoid cross-process data leak
In-Reply-To: <20181021193827.GB26042@amd>
Message-ID: <nycvar.YFH.7.76.1810220130390.23511@cbobk.fhfr.pm>
References: <nycvar.YFH.7.76.1809101119280.15880@cbobk.fhfr.pm> <nycvar.YFH.7.76.1809101123020.15880@cbobk.fhfr.pm> <20181021193827.GB26042@amd>
User-Agent: Alpine 2.21 (LSU 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, 21 Oct 2018, Pavel Machek wrote:

> Imagine JIT running evil code (flash, javascript). JIT will prevent evil 
> code from doing ptrace() (or maybe there is syscall filter in effect or 
> something like that), but if evil code can poison branch buffers and do 
> timings, security problem stays.

JITs sort of remove the traditional unix security domain boundary between 
mutually (un)trusted code (processess and threads), that's a more general 
problem, yes.

> Do we need prctl(I_DONT_RUN_EVIL_CODE)?

That's basically the level of fine-graining Tim's followup patchset 
(that's currently being discussed) is eventually going to achieve.

Thanks,

-- 
Jiri Kosina
SUSE Labs