Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp55412pxb; Wed, 4 Nov 2020 14:23:13 -0800 (PST) X-Google-Smtp-Source: ABdhPJyb9PYbPbClLMM6Lrw97LHPVxTKOOXTZwv8uE5T3Adkbf7ZqFf2x7duQbpw/O/8nAyMoQcI X-Received: by 2002:a05:6402:31a5:: with SMTP id dj5mr5814420edb.325.1604528592913; Wed, 04 Nov 2020 14:23:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604528592; cv=none; d=google.com; s=arc-20160816; b=nfOp8nrOAZxmzlj8eImh2hXpXAWVkUsMVokn1YW36l0URSmuERwm087SRQBP81nx8+ OpgYjmAz5tDQcJ1xzxZModWGivMqiIoGU7Z/MW/FJriZNimF6z9d4JSeTM9JJQsAuuMO sxXUbaXtxrvwnLJKQ3cW/LWzUFrRxvznLsVXNXtcbjT8e36PpW2Kb1bs/75+Q3CTjUv6 rFyLGpcceEVndIDmIfArhu7n2gL93KB9NlhIWpv5zm6ATRo7/oTychhmEePoHA+QJD/f A62lXiln/6f26Ip28Tawb+gHzFZDhHqG98JkXDeOOLYKo7C63dD9ua6JrTsmplf0u24K eLhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=4SX8JmQlcxK5oX4LLeWbxpL7OAoTDYcCU+6+RVvGYlM=; b=xfLS5K6eEYgeFiOCfJ9+yEaMhL0yNI7xGFLzrfDaH+H4exdrjhQzhWU87Qx794vVLm 6qxTsa0RsSxMHVuDogD2GPRQQ47ks1ZnfmCIrr26mcmy4mpXBFqjrTKBU7KvOjvMCjxL xpv8cMLhGY5hc45jjzHi8FdLmCfLSZ383+TZPKQ/x3kVjYcmA6bufwc3v85ls6CoPmoh ICfWosXr1TNWtxIAoO+5nXDMx7/0EMvWyX5B99XPWO6ucBdec22lmP25tVAhVcED11WS BbBgJIi3Ggw5qkB5sDmYcfi3PVuNnKWPP90BarBTcrhmFePLZUbmy0eRH5Fa1RrNP6gg 12sQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=RX2JBijV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 3si2132129ejz.513.2020.11.04.14.22.27; Wed, 04 Nov 2020 14:23:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=RX2JBijV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732039AbgKDWOL (ORCPT + 99 others); Wed, 4 Nov 2020 17:14:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33980 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732001AbgKDWOK (ORCPT ); Wed, 4 Nov 2020 17:14:10 -0500 Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 36EF4C0613D4 for ; Wed, 4 Nov 2020 14:14:10 -0800 (PST) Received: by mail-pf1-x431.google.com with SMTP id e7so18453115pfn.12 for ; Wed, 04 Nov 2020 14:14:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=4SX8JmQlcxK5oX4LLeWbxpL7OAoTDYcCU+6+RVvGYlM=; b=RX2JBijVQFv1L+Mod4nyguYVc83aMkdQnTSA4fshKUc7aV23uLUvF08QHDh0Is4Pqc Y8C7u7YARCq/nsAwL8gHMGWDjRZ/i8rf6teR9z+sDJZUgLYQtq2wJ0I48zHOVm1zkNrf ta1xYjO+dpWNT4NcIGfE2jZIbJ6ZSCtbIauIs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=4SX8JmQlcxK5oX4LLeWbxpL7OAoTDYcCU+6+RVvGYlM=; b=jyOg2mBhaEVQvtWvgp1e3hBgH8elT0KssFwz1Argx326QM7cGALRjuy3znn0p+HrFj bcG8aumAX6dVehvXDktYWpUQqtq77aCdM8Lp55QvpCnT8y07Kt/9l7xMA3Hleg01aiRa Vsqjne6PHZLPyixtxWwbawphfZGMHQVL7GZSOicgsnEkYk+Ao8uOW9qwhIXqxzCJ7c3o tM6PMYqvnaXIeGTEV+I6hQuMN9zmFIu9K76uY4kggTx1fWDMMUD/lMZknmak6T2Z0Idt B+7zOIKszmuHd4H0cYMOnTqI2GBe5LOKHOpOYRKshn2EK8FwdfNhpnR4Z2e4GgaByDpV uifg== X-Gm-Message-State: AOAM532Tgs+Q63+BVRNP8YI870l6ojfi2MP6BBpOfidm7ajp2jjYxmvn aL6kUjBHsEzE14I5URAphXEmoQ== X-Received: by 2002:a17:90b:b12:: with SMTP id bf18mr11114pjb.205.1604528049604; Wed, 04 Nov 2020 14:14:09 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id j20sm3306738pgh.15.2020.11.04.14.14.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Nov 2020 14:14:08 -0800 (PST) Date: Wed, 4 Nov 2020 14:14:07 -0800 From: Kees Cook To: Andrea Arcangeli Cc: YiFei Zhu , Linux Containers , YiFei Zhu , bpf , kernel list , Aleksa Sarai , Andy Lutomirski , David Laight , Dimitrios Skarlatos , Giuseppe Scrivano , Hubertus Franke , Jack Chen , Jann Horn , Josep Torrellas , Tianyin Xu , Tobin Feldman-Fitzthum , Tycho Andersen , Valentin Rothberg , Will Drewry , Jiri Kosina , Thomas Gleixner , Waiman Long Subject: Re: RFC: default to spec_store_bypass_disable=prctl spectre_v2_user=prctl Message-ID: <202011041411.AD961737EA@keescook> References: <20201104215702.GG24993@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201104215702.GG24993@redhat.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 04, 2020 at 04:57:02PM -0500, Andrea Arcangeli wrote: > Switch the kernel default of SSBD and STIBP to the ones with > CONFIG_SECCOMP=n (i.e. spec_store_bypass_disable=prctl > spectre_v2_user=prctl) even if CONFIG_SECCOMP=y. Agreed. I think this is the right time to flip this switch. I agree with the (very well described) rationales. :) Fundamentally, likely everyone who is interested in manipulating the mitigations are doing so now, and it doesn't make sense (on many fronts) to tie some to seccomp mode any more (which was intended as a temporary defense to gain coverage while sysadmins absorbed what the best practices should be). Thanks for sending this! Acked-by: Kees Cook -- Kees Cook