Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1411599pxb; Sun, 7 Mar 2021 18:12:10 -0800 (PST) X-Google-Smtp-Source: ABdhPJxNgmPVQlmU5bigPhJg8pvKbjUlGsM1OhnyEY7URIUaBOsaqXW2h2lb0hkC24RDQh0ORJrp X-Received: by 2002:a05:6402:1d39:: with SMTP id dh25mr20369393edb.282.1615169530734; Sun, 07 Mar 2021 18:12:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615169530; cv=none; d=google.com; s=arc-20160816; b=QgmsTw8O5+Au9OyqIrEpzXHORIA+oL2WCKA9Dt9O1eA424VlP9iKCOqLKyR8oO00o3 QFon2G02YpR36tRXw75QyeMGP6eQsFQgN9teGbcair4KwXdqmNVVi3SOzZEtXNbpbtWw qOfONz6yWkSu9VKpne3tgOn2zUBwHzDd6GiiD40WOgE6MhIy8FKRSHfaOg7aLM6On2Wn XPL/fAmiOBbwXLAtvsauUT1wOYLyV56exFdwxJ0hunVFlfUTkvEPgHwCcAKthpAcJSXI faPuC52cui8m9nOaIhlSCvnjJxGP3kCABvf8JYzF2r2qkdUOg4fILnTLO3QfvIEqrXHP vEOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:ironport-sdr :ironport-sdr; bh=WYl0zMU79k0fwEAvO1BhN/6sgcJ9mqQi3cjpRIK1OCs=; b=HsHwlV2Y4mB7+IDnOqLANcdqzRxw1qT9rs2NQte18QT706l9ah5ygehkrqLIH4apoS gCSc7vCRpIUnrq2iiYEZlJfaZiiYYSP6iRS394DDP8RHYRSGHVrkg9yC8DgGo5FsQKBS kilbgv+ybsrs+D+4CBrs362aV8p+8z7ALusaG1NeKBcHms+mKV3fT1sTjylwmLHcN6D4 3Ebtixb3kNHGfpgcpLq+LWphHuZrLkCK1WVorl9wuawyUI2X5MOLECwfvXYkEf+JWHLH nDxMirT7I0uaYZMaSAz5RhkRhB3YlurPcmdm2rW7L0NMAgUwsdtG6+FowY5n4dYB6hds Lsvw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z17si5783083eji.221.2021.03.07.18.11.48; Sun, 07 Mar 2021 18:12:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232384AbhCGPTk (ORCPT + 99 others); Sun, 7 Mar 2021 10:19:40 -0500 Received: from mga12.intel.com ([192.55.52.136]:15647 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232033AbhCGPTV (ORCPT ); Sun, 7 Mar 2021 10:19:21 -0500 IronPort-SDR: rcwVF1zsDWWfeydQ/onW8Q1t7k1DFqOO6V6HjdFh7is5vmZLV2snJ1iMeExH8+32o6TV9mDP9Z 8Nx8zFLfjWrA== X-IronPort-AV: E=McAfee;i="6000,8403,9916"; a="167172190" X-IronPort-AV: E=Sophos;i="5.81,230,1610438400"; d="scan'208";a="167172190" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2021 07:19:21 -0800 IronPort-SDR: VBQ85G5YYI/WVTz2b41mxqzXqF0+ssZMx7MQbDyrg3QsWTdTEwQLosgUq9Ov6r51Cb94QFKhyQ E0ZQT8/IMYEw== X-IronPort-AV: E=Sophos;i="5.81,230,1610438400"; d="scan'208";a="409008502" Received: from tassilo.jf.intel.com ([10.54.74.11]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2021 07:19:21 -0800 Date: Sun, 7 Mar 2021 07:19:20 -0800 From: Andi Kleen To: John Wood Cc: Kees Cook , Jann Horn , Randy Dunlap , Jonathan Corbet , James Morris , Shuah Khan , "Serge E. Hallyn" , Greg Kroah-Hartman , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kselftest@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM Message-ID: <20210307151920.GR472138@tassilo.jf.intel.com> References: <20210227153013.6747-1-john.wood@gmx.com> <20210227153013.6747-8-john.wood@gmx.com> <878s78dnrm.fsf@linux.intel.com> <20210302183032.GA3049@ubuntu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210302183032.GA3049@ubuntu> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sorry for the late answer. I somehow missed your email earlier. > As a mitigation method, all the offending tasks involved in the attack are > killed. Or in other words, all the tasks that share the same statistics > (statistics showing a fast crash rate) are killed. So systemd will just restart the network daemon and then the attack works again? Or if it's a interactive login you log in again. I think it might be useful even with these limitations, but it would be good to spell out the limitations of the method more clearly. I suspect to be useful it'll likely need some user space configuration changes too. -Andi