Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1411599pxb;
        Sun, 7 Mar 2021 18:12:10 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxNgmPVQlmU5bigPhJg8pvKbjUlGsM1OhnyEY7URIUaBOsaqXW2h2lb0hkC24RDQh0ORJrp
X-Received: by 2002:a05:6402:1d39:: with SMTP id dh25mr20369393edb.282.1615169530734;
        Sun, 07 Mar 2021 18:12:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1615169530; cv=none;
        d=google.com; s=arc-20160816;
        b=QgmsTw8O5+Au9OyqIrEpzXHORIA+oL2WCKA9Dt9O1eA424VlP9iKCOqLKyR8oO00o3
         QFon2G02YpR36tRXw75QyeMGP6eQsFQgN9teGbcair4KwXdqmNVVi3SOzZEtXNbpbtWw
         qOfONz6yWkSu9VKpne3tgOn2zUBwHzDd6GiiD40WOgE6MhIy8FKRSHfaOg7aLM6On2Wn
         XPL/fAmiOBbwXLAtvsauUT1wOYLyV56exFdwxJ0hunVFlfUTkvEPgHwCcAKthpAcJSXI
         faPuC52cui8m9nOaIhlSCvnjJxGP3kCABvf8JYzF2r2qkdUOg4fILnTLO3QfvIEqrXHP
         vEOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:ironport-sdr
         :ironport-sdr;
        bh=WYl0zMU79k0fwEAvO1BhN/6sgcJ9mqQi3cjpRIK1OCs=;
        b=HsHwlV2Y4mB7+IDnOqLANcdqzRxw1qT9rs2NQte18QT706l9ah5ygehkrqLIH4apoS
         gCSc7vCRpIUnrq2iiYEZlJfaZiiYYSP6iRS394DDP8RHYRSGHVrkg9yC8DgGo5FsQKBS
         kilbgv+ybsrs+D+4CBrs362aV8p+8z7ALusaG1NeKBcHms+mKV3fT1sTjylwmLHcN6D4
         3Ebtixb3kNHGfpgcpLq+LWphHuZrLkCK1WVorl9wuawyUI2X5MOLECwfvXYkEf+JWHLH
         nDxMirT7I0uaYZMaSAz5RhkRhB3YlurPcmdm2rW7L0NMAgUwsdtG6+FowY5n4dYB6hds
         Lsvw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id z17si5783083eji.221.2021.03.07.18.11.48;
        Sun, 07 Mar 2021 18:12:10 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232384AbhCGPTk (ORCPT <rfc822;lwx169@gmail.com> + 99 others);
        Sun, 7 Mar 2021 10:19:40 -0500
Received: from mga12.intel.com ([192.55.52.136]:15647 "EHLO mga12.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S232033AbhCGPTV (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 7 Mar 2021 10:19:21 -0500
IronPort-SDR: rcwVF1zsDWWfeydQ/onW8Q1t7k1DFqOO6V6HjdFh7is5vmZLV2snJ1iMeExH8+32o6TV9mDP9Z
 8Nx8zFLfjWrA==
X-IronPort-AV: E=McAfee;i="6000,8403,9916"; a="167172190"
X-IronPort-AV: E=Sophos;i="5.81,230,1610438400"; 
   d="scan'208";a="167172190"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2021 07:19:21 -0800
IronPort-SDR: VBQ85G5YYI/WVTz2b41mxqzXqF0+ssZMx7MQbDyrg3QsWTdTEwQLosgUq9Ov6r51Cb94QFKhyQ
 E0ZQT8/IMYEw==
X-IronPort-AV: E=Sophos;i="5.81,230,1610438400"; 
   d="scan'208";a="409008502"
Received: from tassilo.jf.intel.com ([10.54.74.11])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2021 07:19:21 -0800
Date:   Sun, 7 Mar 2021 07:19:20 -0800
From:   Andi Kleen <ak@linux.intel.com>
To:     John Wood <john.wood@gmx.com>
Cc:     Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>,
        Randy Dunlap <rdunlap@infradead.org>,
        Jonathan Corbet <corbet@lwn.net>,
        James Morris <jmorris@namei.org>,
        Shuah Khan <shuah@kernel.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-kselftest@vger.kernel.org,
        kernel-hardening@lists.openwall.com
Subject: Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
Message-ID: <20210307151920.GR472138@tassilo.jf.intel.com>
References: <20210227153013.6747-1-john.wood@gmx.com>
 <20210227153013.6747-8-john.wood@gmx.com>
 <878s78dnrm.fsf@linux.intel.com>
 <20210302183032.GA3049@ubuntu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210302183032.GA3049@ubuntu>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Sorry for the late answer. I somehow missed your email earlier.

> As a mitigation method, all the offending tasks involved in the attack are
> killed. Or in other words, all the tasks that share the same statistics
> (statistics showing a fast crash rate) are killed.

So systemd will just restart the network daemon and then the attack works
again?

Or if it's a interactive login you log in again.

I think it might be useful even with these limitations, but it would
be good to spell out the limitations of the method more clearly.

I suspect to be useful it'll likely need some user space configuration
changes too.

-Andi