> -----Original Message----- > From: Jiri Kosina [mailto:ji...@kernel.org] > Sent: Monday, September 10, 2018 12:36 PM > To: Schaufler, Casey <casey.schauf...@intel.com> > Cc: Thomas Gleixner <t...@linutronix.de>; Ingo Molnar <mi...@redhat.com>; > Peter Zijlstra <pet...@infradead.org>; Josh Poimboeuf > <jpoim...@redhat.com>; Andrea Arcangeli <aarca...@redhat.com>; > Woodhouse, David <d...@amazon.co.uk>; Andi Kleen <a...@linux.intel.com>; > Tim Chen <tim.c.c...@linux.intel.com>; linux-kernel@vger.kernel.org; > x...@kernel.org > Subject: RE: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid > cross-process data leak > > On Mon, 10 Sep 2018, Schaufler, Casey wrote: > > > Yes, It would require that this patch be tested against all the existing > > security modules that provide a ptrace_access_check hook. It's not like > > the security module writers don't have a bunch of locking issues to deal > > with. > > Yeah, that was indeed my concern. > > So can we agree on doing this in the 2nd envisioned step, when this is > going to be replaced by LSM as discussed [1] previously?
It you're going to call __ptrace_access_check(), which already includes an LSM hook, it makes a whole lot of sense to make that the path for doing any module specific checks. It seems wrong to disable the LSM hook there, then turn around and introduce a new one that does the check you just disabled. The patches I had proposed created a new LSM hook because there was not path to an existing hook. With your addition of __ptrace_access_check() that is no longer an issue once any locking problems are resolved. Rather than use a new hook, the existing ptrace hooks ought to work just fine, and any new checks can be added in a new module that has its own ptrace_access_check hook. > [1] > http://lkml.kernel.org/r/99FC4B6EFCEFD44486C35F4C281DC67321447094@OR > SMSX107.amr.corp.intel.com > > Thanks, > > -- > Jiri Kosina > SUSE Labs