On Mon, 24 Sep 2018, Jiri Kosina wrote:
> On Sat, 22 Sep 2018, Thomas Gleixner wrote:
>
> > Lunch and coffee indeed made brain work better. The simple solution was way
> > too obvious.
>
> Ah, cool, I like it a lot.
>
> Do you want me to fold this into v7, or are you on it already?
Please do
On Mon, 24 Sep 2018, Jiri Kosina wrote:
> On Sat, 22 Sep 2018, Thomas Gleixner wrote:
>
> > Lunch and coffee indeed made brain work better. The simple solution was way
> > too obvious.
>
> Ah, cool, I like it a lot.
>
> Do you want me to fold this into v7, or are you on it already?
Please do
On Sat, 22 Sep 2018, Thomas Gleixner wrote:
> Lunch and coffee indeed made brain work better. The simple solution was way
> too obvious.
Ah, cool, I like it a lot.
Do you want me to fold this into v7, or are you on it already?
Thanks,
--
Jiri Kosina
SUSE Labs
On Sat, 22 Sep 2018, Thomas Gleixner wrote:
> Lunch and coffee indeed made brain work better. The simple solution was way
> too obvious.
Ah, cool, I like it a lot.
Do you want me to fold this into v7, or are you on it already?
Thanks,
--
Jiri Kosina
SUSE Labs
On Sat, Sep 22, 2018 at 03:30:07PM +0200, Thomas Gleixner wrote:
> On Sat, 22 Sep 2018, Thomas Gleixner wrote:
> > On Sat, 22 Sep 2018, Peter Zijlstra wrote:
> > > This has some unfortunate duplication.
> > >
> > > Lets go with it for now, but I'll see if I can do something about that
> > >
On Sat, Sep 22, 2018 at 03:30:07PM +0200, Thomas Gleixner wrote:
> On Sat, 22 Sep 2018, Thomas Gleixner wrote:
> > On Sat, 22 Sep 2018, Peter Zijlstra wrote:
> > > This has some unfortunate duplication.
> > >
> > > Lets go with it for now, but I'll see if I can do something about that
> > >
On Sat, 22 Sep 2018, Thomas Gleixner wrote:
> On Sat, 22 Sep 2018, Peter Zijlstra wrote:
> > This has some unfortunate duplication.
> >
> > Lets go with it for now, but I'll see if I can do something about that
> > later.
>
> Yes, I know. I tried to make the duplication smaller, but all attempts
On Sat, 22 Sep 2018, Thomas Gleixner wrote:
> On Sat, 22 Sep 2018, Peter Zijlstra wrote:
> > This has some unfortunate duplication.
> >
> > Lets go with it for now, but I'll see if I can do something about that
> > later.
>
> Yes, I know. I tried to make the duplication smaller, but all attempts
On Sat, 22 Sep 2018, Peter Zijlstra wrote:
> On Sat, Sep 22, 2018 at 11:53:14AM +0200, Thomas Gleixner wrote:
> > +bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode)
> > +{
> > + struct mm_struct *mm;
> > + int res;
> > +
> > + res = __ptrace_may_access_basic(task,
On Sat, 22 Sep 2018, Peter Zijlstra wrote:
> On Sat, Sep 22, 2018 at 11:53:14AM +0200, Thomas Gleixner wrote:
> > +bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode)
> > +{
> > + struct mm_struct *mm;
> > + int res;
> > +
> > + res = __ptrace_may_access_basic(task,
On Sat, Sep 22, 2018 at 11:53:14AM +0200, Thomas Gleixner wrote:
> @@ -86,6 +88,7 @@ extern void exit_ptrace(struct task_stru
> * process_vm_writev or ptrace (and should use the real credentials).
> */
> extern bool ptrace_may_access(struct task_struct *task, unsigned int mode);
> +extern
On Sat, Sep 22, 2018 at 11:53:14AM +0200, Thomas Gleixner wrote:
> @@ -86,6 +88,7 @@ extern void exit_ptrace(struct task_stru
> * process_vm_writev or ptrace (and should use the real credentials).
> */
> extern bool ptrace_may_access(struct task_struct *task, unsigned int mode);
> +extern
On Sat, 22 Sep 2018, Jiri Kosina wrote:
> On Wed, 19 Sep 2018, Peter Zijlstra wrote:
> > As far as I can tell, this still has:
> >
> > avc_has_perm_noaudit()
> > security_compute_av()
> > read_lock(>ss->policy_rwlock);
> > avc_insert()
> > spin_lock_irqsave();
> >
On Sat, 22 Sep 2018, Jiri Kosina wrote:
> On Wed, 19 Sep 2018, Peter Zijlstra wrote:
> > As far as I can tell, this still has:
> >
> > avc_has_perm_noaudit()
> > security_compute_av()
> > read_lock(>ss->policy_rwlock);
> > avc_insert()
> > spin_lock_irqsave();
> >
On Wed, 19 Sep 2018, Peter Zijlstra wrote:
> > diff --git a/kernel/ptrace.c b/kernel/ptrace.c
> > index 5c5e7cb597cd..202a4d9c2af7 100644
> > --- a/kernel/ptrace.c
> > +++ b/kernel/ptrace.c
> > @@ -330,9 +330,7 @@ int __ptrace_may_access(struct task_struct *task,
> > unsigned int mode)
> >
On Wed, 19 Sep 2018, Peter Zijlstra wrote:
> > diff --git a/kernel/ptrace.c b/kernel/ptrace.c
> > index 5c5e7cb597cd..202a4d9c2af7 100644
> > --- a/kernel/ptrace.c
> > +++ b/kernel/ptrace.c
> > @@ -330,9 +330,7 @@ int __ptrace_may_access(struct task_struct *task,
> > unsigned int mode)
> >
On Mon, Sep 17, 2018 at 04:09:33PM +, Schaufler, Casey wrote:
> diff --git a/kernel/ptrace.c b/kernel/ptrace.c
> index 5c5e7cb597cd..202a4d9c2af7 100644
> --- a/kernel/ptrace.c
> +++ b/kernel/ptrace.c
> @@ -330,9 +330,7 @@ int __ptrace_may_access(struct task_struct *task,
> unsigned int
On Mon, Sep 17, 2018 at 04:09:33PM +, Schaufler, Casey wrote:
> diff --git a/kernel/ptrace.c b/kernel/ptrace.c
> index 5c5e7cb597cd..202a4d9c2af7 100644
> --- a/kernel/ptrace.c
> +++ b/kernel/ptrace.c
> @@ -330,9 +330,7 @@ int __ptrace_may_access(struct task_struct *task,
> unsigned int
er, Casey
>
> Cc: linux-kernel@vger.kernel.org; x...@kernel.org
> Subject: [PATCH v6 0/3] Harden spectrev2 userspace-userspace protection
>
> Currently, linux kernel is basically not preventing userspace-userspace
> spectrev2 attack, because:
>
> - IBPB is basically unus
er, Casey
>
> Cc: linux-kernel@vger.kernel.org; x...@kernel.org
> Subject: [PATCH v6 0/3] Harden spectrev2 userspace-userspace protection
>
> Currently, linux kernel is basically not preventing userspace-userspace
> spectrev2 attack, because:
>
> - IBPB is basically unus
Currently, linux kernel is basically not preventing userspace-userspace
spectrev2 attack, because:
- IBPB is basically unused (issued only for tasks that marked themselves
explicitly non-dumpable, which is absolutely negligible minority of all
software out there), therefore cross-process
Currently, linux kernel is basically not preventing userspace-userspace
spectrev2 attack, because:
- IBPB is basically unused (issued only for tasks that marked themselves
explicitly non-dumpable, which is absolutely negligible minority of all
software out there), therefore cross-process
22 matches
Mail list logo