Re: Removing per-task TSD? (Re: Tightening up rdpmc permissions?)

2014-10-11 Thread Andy Lutomirski
On Fri, Oct 3, 2014 at 1:06 PM, Peter Zijlstra wrote: > On Fri, Oct 03, 2014 at 09:41:30AM -0700, Andy Lutomirski wrote: >> So this is a mess. I think that any reasonable implementation of >> rdpmc permissions should be per mm, since we perf_event maps are, of >> course, per mm. >> >> Similarly,

Re: Tightening up rdpmc permissions?

2014-10-08 Thread Andy Lutomirski
On Mon, Sep 29, 2014 at 11:42 AM, Andy Lutomirski wrote: > On Sep 29, 2014 10:36 AM, wrote: >> >> On Mon, 29 Sep 2014 09:39:16 -0700, Andy Lutomirski said: >> >> > Would it make sense to restrict rdpmc to tasks that are in mms that >> > have a perf_event mapping? After all, unless I misunderstan

Re: Removing per-task TSD? (Re: Tightening up rdpmc permissions?)

2014-10-03 Thread Peter Zijlstra
On Fri, Oct 03, 2014 at 09:41:30AM -0700, Andy Lutomirski wrote: > So this is a mess. I think that any reasonable implementation of > rdpmc permissions should be per mm, since we perf_event maps are, of > course, per mm. > > Similarly, any reasonable implementation of rdtsc permissions should > b

Removing per-task TSD? (Re: Tightening up rdpmc permissions?)

2014-10-03 Thread Andy Lutomirski
On Mon, Sep 29, 2014 at 11:42 AM, Andy Lutomirski wrote: > On Sep 29, 2014 10:36 AM, wrote: >> >> On Mon, 29 Sep 2014 09:39:16 -0700, Andy Lutomirski said: >> >> > Would it make sense to restrict rdpmc to tasks that are in mms that >> > have a perf_event mapping? After all, unless I misunderstan

Re: Tightening up rdpmc permissions?

2014-09-29 Thread Andy Lutomirski
On Sep 29, 2014 10:36 AM, wrote: > > On Mon, 29 Sep 2014 09:39:16 -0700, Andy Lutomirski said: > > > Would it make sense to restrict rdpmc to tasks that are in mms that > > have a perf_event mapping? After all, unless I misunderstand > > something, user code can't reliably use rdpmc unless they'v

Re: Tightening up rdpmc permissions?

2014-09-29 Thread Valdis . Kletnieks
On Mon, 29 Sep 2014 09:39:16 -0700, Andy Lutomirski said: > Would it make sense to restrict rdpmc to tasks that are in mms that > have a perf_event mapping? After all, unless I misunderstand > something, user code can't reliably use rdpmc unless they've mapped a > perf_event object to check the r

Re: Tightening up rdpmc permissions?

2014-09-29 Thread Peter Zijlstra
On Mon, Sep 29, 2014 at 09:39:16AM -0700, Andy Lutomirski wrote: > I was surprised to notice that, by default, every task has permission > to use rdpmc. Right, we figured the paranoid would poke at /sys/bus/event_source/devices/cpu/rdpmc. > seccomp cannot work around this. I know nothing much

Tightening up rdpmc permissions?

2014-09-29 Thread Andy Lutomirski
I was surprised to notice that, by default, every task has permission to use rdpmc. seccomp cannot work around this. This leaks information, although the information leaked is of dubious and variable value to an attacker. It also renders the PR_TSC_SEGV mechanism mostly useless. Would it make s