On Mon, Feb 01, 2021 at 01:11:04PM +0530, Sai Prakash Ranjan wrote:
Ok I suppose you mean CONFIG_SECURITY_LOCKDOWN_LSM? But I don't see how this new config has to depend on that? This can work independently whether complete lockdown is enforced or not since it applies to only hardware instruction tracing. Ideally this depends on several hardware tracing configs such as ETMs and others but we don't need them because we are already exposing PERF_PMU_CAP_ITRACE check in the events core.
If you don't have lockdown, root pretty much owns the kernel, or am I missing something?
be used for some speculative execution based attacks. Which other kernel level PMUs can be used to get a full branch trace that is not locked down? If there is one, then this should probably be applied to it as well.
Just the regular counters. The information isn't as accurate, but given enough goes you can infer plenty.
Just like all the SMT size-channel attacks.
Sure, PT and friends make it even easier, but I don't see a fundamental distinction.