From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <tglx@linutronix.de>
Received: from hsi-kbw-5-158-153-52.hsi19.kabel-badenwuerttemberg.de
 ([5.158.153.52] helo=nanos.tec.linutronix.de)	by Galois.linutronix.de with
 esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)	(Exim 4.80)	(envelope-from
 <tglx@linutronix.de>)	id 1fEAQj-0005EZ-8O	for speck@linutronix.de; Thu, 03
 May 2018 11:21:37 +0200
Date: Thu, 3 May 2018 11:21:36 +0200 (CEST)
From: Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH SSBv11 3/3] seccomp 0
In-Reply-To: <20180503085800.GX12217@hirez.programming.kicks-ass.net>
Message-ID: <alpine.DEB.2.21.1805031121090.1672@nanos.tec.linutronix.de>
References: <cover.1525308267.git.keescook@chromium.org> =?utf-8?q?=3C5f6464?=
 =?utf-8?q?d53346d3939a81cab15e5d5b20ad90c05d=2E1525308267=2Egit=2Ekeescoo?=
 =?utf-8?q?k=40chromium=2Eorg=3E?=
 <20180503085800.GX12217@hirez.programming.kicks-ass.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Thu, 3 May 2018, speck for Peter Zijlstra wrote:
> On Tue, May 01, 2018 at 03:07:31PM -0700, speck for Kees Cook wrote:
> > @@ -239,6 +254,9 @@ static inline void seccomp_assign_mode(struct task_struct *task,
> >  	 */
> >  	smp_mb__before_atomic();
> >  	set_tsk_thread_flag(task, TIF_SECCOMP);
> > +
> > +	/* Assume seccomp processes want speculation flaw mitigation. */
> > +	spec_mitigate(task, PR_SPEC_STORE_BYPASS);
> >  }
> 
> What about the ordering there? That function appears to explicitly set
> TIF_SECCOMP last, such that when that is observed, the complete
> environment is observed.
> 
> But now you add something after it. Does this not mean that if you set
> this on a remote task, this task can execute TIF_SECCOMP thing before it
> disables SSB.
> 
> Is that OK?

It probably should be the other way round.