On Mon, Feb 01, 2021 at 01:11:04PM +0530, Sai Prakash Ranjan wrote: > Ok I suppose you mean CONFIG_SECURITY_LOCKDOWN_LSM? But I don't see > how this new config has to depend on that? This can work independently > whether complete lockdown is enforced or not since it applies to only > hardware instruction tracing. Ideally this depends on several hardware > tracing configs such as ETMs and others but we don't need them because > we are already exposing PERF_PMU_CAP_ITRACE check in the events core. If you don't have lockdown, root pretty much owns the kernel, or am I missing something? > be used for some speculative execution based attacks. Which other > kernel level PMUs can be used to get a full branch trace that is not > locked down? If there is one, then this should probably be applied to > it as well. Just the regular counters. The information isn't as accurate, but given enough goes you can infer plenty. Just like all the SMT size-channel attacks. Sure, PT and friends make it even easier, but I don't see a fundamental distinction.
