Re: [PATCH v6 5/5] sidechannel: Linux Security Module for sidechannel

From: Randy Dunlap <hidden>
Date: 2018-11-05 19:52:57
Also in: lkml

Hi:

On 11/5/18 11:05 AM, Casey Schaufler wrote:

quoted hunk ↗ jump to hunk

diff --git a/security/sidechannel/Kconfig b/security/sidechannel/Kconfig
new file mode 100644
index 000000000000..653033027415
--- /dev/null
+++ b/security/sidechannel/Kconfig

@@ -0,0 +1,13 @@
+config SECURITY_SIDECHANNEL
+	bool "Sidechannel attack safety extra checks"
+	depends on SECURITY
+	default n

Please drop the "default n" since it is already the default value.

+	help
+	  Look for a variety of cases where a side-channel attack
+	  could potentially be exploited. Instruct the switching
+	  code to use the indirect_branch_prediction_barrier in
+	  cases where the passed task and the current task may be
+	  at risk.
+
+          If you are unsure how to answer this question, answer N.

Use tab + 2 spaces to indent the line above.

thanx.
-- 
~Randy

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help