Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp10150791ybi; Thu, 11 Jul 2019 00:26:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqyCMD44LPiXDjZ2HPHarMf82896XNuOzl2X3sTETJXXPJHHGmZPaeXFt0nbFNWT2v6SLsTm X-Received: by 2002:a17:90a:19d:: with SMTP id 29mr3182282pjc.71.1562829973102; Thu, 11 Jul 2019 00:26:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562829973; cv=none; d=google.com; s=arc-20160816; b=VMerfZFzTxJxi9AtO20GOYW78XAvUk9F8Rae12PT0RyrU+VTgnfkca6BLhujH8u4fM gwHwBNfY8GlnHn9DNFY/tqMJYC9b2k8XZ7IHUkemJv95TWaLpwX7kVRZw0xcaOcxUbYy gcHCY8ZogJP5zTFY9rQXrN1rQFgYK0zGxFL2mU3ANdbYNeR2yL8m5Cxn39FyXjJpLawc 4VxXYQecsKviSrk1LwvLHc6np6wRgd4BtrVUkvzaoEkGYDRM43GLxs1lPqtUumU3ZyyW rt9HAf2pFFEXL5sFkBQruZM6MPlL4UDBq+ZVZK1euVOyXnk3cvWAKHZ8C9bi/p+gNfeW i0/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=Osx9vIEBSN64glNx3x9IDuOU8szfhcaw31MeY9PrFr4=; b=MWmTrUOiO2YN2OZEp0sMA/1Rozr9MV59Ql+GEGfVnus5iC5hCi2uj6XxPUBfdRuh5X mrC3nr3UAA4i8DYgQ50pRClBuavlkcrdIIUzEIkZ8kJ8akWgtFT2YDqQL2f9+maE3/Xp slw0WMBASz9KBeWT9ir7t+um4JeXJEfT+dUHvhIhKnmWR8ch0hoDxi9O2NUvUNNB96f7 KD6sO9+CF+df/hX0Xw7rZK1NiDwRONDNdXDNB5Jh80hpVey42wk3h+5/XNW21goopNHX jahKlWwbeyzwB237xOQJlo3a1Raol7Jt9bFXzHlxYWeysQaQ2GMttngeHUWZXy0ZDBp2 UVJw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y15si4459754pjp.90.2019.07.11.00.25.56; Thu, 11 Jul 2019 00:26:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728193AbfGKHQm (ORCPT + 99 others); Thu, 11 Jul 2019 03:16:42 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:49141 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728104AbfGKHQm (ORCPT ); Thu, 11 Jul 2019 03:16:42 -0400 Received: from [5.158.153.55] (helo=nanos.guests.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hlTJh-00006C-Pb; Thu, 11 Jul 2019 09:16:33 +0200 Date: Thu, 11 Jul 2019 09:16:19 +0200 (CEST) From: Thomas Gleixner To: Nadav Amit cc: Jiri Kosina , Peter Zijlstra , Xi Ruoyao , Kees Cook , Linus Torvalds , Ingo Molnar , Linux List Kernel Mailing , Borislav Petkov , Len Brown , Andrew Morton , "Rafael J. Wysocki" , Tony Luck , Bob Moore , Erik Schmauss , Josh Poimboeuf , Daniel Bristot de Oliveira Subject: Re: [GIT PULL] x86/topology changes for v5.3 In-Reply-To: <89EBC357-BEAC-4252-915F-E183C2D350C4@vmware.com> Message-ID: References: <201907091727.91CC6C72D8@keescook> <1ad2de95e694a29909801d022fe2d556df9a4bd5.camel@mengyan1223.wang> <768463eb26a2feb0fcc374fd7f9cc28b96976917.camel@mengyan1223.wang> <20190710134433.GN3402@hirez.programming.kicks-ass.net> <89EBC357-BEAC-4252-915F-E183C2D350C4@vmware.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 11 Jul 2019, Nadav Amit wrote: > > On Jul 10, 2019, at 7:22 AM, Jiri Kosina wrote: > > > > On Wed, 10 Jul 2019, Peter Zijlstra wrote: > > > >> If we mark the key as RO after init, and then try and modify the key to > >> link module usage sites, things might go bang as described. > >> > >> Thanks! > >> > >> > >> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c > >> index 27d7864e7252..5bf7a8354da2 100644 > >> --- a/arch/x86/kernel/cpu/common.c > >> +++ b/arch/x86/kernel/cpu/common.c > >> @@ -366,7 +366,7 @@ static __always_inline void setup_umip(struct cpuinfo_x86 *c) > >> cr4_clear_bits(X86_CR4_UMIP); > >> } > >> > >> -DEFINE_STATIC_KEY_FALSE_RO(cr_pinning); > >> +DEFINE_STATIC_KEY_FALSE(cr_pinning); > > > > Good catch, I guess that is going to fix it. > > > > At the same time though, it sort of destroys the original intent of Kees' > > patch, right? The exploits will just have to call static_key_disable() > > prior to calling native_write_cr4() again, and the protection is gone. > > Even with DEFINE_STATIC_KEY_FALSE_RO(), I presume you can just call > set_memory_rw(), make the page that holds the key writable, and then call > static_key_disable(), followed by a call to native_write_cr4(). That's true, but it's not worth the trouble. Thanks, tglx