Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp681201ybb; Fri, 3 Apr 2020 09:51:57 -0700 (PDT) X-Google-Smtp-Source: APiQypJdfrCyqOxy3rqb6jdDEiNpadRm1CwkyaDbxfCU6zZlvHYE3IrGuqTskUeJaH6wsIc5Wv3L X-Received: by 2002:a9d:19c8:: with SMTP id k66mr7404031otk.186.1585932717523; Fri, 03 Apr 2020 09:51:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585932717; cv=none; d=google.com; s=arc-20160816; b=Oq9kf4J32vlmlKNJeI3ezQwMQNQ4AL7z3zCz8We+TPy1DGcw4r0cscyRztzeUsGole ScFYkDv27oTLtOQUtSqPI7phgvPIlf98YtkX0wrQa6v8s78DIOdqnly1BLIXRizUo2J6 DPBwca/LaeCk3PmdNBwTknjIPetrMVwjGB3fuLqvyr2CeLvLtS2Mrb4oXpKM1aKHzH2m sb42RsL5X7VEH8yfTY6RtV6utr0hOrljJj7nMFU7wpJ/dUaiWeY+HZo4vfGyK90uWh0i xgvpZdCUDDTAb4hhMHkH6Js/8epQFd43a0Aa68Ye5sV0rORS2r6W8KXjXVGaAL3g/7Eq XRJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from; bh=k5dXziKKiyMMpuVMr/+GCTj8MUCL+y4ruFedN3Sdwuw=; b=xswfCt5diZ4m2Qhlsa6YI60Saa4LkMk6Fo3DYy5Mfdi969z3zQJhjyIu4yMyZbk5ir gv4IADrvF595lnyKbuKz8pGRXOydYWmaV82E3U0mgVSKHet3AXYVUZ5MEAsuARm8HoJ2 IbAUEUc9zO8WJ3GRmxtncJGfyeIR8ixaGTiN78s5ek+8EP0kO6guaZDEND7o6OAinc6f Um3ocMAYtweK+W0AH9qy19eBMkt/IgIhOV2eg+ibLfSE3Ct4xZTnR+0qA5H8UwObVUDh ah5H5lWHs7zdRkjIH+IUCXhKb4+Q/wlCnIVCQKLZOPNTijW6FI5Q7Faom/Zc/s7UT2Un ralg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g203si3895276oif.38.2020.04.03.09.51.45; Fri, 03 Apr 2020 09:51:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404306AbgDCQQn convert rfc822-to-8bit (ORCPT + 99 others); Fri, 3 Apr 2020 12:16:43 -0400 Received: from eu-smtp-delivery-151.mimecast.com ([207.82.80.151]:37247 "EHLO eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404035AbgDCQQl (ORCPT ); Fri, 3 Apr 2020 12:16:41 -0400 Received: from AcuMS.aculab.com (156.67.243.126 [156.67.243.126]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-6-twe0tjGPOHmUDCCDvyBmWw-1; Fri, 03 Apr 2020 17:16:39 +0100 X-MC-Unique: twe0tjGPOHmUDCCDvyBmWw-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) by AcuMS.aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 3 Apr 2020 17:16:38 +0100 Received: from AcuMS.Aculab.com ([fe80::43c:695e:880f:8750]) by AcuMS.aculab.com ([fe80::43c:695e:880f:8750%12]) with mapi id 15.00.1347.000; Fri, 3 Apr 2020 17:16:38 +0100 From: David Laight To: 'Peter Zijlstra' , Sean Christopherson CC: Jessica Yu , Rasmus Villemoes , Thomas Gleixner , LKML , "x86@kernel.org" , "Kenneth R. Crudup" , Paolo Bonzini , Fenghua Yu , Xiaoyao Li , Nadav Amit , Thomas Hellstrom , Tony Luck , Steven Rostedt , "Greg Kroah-Hartman" , "jannh@google.com" , "keescook@chromium.org" Subject: RE: [patch 1/2] x86,module: Detect VMX modules and disable Split-Lock-Detect Thread-Topic: [patch 1/2] x86,module: Detect VMX modules and disable Split-Lock-Detect Thread-Index: AQHWCdKtcG9rEqgOYkCfAyvrdM/+1ahnkoQA Date: Fri, 3 Apr 2020 16:16:38 +0000 Message-ID: <7b83b632e41c48698ab892b07673f42d@AcuMS.aculab.com> References: <20200402123258.895628824@linutronix.de> <20200402124205.242674296@linutronix.de> <20200403143459.GA30424@linux-8ccs> <20200403152158.GR20730@hirez.programming.kicks-ass.net> <20200403160156.GA2701@linux.intel.com> <20200403161205.GT20730@hirez.programming.kicks-ass.net> In-Reply-To: <20200403161205.GT20730@hirez.programming.kicks-ass.net> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Peter Zijlstra > Sent: 03 April 2020 17:12 > On Fri, Apr 03, 2020 at 09:01:56AM -0700, Sean Christopherson wrote: > > On Fri, Apr 03, 2020 at 05:21:58PM +0200, Peter Zijlstra wrote: > > > On Fri, Apr 03, 2020 at 04:35:00PM +0200, Jessica Yu wrote: > > > > > I wonder if it would make sense then to limit the text scans to just > > > > out-of-tree modules (i.e., missing the intree modinfo flag)? > > > > > > It would; didn't know there was one. > > > > Rather than scanning modules at all, what about hooking native_write_cr4() > > to kill SLD if CR4.VMXE is toggled on and the caller didn't increment a > > "sld safe" counter? > > And then you're hoping that the module uses that and not: > > asm volatile ("mov %0, cr4" :: "r" (val)); > > I think I feel safer with the scanning to be fair. Also with the intree > hint on, we can extend the scanning for out-of-tree modules for more > dodgy crap we really don't want modules to do, like for example the > above. Could you do the scanning in the last phase of the module build that has to be done against the target kernel headers and with the target kernel build infrastructure? David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)