Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp681650ybb; Fri, 3 Apr 2020 09:52:28 -0700 (PDT) X-Google-Smtp-Source: APiQypJCrZ+ToCpJZHUGdKEvFFmOcR+vns6EAp6Ajegd6lTbEzdKDxgsoi6CuP14s0cynZSB+kQZ X-Received: by 2002:aca:cc41:: with SMTP id c62mr3858868oig.58.1585932748542; Fri, 03 Apr 2020 09:52:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585932748; cv=none; d=google.com; s=arc-20160816; b=oH9oQQpdSj6IG5BLntlCz1tOhWYRbX2fXEArC8BAqJuJLc34VgQgySOw9Hc+X3MqI5 7RQ9boISVbOk2QJ5PSM8ig7Y8NR/cb7qsUso+tJhyQVs1CWZot8cyYH5K9QABbDqdq5e BDnqeY1j289Qq0LDLpEQtll40/cT5JvPhiE7zmkARBR2yl8fPfNliTV3I5pTzUM0ozn9 n/d2TsnBch+e3z1wZbe4s47YeFlr7FZXOQ2nS1qqiCblnXmb2DHluJHk2jTBdT5t8MLc xoUvWK/mXLLyrQtw655DVgCg/8mrj+C021kAj2a6N3mVvpyrviOtT4c+UsjBLLC+xDsk U+kA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=mmGybkTktBeZUe6dpnkIHv0cOHP6te/QJbkZsAt0Nsw=; b=YwljB54B17Guv+CDCVd0BeJRC/WbrBlzv349NypGz0Xnwr3QFJzAX7Pz1aJZRCKgyX Fy622ezrkesN0NoOHkKorSuFAAaDoyM2UDF7+p2W4VKnxagaJN5MLj5OTjkfkikWVdky +8L29vA9EZlT1FZr27w4csr64SiXtlYJ71qSZsfkOaHRIxj6JvBdUNCtmfPctKd3knHe gKqqc2VFPsoQQNuc6X/AvRXuOKYZskBhEO/d4tuxMo9JRs1kej1y+AUUeUde8B1gZ6D4 qBGBDMoYtC8FNDK0A4ZCyFh8YlqN8Kbn6aSjg46ezah0bfHS1fqnJvZiVkS4cnwdV37s 0YXw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q15si4089336otm.212.2020.04.03.09.52.15; Fri, 03 Apr 2020 09:52:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404509AbgDCQZ4 (ORCPT + 99 others); Fri, 3 Apr 2020 12:25:56 -0400 Received: from mga18.intel.com ([134.134.136.126]:5286 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404417AbgDCQZ4 (ORCPT ); Fri, 3 Apr 2020 12:25:56 -0400 IronPort-SDR: Zn9SOuU4lVx2GPQNj6rAOdH0QQIff4D2Sx9RX5brSd4odxu8/uRs3ZlUPtKNVTmBB6LN1Uo6rI pDtTN0onWzfw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Apr 2020 09:25:55 -0700 IronPort-SDR: NJKD4tXFCPQdgi8RjmGj0ABHDBmsbihKVMaREI2i4yehHhZzEdi7VL22ptJtgHf5flw8GOEECA xdn/HKcAi9NQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,340,1580803200"; d="scan'208";a="396786260" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.202]) by orsmga004.jf.intel.com with ESMTP; 03 Apr 2020 09:25:55 -0700 Date: Fri, 3 Apr 2020 09:25:55 -0700 From: Sean Christopherson To: Peter Zijlstra Cc: Jessica Yu , Rasmus Villemoes , Thomas Gleixner , LKML , x86@kernel.org, "Kenneth R. Crudup" , Paolo Bonzini , Fenghua Yu , Xiaoyao Li , Nadav Amit , Thomas Hellstrom , Tony Luck , Steven Rostedt , Greg Kroah-Hartman , jannh@google.com, keescook@chromium.org Subject: Re: [patch 1/2] x86,module: Detect VMX modules and disable Split-Lock-Detect Message-ID: <20200403162555.GB2701@linux.intel.com> References: <20200402123258.895628824@linutronix.de> <20200402124205.242674296@linutronix.de> <20200403143459.GA30424@linux-8ccs> <20200403152158.GR20730@hirez.programming.kicks-ass.net> <20200403160156.GA2701@linux.intel.com> <20200403161205.GT20730@hirez.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200403161205.GT20730@hirez.programming.kicks-ass.net> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 03, 2020 at 06:12:05PM +0200, Peter Zijlstra wrote: > On Fri, Apr 03, 2020 at 09:01:56AM -0700, Sean Christopherson wrote: > > On Fri, Apr 03, 2020 at 05:21:58PM +0200, Peter Zijlstra wrote: > > > On Fri, Apr 03, 2020 at 04:35:00PM +0200, Jessica Yu wrote: > > > > > I wonder if it would make sense then to limit the text scans to just > > > > out-of-tree modules (i.e., missing the intree modinfo flag)? > > > > > > It would; didn't know there was one. > > > > Rather than scanning modules at all, what about hooking native_write_cr4() > > to kill SLD if CR4.VMXE is toggled on and the caller didn't increment a > > "sld safe" counter? > > And then you're hoping that the module uses that and not: > > asm volatile ("mov %0, cr4" :: "r" (val)); > > I think I feel safer with the scanning to be fair. Also with the intree > hint on, we can extend the scanning for out-of-tree modules for more > dodgy crap we really don't want modules to do, like for example the > above. Ya, that's the big uknown. But wouldn't they'd already be broken in the sense that they'd corrupt the CR4 shadow? E.g. setting VMXE without updating cpu_tlbstate.cr4 would result in future in-kernel writes to CR4 attempting to clear CR4.VMXE post-VMXON, which would #GP.