Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp550349ybb; Wed, 8 Apr 2020 05:21:44 -0700 (PDT) X-Google-Smtp-Source: APiQypICWLdo/Z6tPrtb63teB2P0vNwFt9Cs5La0qHCqnmTY02r+tUqqBEEBJtrU9vrPM1zwF0AN X-Received: by 2002:aca:d68e:: with SMTP id n136mr2264373oig.103.1586348504756; Wed, 08 Apr 2020 05:21:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586348504; cv=none; d=google.com; s=arc-20160816; b=YvjH+cpZM3aALRKrzTskoSxJeQGS6gh6GgIafvCh+Rkv+Mi8n5wUzMR+YwODlR/Ad1 Kz1WRod9CdTkscibXOFiM1Eyj1VczBtoKOySkRS5WdQmY4lW+bxloZ3P2/J85MMoPI3y NYWm+Rv7WyZk4EHXP5WsxzygMTyPuiORDiOH5tKNeIXj4B0j8GzxkGOqx2Eltgl+87WH 96M6UVK5Z3XcGCzTHGXLPffN6DAYsohMRZ3XQ3X688XDj6NsWHKC2Zd1khTzAmaq9IGM toUhjftC82z+c3tdkhwpjoLaIeVqH1/jhn6F6nUICj10qGWY+urnB81cbl+mjBVpd33I CiDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=/EjcRwY9quVJgBtyp7BhDCCtCVwfFNceI7Gkp4b/GBQ=; b=e7j3qF6S2f8sBqr+zTLU7ZC249IWpMPYRqNCEgXHf8N5sUNP9A6jzmq5McSm1U9n9J F704LKdOrbAJtvtL49Ar2lVm4TiO4CWj2gUuiJ6FHpCuShV5c9I2bJ6mA4t7e5BU/plQ y7xY66A74TXUijCBHFk1XLppXoOSDlLQ8561c6afQert3KVYdJhu7CvvUzrdMjmn/jnD lFDH/VIUb7vkASR5ZhXhXUCD72fy81GyDoi9/wAgtur+jJl9AUiJGvegYGJ9oTMdDbW8 ci1H7hx3qwvFH2nr2m4/WS52YZuqW4dQQ0fGyjU5JhfOFrrFqtHD8gCCnPspOsyL6W5C SB9w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m18si1069236otp.244.2020.04.08.05.21.30; Wed, 08 Apr 2020 05:21:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728281AbgDHKvh (ORCPT + 99 others); Wed, 8 Apr 2020 06:51:37 -0400 Received: from lizzard.sbs.de ([194.138.37.39]:35027 "EHLO lizzard.sbs.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726980AbgDHKvh (ORCPT ); Wed, 8 Apr 2020 06:51:37 -0400 Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id 038AoJ0I018419 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 8 Apr 2020 12:50:19 +0200 Received: from [139.22.119.141] ([139.22.119.141]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 038AoHjp031142; Wed, 8 Apr 2020 12:50:18 +0200 Subject: Re: [PATCH 4/4] x86,module: Detect CRn and DRn manipulation To: Peter Zijlstra Cc: Steven Rostedt , tglx@linutronix.de, linux-kernel@vger.kernel.org, hch@infradead.org, sean.j.christopherson@intel.com, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, x86@kernel.org, kenny@panix.com, jeyu@kernel.org, rasmus.villemoes@prevas.dk, pbonzini@redhat.com, fenghua.yu@intel.com, xiaoyao.li@intel.com, nadav.amit@gmail.com, thellstrom@vmware.com, tony.luck@intel.com, gregkh@linuxfoundation.org, jannh@google.com, keescook@chromium.org, David.Laight@aculab.com, dcovelli@vmware.com, mhiramat@kernel.org, Wolfgang Mauerer References: <20200407110236.930134290@infradead.org> <20200407111007.429362016@infradead.org> <20200407174824.5e97a597@gandalf.local.home> <137fe245-69f3-080e-5f2b-207cd218f199@siemens.com> <20200408085138.GQ20713@hirez.programming.kicks-ass.net> <20200408091306.GN20760@hirez.programming.kicks-ass.net> From: Jan Kiszka Message-ID: <3751b1d5-113e-4a5c-da3b-fd1afbdba2ae@siemens.com> Date: Wed, 8 Apr 2020 12:50:17 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <20200408091306.GN20760@hirez.programming.kicks-ass.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 08.04.20 11:13, Peter Zijlstra wrote: > On Wed, Apr 08, 2020 at 10:51:38AM +0200, Peter Zijlstra wrote: >> On Wed, Apr 08, 2020 at 07:58:53AM +0200, Jan Kiszka wrote: >>> On 07.04.20 23:48, Steven Rostedt wrote: >> >>>> Hmm, wont this break jailhouse? >> >> Breaking it isn't a problem, it's out of tree and it should be fixable. >> >>> Yes, possibly. We load the hypervisor binary via request_firmware into >>> executable memory and then jump into it. So most of the "suspicious" code is >> >> W.T.H. does the firmware loader have the ability to give executable >> memory? We need to kill that too. /me goes find. > > AFAICT the firmware loader only provides PAGE_KERNEL_RO, so how do you > get it executable? memcpy(ioremapped_exec_region, firmware_image) We only use the loader for getting the blob, not for running it. It has to be put at a location that Linux will lose control over anyway. > > I'm thinking the patches Christoph has lined up will take care of this. > It would make sense from a certain POV... Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux