Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1433863ybb; Thu, 9 Apr 2020 01:59:20 -0700 (PDT) X-Google-Smtp-Source: APiQypJMnwjvNuQ1lHFaZjTK7pzZ3E57wrefr6b///w9sut4XxKMpz73r/o26pOxGcyLGUe1EHiL X-Received: by 2002:a9d:6c53:: with SMTP id g19mr3941920otq.37.1586422760124; Thu, 09 Apr 2020 01:59:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586422760; cv=none; d=google.com; s=arc-20160816; b=Y80/DFifMZySJHhNUkdtw8HdSdXsrLwOD4h+Mb2rDI0qpno8PAwtUpw7bfq9HShReK ITujbfxbzvQj9OF6I6JiiPimpe6aEB4ZZ6OjmkiVGDB7GzgVIU5Tg82mYZrzRBgjGbJ7 9pMINM7rWSKL7dypEi/1W59PeXtkBtaa5zzb4jhBRaYwieJkJjOJenSQ0AmWY5G4GJbQ CIY9Z0wmqZbMqFUH1CU2Ap/AngeLCMlusK6Ir2zuf3fwLgQqmLwh4lru9J7QiDFaPvj3 OitFhA9JH5O3rxx47bNBE6W6HM4yagsnAsuBJUcjPtu20K4UMX2zylj6q3XQfIOqZMmG LDHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=42i9OocVN2b7bspQwd+XlTYCzdfsxyPwvlEay6KrGnY=; b=f8NO1kO70ad6u6doaOcXfy2rjhHgRoeEv1jdrCeLkPe+rZ6rhI7+LHC0affGdCP7PA pYGETCpb8A/2ezh9B1OJBgY1YogcnRxYjef7oPig+4bGvG25a7uoOzS1RmjJvkgyT9pb kJNnpXsQroG0KKfhBCbI0l0FjM17IW59lzZWDVKPB/2nwyV7RcKCBZ6eVK75nyLVp4dd IgRBnSeoudbbz6X/QfX/z1ixzRRo7NCGdmAI1uroaZoKLpJ+CQHZMbZt4Yr+yDLH42Mi AJZW3AdxBmJ5qaLG2FdUGVYQyPI2rOjhdsaoS/sVqPiKCMUD98a+WJHAiOwTdCIIo9bM vIMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=h3PB2oaB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w18si3560461otp.73.2020.04.09.01.59.05; Thu, 09 Apr 2020 01:59:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=h3PB2oaB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726574AbgDII5C (ORCPT + 99 others); Thu, 9 Apr 2020 04:57:02 -0400 Received: from bombadil.infradead.org ([198.137.202.133]:52036 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725783AbgDII5B (ORCPT ); Thu, 9 Apr 2020 04:57:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=42i9OocVN2b7bspQwd+XlTYCzdfsxyPwvlEay6KrGnY=; b=h3PB2oaBq7btbwcyAGOC2n57pv fONg9SxsLXz4z+7nL+cx8+Q2qKQPYG8qRY8xZpQvoZVvvmHqjxAVyZnaPs+OjjRIpllKy/X1TW+wi 69D6fCC1OsHZC9cpSnA4agzPVJuuxnuVtFoHFZMQBOagBB51gbomAwUNtlfpyik4lJJ65kYm7sX5B bQ4cF4kVJN6kynBVw9z/yadsrT0s5syTnoQvEgEcOkp/7VuxaLhpf8ix9REcjnFejJv7r6Rv0za7v Xbg6j8veAVZwwvh7+6j0ddlMUu7zjACk1VRpsAB90QrgPp0a5OA29ns95YkbgInmEqsUxqERmrjvT 1h4tdB6Q==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jMSzD-0006pQ-EN; Thu, 09 Apr 2020 08:56:35 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 4B77A3010C8; Thu, 9 Apr 2020 10:56:32 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id 300BE2BAFC3E3; Thu, 9 Apr 2020 10:56:32 +0200 (CEST) Date: Thu, 9 Apr 2020 10:56:32 +0200 From: Peter Zijlstra To: Paolo Bonzini Cc: Christoph Hellwig , Steven Rostedt , tglx@linutronix.de, linux-kernel@vger.kernel.org, sean.j.christopherson@intel.com, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, x86@kernel.org, kenny@panix.com, jeyu@kernel.org, rasmus.villemoes@prevas.dk, fenghua.yu@intel.com, xiaoyao.li@intel.com, nadav.amit@gmail.com, thellstrom@vmware.com, tony.luck@intel.com, gregkh@linuxfoundation.org, jannh@google.com, keescook@chromium.org, David.Laight@aculab.com, dcovelli@vmware.com, mhiramat@kernel.org Subject: Re: [PATCH 4/4] x86,module: Detect CRn and DRn manipulation Message-ID: <20200409085632.GB20713@hirez.programming.kicks-ass.net> References: <20200407110236.930134290@infradead.org> <20200407111007.429362016@infradead.org> <20200408092726.7c2bda01@gandalf.local.home> <20200408154419.GP20730@hirez.programming.kicks-ass.net> <20200408154602.GA24869@infradead.org> <2b0dc69c-f7f9-985d-fc40-8b7bbd927e4f@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2b0dc69c-f7f9-985d-fc40-8b7bbd927e4f@redhat.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 08, 2020 at 06:15:48PM +0200, Paolo Bonzini wrote: > On 08/04/20 17:46, Christoph Hellwig wrote: > > Scanning all modules seems safer. While we're at it - can be move the > > kvm bits using VMX to be always in the core kernel and just forbid > > modules from using those instructions entirely? > > I suppose we could use PVOPS-style patching for the more > performance-critical cases, but VMREAD/VMWRITE does not seem like a > particularly bad thing to allow modules and VMLAUNCH/VMRESUME have very > peculiar calling conventions around them. > > However, I wouldn't mind it if VMCLEAR/VMPTRLD and the associated kdump > cleanup code were moved to core kernel code. Speaking with my virt ignorance hat on, how impossible is it to provide generic/useful VMLAUNCH/VMRESUME wrappers? Because a lot of what happens around VMEXIT/VMENTER is very much like the userspace entry crud, as per that series from Thomas that fixes all that. And surely we don't need various broken copies of that in all the out-of-tree hypervisors. Also, I suppose if you have this, we no longer need to excempt CR2.