Re: [patch 1/2] x86,module: Detect VMX modules and disable Split-Lock-Detect
From: Sean Christopherson
Date: Fri Apr 03 2020 - 12:36:08 EST
On Thu, Apr 02, 2020 at 02:32:59PM +0200, Thomas Gleixner wrote:
> --- a/arch/x86/kernel/module.c
> +++ b/arch/x86/kernel/module.c
> @@ -24,6 +24,7 @@
> #include <asm/pgtable.h>
> #include <asm/setup.h>
> #include <asm/unwind.h>
> +#include <asm/cpu.h>
>
> #if 0
> #define DEBUGP(fmt, ...) \
> @@ -253,6 +254,11 @@ int module_finalize(const Elf_Ehdr *hdr,
> tseg, tseg + text->sh_size);
> }
>
> + if (text && !me->sld_safe) {
As also reported by the test bot, sld_safe only exist if CPU_SUP_INTEL=y.
This can also be conditioned on boot_cpu_has(X86_FEATURE_VMX), or the
static variant. If CPU_SUP_INTEL=y, X86_FEATURE_VMX will be set if and
only if VMX is fully enabled, i.e. supported by the CPU and enabled in
MSR_IA32_FEATURE_CONTROl.
> + void *tseg = (void *)text->sh_addr;
> + split_lock_validate_module_text(me, tseg, tseg + text->sh_size);
> + }
> +
> if (para) {
> void *pseg = (void *)para->sh_addr;
> apply_paravirt(pseg, pseg + para->sh_size);
> --- a/include/linux/module.h
> +++ b/include/linux/module.h
> @@ -407,6 +407,10 @@ struct module {
> bool sig_ok;
> #endif
>
> +#ifdef CONFIG_CPU_SUP_INTEL
> + bool sld_safe;
> +#endif
> +
> bool async_probe_requested;
>
> /* symbols that will be GPL-only in the near future. */
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -3096,6 +3096,11 @@ static int check_modinfo(struct module *
> "is unknown, you have been warned.\n", mod->name);
> }
>
> +#ifdef CONFIG_CPU_SUP_INTEL
> + if (get_modinfo(info, "sld_safe"))
> + mod->sld_safe = true;
> +#endif
> +
> err = check_modinfo_livepatch(mod, info);
> if (err)
> return err;
>