Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX

From: Christoph Hellwig
Date: Mon Apr 06 2020 - 13:11:11 EST

Next message: Linus Torvalds: "Re: [PATCH] mm: Add kvfree_sensitive() for freeing sensitive data objects"
Previous message: Wainer dos Santos Moschetta: "Re: [PATCH v2 2/2] selftests: kvm: Add mem_slot_test test"
In reply to: Peter Zijlstra: "Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX"
Next in thread: Peter Zijlstra: "Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 06, 2020 at 06:01:57PM +0200, Peter Zijlstra wrote:
> Please feel free to use my pgprot_nx() and apply liberally on any
> exported function.
>
> But crucially, I don't think any of the still exported functions allows
> getting memory in the text range, and if you want to run code outside of
> the text range, things become _much_ harder. That said, modules
> shouldn't be able to create executable code, full-stop (IMO).

This is what i've got for now:

http://git.infradead.org/users/hch/misc.git/shortlog/refs/heads/sanitize-vmalloc-api

Next message: Linus Torvalds: "Re: [PATCH] mm: Add kvfree_sensitive() for freeing sensitive data objects"
Previous message: Wainer dos Santos Moschetta: "Re: [PATCH v2 2/2] selftests: kvm: Add mem_slot_test test"
In reply to: Peter Zijlstra: "Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX"
Next in thread: Peter Zijlstra: "Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]