Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX

From: Peter Zijlstra
Date: Wed Apr 08 2020 - 05:12:41 EST

Next message: Peter Zijlstra: "Re: [PATCH 4/4] x86,module: Detect CRn and DRn manipulation"
Previous message: Paolo Bonzini: "Re: [PATCH 2/2] KVM: s390: Return last valid slot if approx index is out-of-bounds"
Next in thread: Christoph Hellwig: "Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 06, 2020 at 10:10:58AM -0700, Christoph Hellwig wrote:
> On Mon, Apr 06, 2020 at 06:01:57PM +0200, Peter Zijlstra wrote:
> > Please feel free to use my pgprot_nx() and apply liberally on any
> > exported function.
> >
> > But crucially, I don't think any of the still exported functions allows
> > getting memory in the text range, and if you want to run code outside of
> > the text range, things become _much_ harder. That said, modules
> > shouldn't be able to create executable code, full-stop (IMO).
>
> This is what i've got for now:
>
> http://git.infradead.org/users/hch/misc.git/shortlog/refs/heads/sanitize-vmalloc-api

Should we not also apply pgprot_nx() to __vmalloc(), that's also
EXPORT_SYMBOL().

Next message: Peter Zijlstra: "Re: [PATCH 4/4] x86,module: Detect CRn and DRn manipulation"
Previous message: Paolo Bonzini: "Re: [PATCH 2/2] KVM: s390: Return last valid slot if approx index is out-of-bounds"
Next in thread: Christoph Hellwig: "Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]