From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Nadav Amit <namit@vmware.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Jessica Yu <jeyu@kernel.org>,
Rasmus Villemoes <rasmus.villemoes@prevas.dk>,
Thomas Gleixner <tglx@linutronix.de>,
LKML <linux-kernel@vger.kernel.org>, x86 <x86@kernel.org>,
"Kenneth R. Crudup" <kenny@panix.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Fenghua Yu <fenghua.yu@intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>,
Thomas Hellstrom <thellstrom@vmware.com>,
Tony Luck <tony.luck@intel.com>,
Steven Rostedt <rostedt@goodmis.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"jannh@google.com" <jannh@google.com>,
"keescook@chromium.org" <keescook@chromium.org>
Subject: Re: [patch 1/2] x86,module: Detect VMX modules and disable Split-Lock-Detect
Date: Fri, 3 Apr 2020 10:21:29 -0700 [thread overview]
Message-ID: <20200403172129.GE2701@linux.intel.com> (raw)
In-Reply-To: <FF9F1233-1312-4B98-A476-0C20D92200E3@vmware.com>
On Fri, Apr 03, 2020 at 04:48:35PM +0000, Nadav Amit wrote:
> > On Apr 3, 2020, at 9:40 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> >
> > On Fri, Apr 03, 2020 at 09:25:55AM -0700, Sean Christopherson wrote:
> >> On Fri, Apr 03, 2020 at 06:12:05PM +0200, Peter Zijlstra wrote:
> >>> On Fri, Apr 03, 2020 at 09:01:56AM -0700, Sean Christopherson wrote:
> >>>> On Fri, Apr 03, 2020 at 05:21:58PM +0200, Peter Zijlstra wrote:
> >>>>> On Fri, Apr 03, 2020 at 04:35:00PM +0200, Jessica Yu wrote:
> >>>
> >>>>>> I wonder if it would make sense then to limit the text scans to just
> >>>>>> out-of-tree modules (i.e., missing the intree modinfo flag)?
> >>>>>
> >>>>> It would; didn't know there was one.
> >>>>
> >>>> Rather than scanning modules at all, what about hooking native_write_cr4()
> >>>> to kill SLD if CR4.VMXE is toggled on and the caller didn't increment a
> >>>> "sld safe" counter?
> >>>
> >>> And then you're hoping that the module uses that and not:
> >>>
> >>> asm volatile ("mov %0, cr4" :: "r" (val));
> >>>
> >>> I think I feel safer with the scanning to be fair. Also with the intree
> >>> hint on, we can extend the scanning for out-of-tree modules for more
> >>> dodgy crap we really don't want modules to do, like for example the
> >>> above.
> >>
> >> Ya, that's the big uknown. But wouldn't they'd already be broken in the
> >> sense that they'd corrupt the CR4 shadow? E.g. setting VMXE without
> >> updating cpu_tlbstate.cr4 would result in future in-kernel writes to CR4
> >> attempting to clear CR4.VMXE post-VMXON, which would #GP.
> >
> > Sadly the CR4 shadow is exported, so they can actually fix that up :/
>
> I do not think that Sean’s idea would work for VMware.
Well phooey.
next prev parent reply other threads:[~2020-04-03 17:21 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-02 12:32 [patch 0/2] x86: Prevent Split-Lock-Detection wreckage on VMX hypervisors Thomas Gleixner
2020-04-02 12:32 ` [patch 1/2] x86,module: Detect VMX modules and disable Split-Lock-Detect Thomas Gleixner
2020-04-02 15:23 ` [patch v2 " Peter Zijlstra
2020-04-02 16:20 ` Xiaoyao Li
2020-04-02 16:25 ` Peter Zijlstra
2020-04-02 16:39 ` Nadav Amit
2020-04-02 16:41 ` Xiaoyao Li
2020-04-02 17:34 ` Thomas Gleixner
2020-04-02 17:51 ` Sean Christopherson
2020-04-02 18:51 ` Peter Zijlstra
2020-04-02 20:23 ` Sean Christopherson
2020-04-02 21:04 ` Thomas Gleixner
2020-04-02 21:16 ` Sean Christopherson
2020-04-03 8:09 ` David Laight
2020-04-03 14:33 ` Peter Zijlstra
2020-04-02 23:42 ` [patch " Rasmus Villemoes
2020-04-03 14:35 ` Jessica Yu
2020-04-03 15:21 ` Peter Zijlstra
2020-04-03 16:01 ` Sean Christopherson
2020-04-03 16:12 ` Peter Zijlstra
2020-04-03 16:16 ` David Laight
2020-04-03 16:39 ` Peter Zijlstra
2020-04-03 16:25 ` Sean Christopherson
2020-04-03 16:40 ` Peter Zijlstra
2020-04-03 16:48 ` Nadav Amit
2020-04-03 17:21 ` Sean Christopherson [this message]
2020-04-03 18:53 ` Thomas Gleixner
2020-04-03 20:58 ` Andy Lutomirski
2020-04-03 21:49 ` Thomas Gleixner
2020-04-03 11:29 ` kbuild test robot
2020-04-03 11:29 ` [patch 1/2] x86, module: " kbuild test robot
2020-04-03 14:43 ` [patch 1/2] x86,module: " kbuild test robot
2020-04-03 14:43 ` [patch 1/2] x86, module: " kbuild test robot
2020-04-03 16:36 ` [patch 1/2] x86,module: " Sean Christopherson
2020-04-03 16:41 ` Peter Zijlstra
2020-04-03 18:35 ` Jessica Yu
2020-04-06 12:23 ` Christoph Hellwig
2020-04-06 14:40 ` Peter Zijlstra
2020-04-06 15:18 ` Christoph Hellwig
2020-04-06 15:22 ` Peter Zijlstra
2020-04-06 18:27 ` Steven Rostedt
2020-04-02 12:33 ` [patch 2/2] x86/kvm/vmx: Prevent split lock detection induced #AC wreckage Thomas Gleixner
2020-04-02 15:30 ` Sean Christopherson
2020-04-02 15:44 ` Nadav Amit
2020-04-02 16:04 ` Sean Christopherson
2020-04-02 16:56 ` Thomas Gleixner
2020-04-02 15:55 ` [PATCH 0/3] x86: KVM: VMX: Add basic split-lock #AC handling Sean Christopherson
2020-04-02 15:55 ` [PATCH 1/3] KVM: x86: Emulate split-lock access as a write in emulator Sean Christopherson
2020-04-02 15:55 ` [PATCH 2/3] x86/split_lock: Refactor and export handle_user_split_lock() for KVM Sean Christopherson
2020-04-02 17:01 ` Thomas Gleixner
2020-04-02 17:19 ` Sean Christopherson
2020-04-02 19:06 ` Thomas Gleixner
2020-04-10 4:39 ` Xiaoyao Li
2020-04-10 10:21 ` Paolo Bonzini
2020-04-02 15:55 ` [PATCH 3/3] KVM: VMX: Extend VMX's #AC interceptor to handle split lock #AC in guest Sean Christopherson
2020-04-02 17:19 ` Thomas Gleixner
2020-04-02 17:40 ` Sean Christopherson
2020-04-02 20:07 ` Thomas Gleixner
2020-04-02 20:36 ` Andy Lutomirski
2020-04-02 20:48 ` Peter Zijlstra
2020-04-02 20:51 ` Sean Christopherson
2020-04-02 22:27 ` Thomas Gleixner
2020-04-02 22:40 ` Nadav Amit
2020-04-02 23:03 ` Thomas Gleixner
2020-04-02 23:08 ` Steven Rostedt
2020-04-02 23:16 ` Kenneth R. Crudup
2020-04-02 23:18 ` Jim Mattson
2020-04-03 12:16 ` Thomas Gleixner
2020-04-10 10:23 ` [PATCH 0/3] x86: KVM: VMX: Add basic split-lock #AC handling Paolo Bonzini
2020-04-10 11:14 ` Thomas Gleixner
2020-04-02 13:43 ` [patch 0/2] x86: Prevent Split-Lock-Detection wreckage on VMX hypervisors Kenneth R. Crudup
2020-04-02 14:32 ` Peter Zijlstra
2020-04-02 14:41 ` Kenneth R. Crudup
2020-04-02 14:46 ` Peter Zijlstra
2020-04-02 14:53 ` Kenneth R. Crudup
2020-04-02 14:37 ` Thomas Gleixner
2020-04-02 14:47 ` Nadav Amit
2020-04-02 15:11 ` Peter Zijlstra
2020-04-02 14:53 [patch 1/2] x86,module: Detect VMX modules and disable Split-Lock-Detect Andy Lutomirski
2020-04-02 15:02 ` Kenneth R. Crudup
2020-04-02 16:46 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200403172129.GE2701@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=fenghua.yu@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jannh@google.com \
--cc=jeyu@kernel.org \
--cc=keescook@chromium.org \
--cc=kenny@panix.com \
--cc=linux-kernel@vger.kernel.org \
--cc=namit@vmware.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rasmus.villemoes@prevas.dk \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=thellstrom@vmware.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.