lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <737F6739-9B8B-4C73-91D3-B873D5780F5E@amacapital.net>
Date:   Fri, 3 Apr 2020 13:58:17 -0700
From:   Andy Lutomirski <luto@...capital.net>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     Peter Zijlstra <peterz@...radead.org>,
        Jessica Yu <jeyu@...nel.org>,
        Rasmus Villemoes <rasmus.villemoes@...vas.dk>,
        LKML <linux-kernel@...r.kernel.org>, x86@...nel.org,
        "Kenneth R. Crudup" <kenny@...ix.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Fenghua Yu <fenghua.yu@...el.com>,
        Xiaoyao Li <xiaoyao.li@...el.com>,
        Nadav Amit <namit@...are.com>,
        Thomas Hellstrom <thellstrom@...are.com>,
        Sean Christopherson <sean.j.christopherson@...el.com>,
        Tony Luck <tony.luck@...el.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        jannh@...gle.com, keescook@...omium.org, vbox-dev@...tualbox.org
Subject: Re: [patch 1/2] x86,module: Detect VMX modules and disable Split-Lock-Detect


> On Apr 3, 2020, at 11:54 AM, Thomas Gleixner <tglx@...utronix.de> wrote:
> 
> Peter Zijlstra <peterz@...radead.org> writes:
>>> On Fri, Apr 03, 2020 at 04:35:00PM +0200, Jessica Yu wrote:
>>> +++ Rasmus Villemoes [03/04/20 01:42 +0200]:
>>>> On 02/04/2020 14.32, Thomas Gleixner wrote:
>>>>> From: Peter Zijlstra <peterz@...radead.org>
>>>>> 
>>>>> It turns out that with Split-Lock-Detect enabled (default) any VMX
>>>>> hypervisor needs at least a little modification in order to not blindly
>>>>> inject the #AC into the guest without the guest being ready for it.
>>>>> 
>>>>> Since there is no telling which module implements a hypervisor, scan the
>>>>> module text and look for the VMLAUNCH instruction. If found, the module is
>>>>> assumed to be a hypervisor of some sort and SLD is disabled.
>>>> 
>>>> How long does that scan take/add to module load time? Would it make
>>>> sense to exempt in-tree modules?
>>>> 
>>>> Rasmus
>>> 
>>> I second Rasmus's question. It seems rather unfortunate that we have
>>> to do this text scan for every module load on x86, when it doesn't
>>> apply to the majority of them, and only to a handful of out-of-tree
>>> hypervisor modules (assuming kvm is taken care of already).
>>> 
>>> I wonder if it would make sense then to limit the text scans to just
>>> out-of-tree modules (i.e., missing the intree modinfo flag)?
>> 
>> It would; didn't know there was one.
> 
> But that still would not make it complete.
> 
> I was staring at virtualbox today after Jann pointed out that this
> sucker does complete backwards things.
> 
>  The kernel driver does not contain any VM* instructions at all.
> 
> The actual hypervisor code is built as a separate binary and somehow
> loaded into the kernel with their own magic fixup of relocations and
> function linking. This "design" probably comes from the original
> virtualbox implementation which circumvented GPL that way.
> 
> TBH, I don't care if we wreckage virtualbox simply because that thing is
> already a complete and utter trainwreck violating taste and common sense
> in any possible way. Just for illustration:
> 
>  - It installs preempt notifiers and the first thing in the callback
>    function is to issue 'stac()'!
> 
>  - There is quite some other horrible code in there which fiddles in
>    the guts of the kernel just because it can.
> 
>  - Conditionals in release code which check stuff like
>    VBOX_WITH_TEXT_MODMEM_HACK, VBOX_WITH_EFLAGS_AC_SET_IN_VBOXDRV,
>    VBOX_WITH_NON_PROD_HACK_FOR_PERF_STACKS along with the most absurd
>    hacks ever.
> 
> If you feel the need to look yourself, please use your eyecancer
> protection gear.
> 
> Can someone at Oracle please make sure, that this monstrosity gets shred
> in pieces?
> 
> Enough vented, but that still does not solve the SLD problem in any
> sensible way.

Could we unexport set_memory_x perhaps?  And maybe try to make virtualbox break in as many ways as possible?

> 
> Thanks,
> 
>        tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ