lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87tv1wjny9.fsf@nanos.tec.linutronix.de>
Date:   Mon, 06 Apr 2020 23:37:02 +0200
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Christoph Hellwig <hch@...radead.org>,
        Sean Christopherson <sean.j.christopherson@...el.com>
Cc:     Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
        linux-kernel@...r.kernel.org,
        "Kenneth R. Crudup" <kenny@...ix.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Jessica Yu <jeyu@...nel.org>,
        Rasmus Villemoes <rasmus.villemoes@...vas.dk>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Fenghua Yu <fenghua.yu@...el.com>,
        Xiaoyao Li <xiaoyao.li@...el.com>,
        Nadav Amit <nadav.amit@...il.com>,
        Thomas Hellstrom <thellstrom@...are.com>,
        Tony Luck <tony.luck@...el.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jann Horn <jannh@...gle.com>,
        Kees Cook <keescook@...omium.org>,
        David Laight <David.Laight@...lab.com>,
        Doug Covelli <dcovelli@...are.com>
Subject: Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX

Christoph Hellwig <hch@...radead.org> writes:
> On Fri, Apr 03, 2020 at 09:30:07AM -0700, Sean Christopherson wrote:
>> Hook into native CR4 writes to disable split-lock detection if CR4.VMXE
>> is toggled on by an SDL-unaware entity, e.g. an out-of-tree hypervisor
>> module.  Most/all VMX-based hypervisors blindly reflect #AC exceptions
>> into the guest, or don't intercept #AC in the first place.  With SLD
>> enabled, this results in unexpected #AC faults in the guest, leading to
>> crashes in the guest and other undesirable behavior.
>
> Out of tree modules do not matter, so we should not add code just to
> work around broken third party code.  If you really feel strongly just
> make sure something they rely on for their hacks stops being exported
> and they are properly broken.

As we agreed on elsewhere in the thread already, we are not going to
disable SLD, we just reject the module to be loaded. That's way better
than silently failing.

Aside of that I think that we should extend this kind of analysis to
other nasty patterns of out of tree modules, like directly fiddling with
CR* and other circumventions of stuff we are trying to protect.

Thanks,

        tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ