From: Peter Zijlstra <peterz@infradead.org>
To: Christoph Hellwig <hch@infradead.org>
Cc: Sean Christopherson <sean.j.christopherson@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org,
"Kenneth R. Crudup" <kenny@panix.com>,
Jessica Yu <jeyu@kernel.org>,
Rasmus Villemoes <rasmus.villemoes@prevas.dk>,
Paolo Bonzini <pbonzini@redhat.com>,
Fenghua Yu <fenghua.yu@intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>,
Nadav Amit <nadav.amit@gmail.com>,
Thomas Hellstrom <thellstrom@vmware.com>,
Tony Luck <tony.luck@intel.com>,
Steven Rostedt <rostedt@goodmis.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jann Horn <jannh@google.com>, Kees Cook <keescook@chromium.org>,
David Laight <David.Laight@aculab.com>,
Doug Covelli <dcovelli@vmware.com>
Subject: Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX
Date: Mon, 6 Apr 2020 20:39:42 +0200 [thread overview]
Message-ID: <20200406183942.GN2452@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <20200406171058.GA5352@infradead.org>
On Mon, Apr 06, 2020 at 10:10:58AM -0700, Christoph Hellwig wrote:
> On Mon, Apr 06, 2020 at 06:01:57PM +0200, Peter Zijlstra wrote:
> > Please feel free to use my pgprot_nx() and apply liberally on any
> > exported function.
> >
> > But crucially, I don't think any of the still exported functions allows
> > getting memory in the text range, and if you want to run code outside of
> > the text range, things become _much_ harder. That said, modules
> > shouldn't be able to create executable code, full-stop (IMO).
>
> This is what i've got for now:
>
> http://git.infradead.org/users/hch/misc.git/shortlog/refs/heads/sanitize-vmalloc-api
Looks excellent:
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
next prev parent reply other threads:[~2020-04-06 18:40 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-03 16:30 [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX Sean Christopherson
2020-04-03 16:42 ` Peter Zijlstra
2020-04-03 17:20 ` Sean Christopherson
2020-04-06 12:50 ` Christoph Hellwig
2020-04-06 14:04 ` Peter Zijlstra
2020-04-06 14:34 ` Peter Zijlstra
2020-04-06 15:24 ` Christoph Hellwig
2020-04-06 15:39 ` Christoph Hellwig
2020-04-06 16:01 ` Peter Zijlstra
2020-04-06 17:10 ` Christoph Hellwig
2020-04-06 18:39 ` Peter Zijlstra [this message]
2020-04-06 22:54 ` Andy Lutomirski
2020-04-08 9:12 ` Peter Zijlstra
2020-04-08 11:02 ` Christoph Hellwig
2020-04-06 21:37 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200406183942.GN2452@worktop.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=David.Laight@aculab.com \
--cc=bp@alien8.de \
--cc=dcovelli@vmware.com \
--cc=fenghua.yu@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=jeyu@kernel.org \
--cc=keescook@chromium.org \
--cc=kenny@panix.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nadav.amit@gmail.com \
--cc=pbonzini@redhat.com \
--cc=rasmus.villemoes@prevas.dk \
--cc=rostedt@goodmis.org \
--cc=sean.j.christopherson@intel.com \
--cc=tglx@linutronix.de \
--cc=thellstrom@vmware.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.