Re: [PATCH 3/4] x86,module: Detect VMX vs SLD conflicts
From: Paolo Bonzini
Date: Tue Apr 07 2020 - 10:45:05 EST
On 07/04/20 16:35, Greg KH wrote:
> On Tue, Apr 07, 2020 at 01:02:39PM +0200, Peter Zijlstra wrote:
>> It turns out that with Split-Lock-Detect enabled (default) any VMX
>> hypervisor needs at least a little modification in order to not blindly
>> inject the #AC into the guest without the guest being ready for it.
>>
>> Since there is no telling which module implements a hypervisor, scan
>> all out-of-tree modules' text and look for VMX instructions and refuse
>> to load it when SLD is enabled (default) and the module isn't marked
>> 'sld_safe'.
>>
>> Hypervisors, which have been modified and are known to work correctly,
>> can add:
>>
>> MODULE_INFO(sld_safe, "Y");
>>
>> to explicitly tell the module loader they're good.
>
> What's to keep any out-of-tree module from adding this same module info
> "flag" and just lie about it? Isn't that what you are trying to catch
> here, or is it a case of, "if you lie, your code will break" as well?
It's the latter. Basically it's doing _the users_ of out-of-tree
modules a favor by avoiding crashes of their virtual machines;
developers need to fix them anyway.
Paolo