Re: [PATCH 0/4] x86/module: Out-of-tree module decode and sanitize

From: Andrew Cooper
Date: Tue Apr 07 2020 - 13:23:36 EST

Next message: Arnaldo Carvalho de Melo: "Re: [PATCH v8 00/12] Introduce CAP_PERFMON to secure system performance monitoring and observability"
Previous message: FrÃdÃric Pierret: "Re: [PATCH] gcc-common.h: 'params.h' has been dropped in GCC10"
In reply to: Kees Cook: "Re: [PATCH 1/4] module: Expose load_info to arch module loader code"
Next in thread: Peter Zijlstra: "Re: [PATCH 0/4] x86/module: Out-of-tree module decode and sanitize"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 07/04/2020 12:02, Peter Zijlstra wrote:
> Hi all,
>
> Driven by the SLD vs VMX interaction, here are some patches that provide means
> to analyze the text of out-of-tree modules.
>
> The first user of that is refusing to load modules on VMX-SLD conflicts, but it
> also has a second patch that refulses to load any module that tries to modify
> CRn/DRn.
>
> I'm thinking people will quickly come up with more and more elaborate tests to
> which to subject out-of-tree modules.

Anything playing with LGDT & friends?Â Shouldn't be substantially more
elaborate than CR/DR to check for.

~Andrew

Next message: Arnaldo Carvalho de Melo: "Re: [PATCH v8 00/12] Introduce CAP_PERFMON to secure system performance monitoring and observability"
Previous message: FrÃdÃric Pierret: "Re: [PATCH] gcc-common.h: 'params.h' has been dropped in GCC10"
In reply to: Kees Cook: "Re: [PATCH 1/4] module: Expose load_info to arch module loader code"
Next in thread: Peter Zijlstra: "Re: [PATCH 0/4] x86/module: Out-of-tree module decode and sanitize"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]