Re: [PATCH 4/4] x86,module: Detect CRn and DRn manipulation

From: Jessica Yu
Date: Wed Apr 08 2020 - 11:55:03 EST

Next message: Arnd Bergmann: "[PATCH] remoteproc: mtk_scp: use dma_addr_t for DMA API"
Previous message: Vitaly Kuznetsov: "Re: [PATCH v1] x86: hyperv: report value of misc_features"
In reply to: Nadav Amit: "Re: [PATCH 4/4] x86,module: Detect CRn and DRn manipulation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

+++ Peter Zijlstra [08/04/20 17:44 +0200]:

On Wed, Apr 08, 2020 at 09:27:26AM -0400, Steven Rostedt wrote:

On Tue, 07 Apr 2020 13:02:40 +0200
Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:

> + if (insn_is_mov_CRn(&insn) || insn_is_mov_DRn(&insn)) {
> + pr_err("Module writes to CRn or DRn, please use the proper accessors: %s\n", mod->name);
> + return -ENOEXEC;
> + }
> +

Something like this should be done for all modules, not just out of tree
modules.

I'm all for it; but people were worried scanning all modules was too
expensive (I don't really believe it is, module loading just can't be a
hot-path). Also, in-tree modules are audited a lot more than out of tree
magic voodoo crap.

The intention of the original patches was to do the text scan to catch
a handful of out-of-tree hypervisor modules - but now that
decode_module() is being generalized to more cases, I don't mind
scanning all modules.

Thanks,

Jessica

Next message: Arnd Bergmann: "[PATCH] remoteproc: mtk_scp: use dma_addr_t for DMA API"
Previous message: Vitaly Kuznetsov: "Re: [PATCH v1] x86: hyperv: report value of misc_features"
In reply to: Nadav Amit: "Re: [PATCH 4/4] x86,module: Detect CRn and DRn manipulation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]