Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX

From: Thomas Gleixner
Date: Mon Apr 06 2020 - 17:37:30 EST


Christoph Hellwig <hch@xxxxxxxxxxxxx> writes:
> On Fri, Apr 03, 2020 at 09:30:07AM -0700, Sean Christopherson wrote:
>> Hook into native CR4 writes to disable split-lock detection if CR4.VMXE
>> is toggled on by an SDL-unaware entity, e.g. an out-of-tree hypervisor
>> module. Most/all VMX-based hypervisors blindly reflect #AC exceptions
>> into the guest, or don't intercept #AC in the first place. With SLD
>> enabled, this results in unexpected #AC faults in the guest, leading to
>> crashes in the guest and other undesirable behavior.
>
> Out of tree modules do not matter, so we should not add code just to
> work around broken third party code. If you really feel strongly just
> make sure something they rely on for their hacks stops being exported
> and they are properly broken.

As we agreed on elsewhere in the thread already, we are not going to
disable SLD, we just reject the module to be loaded. That's way better
than silently failing.

Aside of that I think that we should extend this kind of analysis to
other nasty patterns of out of tree modules, like directly fiddling with
CR* and other circumventions of stuff we are trying to protect.

Thanks,

tglx