Re: [RFC PATCH] x86/split_lock: Disable SLD if an unaware (out-of-tree) module enables VMX

From: Peter Zijlstra
Date: Wed Apr 08 2020 - 05:12:41 EST


On Mon, Apr 06, 2020 at 10:10:58AM -0700, Christoph Hellwig wrote:
> On Mon, Apr 06, 2020 at 06:01:57PM +0200, Peter Zijlstra wrote:
> > Please feel free to use my pgprot_nx() and apply liberally on any
> > exported function.
> >
> > But crucially, I don't think any of the still exported functions allows
> > getting memory in the text range, and if you want to run code outside of
> > the text range, things become _much_ harder. That said, modules
> > shouldn't be able to create executable code, full-stop (IMO).
>
> This is what i've got for now:
>
> http://git.infradead.org/users/hch/misc.git/shortlog/refs/heads/sanitize-vmalloc-api

Should we not also apply pgprot_nx() to __vmalloc(), that's also
EXPORT_SYMBOL().