Re: [PATCH 4/4] x86,module: Detect CRn and DRn manipulation

From: Peter Zijlstra
Date: Wed Apr 08 2020 - 05:13:47 EST


On Wed, Apr 08, 2020 at 10:51:38AM +0200, Peter Zijlstra wrote:
> On Wed, Apr 08, 2020 at 07:58:53AM +0200, Jan Kiszka wrote:
> > On 07.04.20 23:48, Steven Rostedt wrote:
>
> > > Hmm, wont this break jailhouse?
>
> Breaking it isn't a problem, it's out of tree and it should be fixable.
>
> > Yes, possibly. We load the hypervisor binary via request_firmware into
> > executable memory and then jump into it. So most of the "suspicious" code is
>
> W.T.H. does the firmware loader have the ability to give executable
> memory? We need to kill that too. /me goes find.

AFAICT the firmware loader only provides PAGE_KERNEL_RO, so how do you
get it executable?

I'm thinking the patches Christoph has lined up will take care of this.