On Wed, 10 Jul 2019, Kees Cook wrote:
> On Wed, Jul 10, 2019 at 09:42:46PM +0200, Thomas Gleixner wrote:
> > The pinning of sensitive CR0 and CR4 bits caused a boot crash when loading
> > the kvm_intel module on a kernel compiled with CONFIG_PARAVIRT=n.
> >
> > The reason is that the static key which controls the pinning is marked RO
> > after init. The kvm_intel module contains a CR4 write which requires to
> > update the static key entry list. That obviously does not work when the key
> > is in a RO section.
> >
> > With CONFIG_PARAVIRT enabled this does not happen because the CR4 write
> > uses the paravirt indirection and the actual write function is built in.
> >
> > As the key is intended to be immutable after init, move
> > native_write_cr0/3() out of line.
> >
> > While at it consolidate the update of the cr4 shadow variable and store the
> > value right away when the pinning is initialized on a booting CPU. No point
> > in reading it back 20 instructions later. This allows to confine the static
> > key and the pinning variable to cpu/common and allows to mark them static.
> >
> > Fixes: 8dbec27a242c ("x86/asm: Pin sensitive CR0 bits")
> > Fixes: 873d50d58f67 ("x86/asm: Pin sensitive CR4 bits")
> > Reported-by: Linus Torvalds <torva...@linux-foundation.org>
> > Reported-by: Xi Ruoyao <xry...@mengyan1223.wang>
> > Signed-off-by: Thomas Gleixner <t...@linutronix.de>
> > Tested-by: Xi Ruoyao <xry...@mengyan1223.wang>
>
> Thank you for tracking this down and solving it!
>
> Nit: should be "cr0/4()" in Subject and in paragraph 4.
Yeah. My brain is not working today.
