| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Apr 2016 00:27:04 -0600 From: "Jan Beulich" <JBeulich@...e.com> To: <mingo@...e.hu>, <tglx@...utronix.de>, <hpa@...or.com> Cc: "David Vrabel" <david.vrabel@...rix.com>, "xen-devel" <xen-devel@...ts.xenproject.org>, "Boris Ostrovsky" <boris.ostrovsky@...cle.com>, "Juergen Gross" <JGross@...e.com>, <linux-kernel@...r.kernel.org> Subject: [PATCH] x86/xen: suppress hugetlbfs in PV guests Huge pages are not normally available to PV guests. Not suppressing hugetlbfs use results in an endless loop of page faults when user mode code tries to access a hugetlbfs mapped area (since the hypervisor denies such PTEs to be created, but error indications can't be propagated out of xen_set_pte_at(), just like for various of its siblings), and - once killed in an oops like this: kernel BUG at .../fs/hugetlbfs/inode.c:428! invalid opcode: 0000 [#1] SMP Modules linked in: ... Supported: Yes CPU: 2 PID: 6088 Comm: hugetlbfs Tainted: G W 4.4.0-2016-01-20-pv #2 Hardware name: ... task: ffff8808059205c0 ti: ffff880803c84000 task.ti: ffff880803c84000 RIP: e030:[<ffffffff811c333b>] [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320 RSP: e02b:ffff880803c879a8 EFLAGS: 00010202 RAX: 000000000077a4db RBX: ffffea001acff000 RCX: 0000000078417d38 RDX: 0000000000000000 RSI: 000000007e154fa7 RDI: ffff880805d70960 RBP: 0000000000000960 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: ffff880807486018 R14: 0000000000000000 R15: ffff880803c87af0 FS: 00007f85fa8b8700(0000) GS:ffff88080b640000(0000) knlGS:0000000000000000 CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007f85fa000000 CR3: 0000000001a0a000 CR4: 0000000000040660 Stack: ffff880000000fb0 ffff880803c87a18 ffff880803c87ae8 ffff8808059205c0 ffff880803c87af0 ffff880803c87ae8 ffff880807486018 0000000000000000 ffffffff81bf6e60 ffff880807486168 000003ffffffffff 0000000003c87758 Call Trace: [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40 [<ffffffff81167b3d>] evict+0xbd/0x1b0 [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0 [<ffffffff81165b0e>] dput+0x1fe/0x220 [<ffffffff81150535>] __fput+0x155/0x200 [<ffffffff81079fc0>] task_work_run+0x60/0xa0 [<ffffffff81063510>] do_exit+0x160/0x400 [<ffffffff810637eb>] do_group_exit+0x3b/0xa0 [<ffffffff8106e8bd>] get_signal+0x1ed/0x470 [<ffffffff8100f854>] do_signal+0x14/0x110 [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0 [<ffffffff814178a5>] retint_user+0x8/0x13 This is CVE-2016-3961 / XSA-174. Reported-by: Vitaly Kuznetsov <vkuznets@...hat.com> Signed-off-by: Jan Beulich <jbeulich@...e.com> Cc: stable@...r.kernel.org --- arch/x86/include/asm/hugetlb.h | 1 + 1 file changed, 1 insertion(+) --- 4.6-rc4/arch/x86/include/asm/hugetlb.h +++ 4.6-rc4-xsa174/arch/x86/include/asm/hugetlb.h @@ -4,6 +4,7 @@ #include <asm/page.h> #include <asm-generic/hugetlb.h> +#define hugepages_supported() cpu_has_pse static inline int is_hugepage_only_range(struct mm_struct *mm, unsigned long addr,
Powered by blists - more mailing lists