| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Apr 2018 17:02:01 -0400 From: Gregory Panic <airman.price@...il.com> To: Greg KH <gregkh@...uxfoundation.org> Cc: linux-kernel@...r.kernel.org Subject: Re: RW GDT replaced by Read-Only GDT and a GPL Interface On Sun, Apr 29, 2018 at 11:59 AM, Greg KH <gregkh@...uxfoundation.org> wrote: > On Tue, Apr 17, 2018 at 05:33:25PM -0400, Gregory Panic wrote: >> Hi, >> >> I have been working on a VMX driver for a custom hypervisor which >> depends on features that KVM is not built for. Up until recently >> (4.12.x), our module has been working just fine. When we started to >> build support for Ubuntu 18.04 (4.15.x+), we ran into an issue. >> >> Unfortunately the following commits broke functionality, causing >> kernel segfaults, due to a placing the GDT in the FIXMAP area, and >> setting that mapping to Read-Only. >> #69218e47994da614e7af600bf06887750ab6657a >> and >> #45fc8757d1d2128e342b4e7ef39adedf7752faac >> >> Up until now, the GDT has been Read-Write, which allowed for resetting >> the TSS to available, and then Reloading it after a VMExit. The KVM >> and Xen work-arounds for this were implemented by creating a GPL'd >> interface to remap the GDT to the original Read/Write mapping and then >> back. >> >> Up to this point we've been able to maintain independence from GPL, > > As has been stated numberous times, the lack of EXPORT_SYMBOL_GPL() does > NOT mean that the interface you are using is not covered under the GPL > license of the kernel. > > Please consult with an IP lawyer for the details if you are interested. > > Best of luck with your driver! > > greg k-h I concede that the lack of EXPORT_SYMBOL_GPL may not imply lack of coverage by the GPL. However, let me clarify my issue with these patches. These patches explicitly REMOVE a previously working (architecture-level) functionality and seemingly PURPOSEFULLY breaks proprietary modules. There is no middle-ground as a result of this patch. For VMX drivers under Linux you must now either GPL your code or subvert the security of the kernel. This is not a good place to be. The operation in particular is the clearing of the TSS busy bit. This is a primitive operation that is well defined in the intel developers manual, and one that must be done upon a VMExit so that the TR can be reloaded. This can no longer be accomplished by proprietary drivers under Linux due to its R/O GDT - except by using an explicitly GPL'd interface. A colleague suggested an alternative patch would be to implement a primitive interface to clear the TSS busy bit that does not result in derivative works. // returns previous value, or -1 if no TSS there int change_tss_busy(uint16_t selector, bool busy); -- Gregory
Powered by blists - more mailing lists