| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <55BB7FDE.80709@citrix.com> Date: Fri, 31 Jul 2015 15:02:06 +0100 From: Andrew Cooper <andrew.cooper3@...rix.com> To: Boris Ostrovsky <boris.ostrovsky@...cle.com>, Andy Lutomirski <luto@...nel.org>, X86 ML <x86@...nel.org>, Borislav Petkov <bp@...en8.de>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> CC: Peter Zijlstra <peterz@...radead.org>, Steven Rostedt <rostedt@...dmis.org>, "security@...nel.org" <security@...nel.org>, "Sasha Levin" <sasha.levin@...cle.com>, Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>, Jan Beulich <jbeulich@...e.com>, xen-devel <xen-devel@...ts.xen.org> Subject: Re: [PATCH v6 0/4] x86: modify_ldt improvement, test, and config option On 31/07/15 14:44, Boris Ostrovsky wrote: > On 07/31/2015 05:10 AM, Andrew Cooper wrote: >> On 30/07/15 22:31, Andy Lutomirski wrote: >>> This is intended for x86/urgent. Sorry for taking so long, but it >>> seemed nice to avoid breaking Xen. >> Very much appreciated. Thanks! >> >>> This fixes the "dazed and confused" issue which was exposed by the >>> CVE-2015-5157 fix. It's also probably a good general attack surface >>> reduction, and it replaces some scary code with IMO less scary code. >>> >>> Also, servers and embedded systems should probably turn off modify_ldt. >>> This makes that possible. >>> >>> Xen people, can you test patch 1? It works for me on my evil 32-bit >>> Xen virtio setup. >> So the LDT issue seems to have gone away, which is good. >> >> However, I did get this from my single vcpu guest test >> >> [OK] LDT entry 0 is invalid >> [SKIP] Cannot set affinity to CPU 1 >> [RUN] Test exec >> [ 3.638967] CPU 0 set the LDT >> [OK] LDT entry 0 has AR 0x0040FA00 and limit 0x0000002A >> [ 3.639380] ------------[ cut here ]------------ >> [ 3.639389] WARNING: CPU: 0 PID: 383 at >> /local/linux-mainline.git/arch/x86/include/asm/mmu_context.h:96 >> flush_old_exec+0x7fd/0xb70() >> [ 3.639397] DEBUG_LOCKS_WARN_ON(!irqs_disabled()) > > You must be running v5 (or earlier). This is fixed in v6 --- it is now > 'DEBUG_LOCKS_WARN_ON(preemptible());' Hmm - I definitely have the correct code, but did a complete clean and rebuild, and the issue went away. I presume I had something stale in the build. I am still seeing [ 5.496264] WARNING: CPU: 0 PID: 389 at /local/linux-mainline.git/kernel/locking/lockdep.c:2639 trace_hardirqs_off_caller+0xa9/0xb0() [ 5.496272] DEBUG_LOCKS_WARN_ON(!irqs_disabled()) [ 5.496276] CPU: 0 PID: 389 Comm: ldt_gdt_32 Not tainted 4.2.0-rc4+ #21 But that looks incidental, and unrelated to these fixes. ~Andrew -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists