lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 13 Sep 2019 09:43:09 +0200
From:   Thomas Huth <thuth@...hat.com>
To:     David Hildenbrand <david@...hat.com>,
        Cornelia Huck <cohuck@...hat.com>
Cc:     Christian Borntraeger <borntraeger@...ibm.com>,
        Janosch Frank <frankja@...ux.ibm.com>, kvm@...r.kernel.org,
        linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM: s390: Do not leak kernel stack data in the
 KVM_S390_INTERRUPT ioctl

On 13/09/2019 09.37, David Hildenbrand wrote:
> On 13.09.19 09:34, Thomas Huth wrote:
>> On 13/09/2019 09.20, Cornelia Huck wrote:
>>> On Thu, 12 Sep 2019 13:23:38 +0200
>>> Thomas Huth <thuth@...hat.com> wrote:
>>>
>>>> Hmm, we already talked about deprecating support for pre-3.15 kernel
>>>> stuff in the past (see
>>>> https://wiki.qemu.org/ChangeLog/2.12#Future_incompatible_changes for
>>>> example),
>>>
>>> Btw: did we ever do that? I don't quite recall what code we were
>>> talking about...
>>
>> We never really did - but we also never fixed the issue: If you run the
>> current QEMU on a kernel before 3.15, it refuses to work due to the
>> missing in-kernel FLIC device:
>>
>> Initialization of device s390-flic-kvm failed: KVM is missing capability
>> KVM_CAP_DEVICE_CTR
>>
>> Since nobody really complained so far that running QEMU with KVM is
>> still required on a kernel < 3.15, I think we could make this also
>> "official" now and improve the error message a little bit, pointing the
>> user to a kernel >= 3.15.
> 
> Didn't we discuss back then to clean up *QEMU* and not the *kernel*?
> Especially, to wait with cleanups until somebody requests to fix
> instead. I mean you could have any user space in the wild that still
> makes use of these interfaces ...

Yes, that error message is part of QEMU, so I was referring to that one.
Sorry for mixing this into a mail thread on the kernel mailing list :-/

 Thomas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ