lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 13 Sep 2019 09:47:57 +0200
From:   David Hildenbrand <david@...hat.com>
To:     Thomas Huth <thuth@...hat.com>, Cornelia Huck <cohuck@...hat.com>
Cc:     Christian Borntraeger <borntraeger@...ibm.com>,
        Janosch Frank <frankja@...ux.ibm.com>, kvm@...r.kernel.org,
        linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM: s390: Do not leak kernel stack data in the
 KVM_S390_INTERRUPT ioctl

On 13.09.19 09:43, Thomas Huth wrote:
> On 13/09/2019 09.37, David Hildenbrand wrote:
>> On 13.09.19 09:34, Thomas Huth wrote:
>>> On 13/09/2019 09.20, Cornelia Huck wrote:
>>>> On Thu, 12 Sep 2019 13:23:38 +0200
>>>> Thomas Huth <thuth@...hat.com> wrote:
>>>>
>>>>> Hmm, we already talked about deprecating support for pre-3.15 kernel
>>>>> stuff in the past (see
>>>>> https://wiki.qemu.org/ChangeLog/2.12#Future_incompatible_changes for
>>>>> example),
>>>>
>>>> Btw: did we ever do that? I don't quite recall what code we were
>>>> talking about...
>>>
>>> We never really did - but we also never fixed the issue: If you run the
>>> current QEMU on a kernel before 3.15, it refuses to work due to the
>>> missing in-kernel FLIC device:
>>>
>>> Initialization of device s390-flic-kvm failed: KVM is missing capability
>>> KVM_CAP_DEVICE_CTR
>>>
>>> Since nobody really complained so far that running QEMU with KVM is
>>> still required on a kernel < 3.15, I think we could make this also
>>> "official" now and improve the error message a little bit, pointing the
>>> user to a kernel >= 3.15.
>>
>> Didn't we discuss back then to clean up *QEMU* and not the *kernel*?
>> Especially, to wait with cleanups until somebody requests to fix
>> instead. I mean you could have any user space in the wild that still
>> makes use of these interfaces ...
> 
> Yes, that error message is part of QEMU, so I was referring to that one.
> Sorry for mixing this into a mail thread on the kernel mailing list :-/

Ah okay, I messed up then :)

-- 

Thanks,

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ