| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+icZUW-i53boHBPt+8zh-D921XFbPb_Kc=dzdgCK1QvkOgCsw@mail.gmail.com> Date: Fri, 20 Dec 2024 00:10:08 +0100 From: Sedat Dilek <sedat.dilek@...il.com> To: Andrew Cooper <andrew.cooper3@...rix.com> Cc: Juergen Gross <jgross@...e.com>, Peter Zijlstra <peterz@...radead.org>, Sami Tolvanen <samitolvanen@...gle.com>, Jan Beulich <jbeulich@...e.com>, Josh Poimboeuf <jpoimboe@...hat.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Sasha Levin <sashal@...nel.org>, linux-kernel@...r.kernel.org, stable@...r.kernel.org, Kees Cook <kees@...nel.org>, Nathan Chancellor <nathan@...nel.org>, llvm@...ts.linux.dev Subject: Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI On Thu, Dec 19, 2024 at 6:07 PM Sedat Dilek <sedat.dilek@...il.com> wrote: > > On Thu, Dec 19, 2024 at 5:44 PM Andrew Cooper <andrew.cooper3@...rix.com> wrote: > > > > On 19/12/2024 4:14 pm, Sedat Dilek wrote: > > > Hi, > > > > > > Linux v6.12.6 will include XEN CVE fixes from mainline. > > > > > > Here, I use Debian/unstable AMD64 and the SLIM LLVM toolchain 19.1.x > > > from kernel.org. > > > > > > What does it mean in ISSUE DESCRIPTION... > > > > > > Furthermore, the hypercall page has no provision for Control-flow > > > Integrity schemes (e.g. kCFI/CET-IBT/FineIBT), and will simply > > > malfunction in such configurations. > > > > > > ...when someone uses Clang-kCFI? > > > > The hypercall page has functions of the form: > > > > MOV $x, %eax > > VMCALL / VMMCALL / SYSCALL > > RET > > > > There are no ENDBR instructions, and no prologue/epilogue for hash-based > > CFI schemes. > > > > This is because it's code provided by Xen, not code provided by Linux. > > > > The absence of ENDBR instructions will yield #CP when CET-IBT is active, > > and the absence of hash prologue/epilogue lets the function be used in a > > type-confused manor that CFI should have caught. > > > > ~Andrew > > Thanks for the technical explanation, Andrew. > > Hope that helps the folks of "CLANG CONTROL FLOW INTEGRITY SUPPORT". > > I am not an active user of XEN in the Linux-kernel but I am willing to > test when Linux v6.12.6 is officially released and give feedback. > https://wiki.xenproject.org/wiki/Testing_Xen#Presence_test https://wiki.xenproject.org/wiki/Testing_Xen#Commands_for_presence_testing # apt install -t unstable xen-utils-4.17 -y # xl list Name ID Mem VCPUs State Time(s) Domain-0 0 7872 4 r----- 398.2 Some basic tests LGTM - see also attached stuff. If you have any tests to recommend, let me know. Thanks. Best regards, -Sedat- View attachment "xl-info.txt" of type "text/plain" (1382 bytes) Download attachment "config-6.12.6-1-amd64-clang19-kcfi" of type "application/octet-stream" (281308 bytes) View attachment "xl-dmesg_6.12.6-1-amd64-clang19-kcfi.txt" of type "text/plain" (16384 bytes) View attachment "dmesg-T_6.12.6-1-amd64-clang19-kcfi.txt" of type "text/plain" (91020 bytes) View attachment "xenstore-ls.txt" of type "text/plain" (1108 bytes)
Powered by blists - more mailing lists