lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <871d7c0b-e417-45a2-9eaf-f17134e2014c@leemhuis.info>
Date: Sat, 24 Jan 2026 07:27:05 +0100
From: Thorsten Leemhuis <regressions@...mhuis.info>
To: Alexey Makhalov <alexey.makhalov@...adcom.com>,
 Josh Poimboeuf <jpoimboe@...nel.org>, x86@...nel.org
Cc: linux-kernel@...r.kernel.org, Ajay Kaher <ajay.kaher@...adcom.com>,
 bcm-kernel-feedback-list@...adcom.com, Peter Zijlstra
 <peterz@...radead.org>, Justin Forbes <jforbes@...oraproject.org>,
 Linux kernel regressions list <regressions@...ts.linux.dev>,
 Zack Rusin <zack.rusin@...adcom.com>
Subject: Re: [PATCH] x86/vmware: Fix hypercall clobbers

On 1/24/26 02:01, Alexey Makhalov wrote:
> On 1/23/26 1:47 AM, Thorsten Leemhuis wrote:
>> Well, fixing bugs right where they are obviously is a good thing.
>>
>> But well, the problem according to the description quoted below was
>> exposed by a change that went into 6.19-rc1 -- which makes it a kernel
>> regression that must be fixed in the kernel (ideally before 6.19 is out).
> 
> The Linux change 34bf25e820ae ("x86/vmware: Introduce VMware hypercall
> API") that revealed QEMU issue was introduced not now, but back in June
> 2024 in v6.11-rc1. [...]

Well, the patch at the start of the thread has two fixes tags – and I
meant the other one referring to aca282ab7e75 ("x86/asm: Annotate
special section entries"), which was merged for 6.19-rc1. And the
description of the patch at the start of this thread also reads ""This
issue was bisected to commit aca282ab7e75 ("x86/asm: Annotate special
section entries"), which added annotations to the ALTERNATIVE() macro.
Despite the use of asm_inline, that commit caused the compiler to
un-inline and const-propagate  vmware_hypercall4(). That made RDI live
across the hypercall, making the hypervisor's register clobbering
visible and exposing this latent bug.""

Ciao, Thorsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ