Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752381AbbGaNpt (ORCPT ); Fri, 31 Jul 2015 09:45:49 -0400 Received: from userp1040.oracle.com ([156.151.31.81]:38545 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752206AbbGaNpr (ORCPT ); Fri, 31 Jul 2015 09:45:47 -0400 Message-ID: <55BB7BB8.5060903@oracle.com> Date: Fri, 31 Jul 2015 09:44:24 -0400 From: Boris Ostrovsky User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Andrew Cooper , Andy Lutomirski , X86 ML , Borislav Petkov , "linux-kernel@vger.kernel.org" CC: Peter Zijlstra , Steven Rostedt , "security@kernel.org" , Sasha Levin , Konrad Rzeszutek Wilk , Jan Beulich , xen-devel Subject: Re: [PATCH v6 0/4] x86: modify_ldt improvement, test, and config option References: <55BB3B72.6060607@citrix.com> In-Reply-To: <55BB3B72.6060607@citrix.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Source-IP: aserv0022.oracle.com [141.146.126.234] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1577 Lines: 40 On 07/31/2015 05:10 AM, Andrew Cooper wrote: > On 30/07/15 22:31, Andy Lutomirski wrote: >> This is intended for x86/urgent. Sorry for taking so long, but it >> seemed nice to avoid breaking Xen. > Very much appreciated. Thanks! > >> This fixes the "dazed and confused" issue which was exposed by the >> CVE-2015-5157 fix. It's also probably a good general attack surface >> reduction, and it replaces some scary code with IMO less scary code. >> >> Also, servers and embedded systems should probably turn off modify_ldt. >> This makes that possible. >> >> Xen people, can you test patch 1? It works for me on my evil 32-bit >> Xen virtio setup. > So the LDT issue seems to have gone away, which is good. > > However, I did get this from my single vcpu guest test > > [OK] LDT entry 0 is invalid > [SKIP] Cannot set affinity to CPU 1 > [RUN] Test exec > [ 3.638967] CPU 0 set the LDT > [OK] LDT entry 0 has AR 0x0040FA00 and limit 0x0000002A > [ 3.639380] ------------[ cut here ]------------ > [ 3.639389] WARNING: CPU: 0 PID: 383 at > /local/linux-mainline.git/arch/x86/include/asm/mmu_context.h:96 > flush_old_exec+0x7fd/0xb70() > [ 3.639397] DEBUG_LOCKS_WARN_ON(!irqs_disabled()) You must be running v5 (or earlier). This is fixed in v6 --- it is now 'DEBUG_LOCKS_WARN_ON(preemptible());' -boris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/