[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH v5 0/4] x86: modify_ldt improvement, test, and config option
- To: Andy Lutomirski <luto@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Steven Rostedt <rostedt@xxxxxxxxxxx>
- From: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
- Date: Thu, 30 Jul 2015 11:53:34 -0400
- Cc: "security@xxxxxxxxxx" <security@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, xen-devel <xen-devel@xxxxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Sasha Levin <sasha.levin@xxxxxxxxxx>
- Delivery-date: Thu, 30 Jul 2015 15:55:15 +0000
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
On 07/28/2015 01:29 AM, Andy Lutomirski wrote:
This is intended for x86/urgent. Sorry for taking so long, but it
seemed nice to avoid breaking Xen.
This fixes the "dazed and confused" issue which was exposed by the
CVE-2015-5157 fix. It's also probably a good general attack surface
reduction, and it replaces some scary code with IMO less scary code.
Also, servers and embedded systems should probably turn off modify_ldt.
This makes that possible.
Boris, could I get a Tested-by, assuming this works for you?
As far as Xen guests are concerned,
Tested-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
But ldt_gdt_32 test segfaults on 64-bit kernels. Baremetal and virt. I
thought it worked for me before but can't reproduce this with older
patches. Does it work for you?
-boris
Willy and Kees: I left the config option alone. The -tiny people will
like it, and we can always add a sysctl of some sort later.
Changes from v4:
- Fix Xen even better (patch 1 is new).
- Reorder the patches to make a little more sense.
Changes from v3:
- Hopefully fixed Xen.
- Fixed 32-bit test case on 32-bit native kernel.
- Fix bogus vumnap for some LDT sizes.
- Strengthen test case to check all LDT sizes (catches bogus vunmap).
- Lots of cleanups, mostly from Borislav.
- Simplify IPI code using on_each_cpu_mask.
Changes from v2:
- Allocate ldt_struct and the LDT entries separately. This should fix Xen.
- Stop using write_ldt_entry, since I'm pretty sure it's unnecessary now
that we no longer mutate an in-use LDT. (Xen people, can you check?)
Changes from v1:
- The config option is new.
- The test case is new.
- Fixed a missing allocation failure check.
- Fixed a use-after-free on fork().
Andy Lutomirski (4):
x86/xen: Unmap aliases in xen_alloc_ldt and xen_free_ldt
x86/ldt: Make modify_ldt synchronous
selftests/x86, x86/ldt: Add a selftest for modify_ldt
x86/ldt: Make modify_ldt optional
arch/x86/Kconfig | 17 ++
arch/x86/include/asm/desc.h | 15 -
arch/x86/include/asm/mmu.h | 5 +-
arch/x86/include/asm/mmu_context.h | 68 ++++-
arch/x86/kernel/Makefile | 3 +-
arch/x86/kernel/cpu/common.c | 4 +-
arch/x86/kernel/cpu/perf_event.c | 16 +-
arch/x86/kernel/ldt.c | 262 +++++++++--------
arch/x86/kernel/process_64.c | 6 +-
arch/x86/kernel/step.c | 8 +-
arch/x86/power/cpu.c | 3 +-
arch/x86/xen/enlighten.c | 12 +
kernel/sys_ni.c | 1 +
tools/testing/selftests/x86/Makefile | 2 +-
tools/testing/selftests/x86/ldt_gdt.c | 520 ++++++++++++++++++++++++++++++++++
15 files changed, 787 insertions(+), 155 deletions(-)
create mode 100644 tools/testing/selftests/x86/ldt_gdt.c
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
