From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754887AbbGaOUr (ORCPT ); Fri, 31 Jul 2015 10:20:47 -0400 Received: from smtp.citrix.com ([66.165.176.89]:55209 "EHLO SMTP.CITRIX.COM" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753780AbbGaOCK (ORCPT ); Fri, 31 Jul 2015 10:02:10 -0400 X-IronPort-AV: E=Sophos;i="5.15,584,1432598400"; d="scan'208";a="286567909" Message-ID: <55BB7FDE.80709@citrix.com> Date: Fri, 31 Jul 2015 15:02:06 +0100 From: Andrew Cooper User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.7.0 MIME-Version: 1.0 To: Boris Ostrovsky , Andy Lutomirski , X86 ML , Borislav Petkov , "linux-kernel@vger.kernel.org" CC: Peter Zijlstra , Steven Rostedt , "security@kernel.org" , "Sasha Levin" , Konrad Rzeszutek Wilk , Jan Beulich , xen-devel Subject: Re: [PATCH v6 0/4] x86: modify_ldt improvement, test, and config option References: <55BB3B72.6060607@citrix.com> <55BB7BB8.5060903@oracle.com> In-Reply-To: <55BB7BB8.5060903@oracle.com> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-DLP: MIA1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 31/07/15 14:44, Boris Ostrovsky wrote: > On 07/31/2015 05:10 AM, Andrew Cooper wrote: >> On 30/07/15 22:31, Andy Lutomirski wrote: >>> This is intended for x86/urgent. Sorry for taking so long, but it >>> seemed nice to avoid breaking Xen. >> Very much appreciated. Thanks! >> >>> This fixes the "dazed and confused" issue which was exposed by the >>> CVE-2015-5157 fix. It's also probably a good general attack surface >>> reduction, and it replaces some scary code with IMO less scary code. >>> >>> Also, servers and embedded systems should probably turn off modify_ldt. >>> This makes that possible. >>> >>> Xen people, can you test patch 1? It works for me on my evil 32-bit >>> Xen virtio setup. >> So the LDT issue seems to have gone away, which is good. >> >> However, I did get this from my single vcpu guest test >> >> [OK] LDT entry 0 is invalid >> [SKIP] Cannot set affinity to CPU 1 >> [RUN] Test exec >> [ 3.638967] CPU 0 set the LDT >> [OK] LDT entry 0 has AR 0x0040FA00 and limit 0x0000002A >> [ 3.639380] ------------[ cut here ]------------ >> [ 3.639389] WARNING: CPU: 0 PID: 383 at >> /local/linux-mainline.git/arch/x86/include/asm/mmu_context.h:96 >> flush_old_exec+0x7fd/0xb70() >> [ 3.639397] DEBUG_LOCKS_WARN_ON(!irqs_disabled()) > > You must be running v5 (or earlier). This is fixed in v6 --- it is now > 'DEBUG_LOCKS_WARN_ON(preemptible());' Hmm - I definitely have the correct code, but did a complete clean and rebuild, and the issue went away. I presume I had something stale in the build. I am still seeing [ 5.496264] WARNING: CPU: 0 PID: 389 at /local/linux-mainline.git/kernel/locking/lockdep.c:2639 trace_hardirqs_off_caller+0xa9/0xb0() [ 5.496272] DEBUG_LOCKS_WARN_ON(!irqs_disabled()) [ 5.496276] CPU: 0 PID: 389 Comm: ldt_gdt_32 Not tainted 4.2.0-rc4+ #21 But that looks incidental, and unrelated to these fixes. ~Andrew From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH v6 0/4] x86: modify_ldt improvement, test, and config option Date: Fri, 31 Jul 2015 15:02:06 +0100 Message-ID: <55BB7FDE.80709@citrix.com> References: <55BB3B72.6060607@citrix.com> <55BB7BB8.5060903@oracle.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <55BB7BB8.5060903@oracle.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Boris Ostrovsky , Andy Lutomirski , X86 ML , Borislav Petkov , "linux-kernel@vger.kernel.org" Cc: "security@kernel.org" , Peter Zijlstra , Steven Rostedt , xen-devel , Jan Beulich , Sasha Levin List-Id: xen-devel@lists.xenproject.org On 31/07/15 14:44, Boris Ostrovsky wrote: > On 07/31/2015 05:10 AM, Andrew Cooper wrote: >> On 30/07/15 22:31, Andy Lutomirski wrote: >>> This is intended for x86/urgent. Sorry for taking so long, but it >>> seemed nice to avoid breaking Xen. >> Very much appreciated. Thanks! >> >>> This fixes the "dazed and confused" issue which was exposed by the >>> CVE-2015-5157 fix. It's also probably a good general attack surface >>> reduction, and it replaces some scary code with IMO less scary code. >>> >>> Also, servers and embedded systems should probably turn off modify_ldt. >>> This makes that possible. >>> >>> Xen people, can you test patch 1? It works for me on my evil 32-bit >>> Xen virtio setup. >> So the LDT issue seems to have gone away, which is good. >> >> However, I did get this from my single vcpu guest test >> >> [OK] LDT entry 0 is invalid >> [SKIP] Cannot set affinity to CPU 1 >> [RUN] Test exec >> [ 3.638967] CPU 0 set the LDT >> [OK] LDT entry 0 has AR 0x0040FA00 and limit 0x0000002A >> [ 3.639380] ------------[ cut here ]------------ >> [ 3.639389] WARNING: CPU: 0 PID: 383 at >> /local/linux-mainline.git/arch/x86/include/asm/mmu_context.h:96 >> flush_old_exec+0x7fd/0xb70() >> [ 3.639397] DEBUG_LOCKS_WARN_ON(!irqs_disabled()) > > You must be running v5 (or earlier). This is fixed in v6 --- it is now > 'DEBUG_LOCKS_WARN_ON(preemptible());' Hmm - I definitely have the correct code, but did a complete clean and rebuild, and the issue went away. I presume I had something stale in the build. I am still seeing [ 5.496264] WARNING: CPU: 0 PID: 389 at /local/linux-mainline.git/kernel/locking/lockdep.c:2639 trace_hardirqs_off_caller+0xa9/0xb0() [ 5.496272] DEBUG_LOCKS_WARN_ON(!irqs_disabled()) [ 5.496276] CPU: 0 PID: 389 Comm: ldt_gdt_32 Not tainted 4.2.0-rc4+ #21 But that looks incidental, and unrelated to these fixes. ~Andrew