From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753181AbdJUDEN (ORCPT ); Fri, 20 Oct 2017 23:04:13 -0400 Received: from mail-it0-f53.google.com ([209.85.214.53]:44123 "EHLO mail-it0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751885AbdJUDEM (ORCPT ); Fri, 20 Oct 2017 23:04:12 -0400 X-Google-Smtp-Source: ABhQp+TM6N7ZAxJQne/FrVB8C8o+fUgE3KDOBIlFbImAXnuqMqs7UKUWmNfqId2Dybog8PZ4v/ftQsTMkCa10eX3dwM= MIME-Version: 1.0 In-Reply-To: <0015a75a-3624-2ec7-ae21-4753cf072e61@redhat.com> References: <1497915397-93805-1-git-send-email-keescook@chromium.org> <0ad1f8b1-3c9f-adb0-35c3-18619ff5aa25@redhat.com> <0015a75a-3624-2ec7-ae21-4753cf072e61@redhat.com> From: Kees Cook Date: Fri, 20 Oct 2017 20:04:11 -0700 X-Google-Sender-Auth: Bwlr03YkEgzdAM-GtxS34kZ2944 Message-ID: Subject: Re: [PATCH 00/23] Hardened usercopy whitelisting To: Paolo Bonzini Cc: "kernel-hardening@lists.openwall.com" , David Windsor , Linux-MM , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 20, 2017 at 4:25 PM, Paolo Bonzini wrote: > On 21/10/2017 00:40, Paolo Bonzini wrote: >> This breaks KVM completely on x86, due to two ioctls >> (KVM_GET/SET_CPUID2) accessing the cpuid_entries field of struct >> kvm_vcpu_arch. >> >> There's also another broken ioctl, KVM_XEN_HVM_CONFIG, but it is >> obsolete and not a big deal at all. >> >> I can post some patches, but probably not until the beginning of >> November due to travelling. Please do not send this too close to the >> beginning of the merge window. > > Sleeping is overrated, sending patches now... Oh awesome, thank you very much for tracking this down and building fixes! I'll insert these into the usercopy whitelisting series, and see if I can find any similar cases. Thanks! -Kees -- Kees Cook Pixel Security From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io0-f197.google.com (mail-io0-f197.google.com [209.85.223.197]) by kanga.kvack.org (Postfix) with ESMTP id 520B96B0266 for ; Fri, 20 Oct 2017 23:04:13 -0400 (EDT) Received: by mail-io0-f197.google.com with SMTP id e89so12594241ioi.16 for ; Fri, 20 Oct 2017 20:04:13 -0700 (PDT) Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id c189sor63412ith.74.2017.10.20.20.04.12 for (Google Transport Security); Fri, 20 Oct 2017 20:04:12 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <0015a75a-3624-2ec7-ae21-4753cf072e61@redhat.com> References: <1497915397-93805-1-git-send-email-keescook@chromium.org> <0ad1f8b1-3c9f-adb0-35c3-18619ff5aa25@redhat.com> <0015a75a-3624-2ec7-ae21-4753cf072e61@redhat.com> From: Kees Cook Date: Fri, 20 Oct 2017 20:04:11 -0700 Message-ID: Subject: Re: [PATCH 00/23] Hardened usercopy whitelisting Content-Type: text/plain; charset="UTF-8" Sender: owner-linux-mm@kvack.org List-ID: To: Paolo Bonzini Cc: "kernel-hardening@lists.openwall.com" , David Windsor , Linux-MM , LKML On Fri, Oct 20, 2017 at 4:25 PM, Paolo Bonzini wrote: > On 21/10/2017 00:40, Paolo Bonzini wrote: >> This breaks KVM completely on x86, due to two ioctls >> (KVM_GET/SET_CPUID2) accessing the cpuid_entries field of struct >> kvm_vcpu_arch. >> >> There's also another broken ioctl, KVM_XEN_HVM_CONFIG, but it is >> obsolete and not a big deal at all. >> >> I can post some patches, but probably not until the beginning of >> November due to travelling. Please do not send this too close to the >> beginning of the merge window. > > Sleeping is overrated, sending patches now... Oh awesome, thank you very much for tracking this down and building fixes! I'll insert these into the usercopy whitelisting series, and see if I can find any similar cases. Thanks! -Kees -- Kees Cook Pixel Security -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 Sender: keescook@google.com In-Reply-To: <0015a75a-3624-2ec7-ae21-4753cf072e61@redhat.com> References: <1497915397-93805-1-git-send-email-keescook@chromium.org> <0ad1f8b1-3c9f-adb0-35c3-18619ff5aa25@redhat.com> <0015a75a-3624-2ec7-ae21-4753cf072e61@redhat.com> From: Kees Cook Date: Fri, 20 Oct 2017 20:04:11 -0700 Message-ID: Content-Type: text/plain; charset="UTF-8" Subject: [kernel-hardening] Re: [PATCH 00/23] Hardened usercopy whitelisting To: Paolo Bonzini Cc: "kernel-hardening@lists.openwall.com" , David Windsor , Linux-MM , LKML List-ID: On Fri, Oct 20, 2017 at 4:25 PM, Paolo Bonzini wrote: > On 21/10/2017 00:40, Paolo Bonzini wrote: >> This breaks KVM completely on x86, due to two ioctls >> (KVM_GET/SET_CPUID2) accessing the cpuid_entries field of struct >> kvm_vcpu_arch. >> >> There's also another broken ioctl, KVM_XEN_HVM_CONFIG, but it is >> obsolete and not a big deal at all. >> >> I can post some patches, but probably not until the beginning of >> November due to travelling. Please do not send this too close to the >> beginning of the merge window. > > Sleeping is overrated, sending patches now... Oh awesome, thank you very much for tracking this down and building fixes! I'll insert these into the usercopy whitelisting series, and see if I can find any similar cases. Thanks! -Kees -- Kees Cook Pixel Security