From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755689AbcCPVO3 (ORCPT <rfc822;w@1wt.eu>);
	Wed, 16 Mar 2016 17:14:29 -0400
Received: from mail.kernel.org ([198.145.29.136]:37885 "EHLO mail.kernel.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751390AbcCPVO2 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 16 Mar 2016 17:14:28 -0400
From: Andy Lutomirski <luto@kernel.org>
To: x86@kernel.org, Andrew Cooper <andrew.cooper3@citrix.com>,
        Jan Beulich <JBeulich@suse.com>
Cc: Borislav Petkov <bp@alien8.de>, David Vrabel <david.vrabel@citrix.com>,
        Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        linux-kernel@vger.kernel.org, Andy Lutomirski <luto@kernel.org>
Subject: [PATCH v4 0/3] Xen iopl fixes
Date: Wed, 16 Mar 2016 14:14:19 -0700
Message-Id: <cover.1458162709.git.luto@kernel.org>
X-Mailer: git-send-email 2.5.0
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi all-

For those who are seeing this for the first time: any 64-bit Xen PV
domain with IO port access privileges (in practice, this means dom0
AFAIK) and any user programs that use iopl(3) (various old X
drivers, presumably) is probably vulnerable to privilege escalations
by unprivileged programs running in the same PV domain.

There's a long public description of the issue here:

http://xenbits.xen.org/xsa/advisory-171.html

Changes from v3:
 - Add Jan's R-b.
 - No longer embargoed

Changes from v2: Pretend v2 never happened...

Changes from v1: Use xen/hypervisor.h instead of xen-ops.h (Jan)

Andy Lutomirski (3):
  selftests/x86: Add a iopl test
  x86/iopl/64: Properly context-switch IOPL on Xen PV
  x86/iopl: Fix iopl capability check on Xen PV

 arch/x86/include/asm/xen/hypervisor.h |   2 +
 arch/x86/kernel/ioport.c              |  12 ++-
 arch/x86/kernel/process_64.c          |  12 +++
 arch/x86/xen/enlighten.c              |   2 +-
 tools/testing/selftests/x86/Makefile  |   2 +-
 tools/testing/selftests/x86/iopl.c    | 135 ++++++++++++++++++++++++++++++++++
 6 files changed, 160 insertions(+), 5 deletions(-)
 create mode 100644 tools/testing/selftests/x86/iopl.c

-- 
2.5.0