Re: [Xen-devel] [PATCH v5 0/4] x86: modify_ldt improvement, test, and config option

On 07/31/2015 04:43 AM, Borislav Petkov wrote: Hey Boris, On Thu, Jul 30, 2015 at 01:18:20PM -0400, Boris Ostrovsky wrote: Only V5, no extra changes. Including running the ldt_gdt test? Yes, except that 32-on-64 doesn't work, but that's not Xen-specific. so which tests are you running exactl

Re: [Xen-devel] [PATCH v5 0/4] x86: modify_ldt improvement, test, and config option

Hey Boris, On Thu, Jul 30, 2015 at 01:18:20PM -0400, Boris Ostrovsky wrote: > >>Only V5, no extra changes. > >Including running the ldt_gdt test? > > Yes, except that 32-on-64 doesn't work, but that's not Xen-specific. so which tests are you running exactly and where can I get them? Andy's repo?

Re: [Xen-devel] [PATCH v5 0/4] x86: modify_ldt improvement, test, and config option

On 07/30/2015 01:06 PM, Andrew Cooper wrote: On 30/07/15 17:31, Boris Ostrovsky wrote: On 07/30/2015 12:12 PM, Andrew Cooper wrote: On 30/07/15 17:05, Borislav Petkov wrote: On Thu, Jul 30, 2015 at 11:53:34AM -0400, Boris Ostrovsky wrote: As far as Xen guests are concerned, Tested-by: Boris

Re: [Xen-devel] [PATCH v5 0/4] x86: modify_ldt improvement, test, and config option

On 30/07/15 17:31, Boris Ostrovsky wrote: > On 07/30/2015 12:12 PM, Andrew Cooper wrote: >> On 30/07/15 17:05, Borislav Petkov wrote: >>> On Thu, Jul 30, 2015 at 11:53:34AM -0400, Boris Ostrovsky wrote: As far as Xen guests are concerned, Tested-by: Boris Ostrovsky >>> Does that mea

Re: [Xen-devel] [PATCH v5 0/4] x86: modify_ldt improvement, test, and config option

On 07/30/2015 12:12 PM, Andrew Cooper wrote: On 30/07/15 17:05, Borislav Petkov wrote: On Thu, Jul 30, 2015 at 11:53:34AM -0400, Boris Ostrovsky wrote: As far as Xen guests are concerned, Tested-by: Boris Ostrovsky Does that mean, this patch 1/4 fixes the 32bit issue you guys are still debug

Re: [Xen-devel] [PATCH v5 0/4] x86: modify_ldt improvement, test, and config option

On 30/07/15 17:05, Borislav Petkov wrote: > On Thu, Jul 30, 2015 at 11:53:34AM -0400, Boris Ostrovsky wrote: >> As far as Xen guests are concerned, >> >> Tested-by: Boris Ostrovsky > Does that mean, this patch 1/4 fixes the 32bit issue you guys are still > debugging on the v4 thread? Or does that

Re: [PATCH v5 0/4] x86: modify_ldt improvement, test, and config option

On Thu, Jul 30, 2015 at 11:53:34AM -0400, Boris Ostrovsky wrote: > As far as Xen guests are concerned, > > Tested-by: Boris Ostrovsky Does that mean, this patch 1/4 fixes the 32bit issue you guys are still debugging on the v4 thread? Or does that need more fixing? -- Regards/Gruss, Boris.

Re: [PATCH v5 0/4] x86: modify_ldt improvement, test, and config option

On 07/28/2015 01:29 AM, Andy Lutomirski wrote: This is intended for x86/urgent. Sorry for taking so long, but it seemed nice to avoid breaking Xen. This fixes the "dazed and confused" issue which was exposed by the CVE-2015-5157 fix. It's also probably a good general attack surface reduction,

[PATCH v5 0/4] x86: modify_ldt improvement, test, and config option

This is intended for x86/urgent. Sorry for taking so long, but it seemed nice to avoid breaking Xen. This fixes the "dazed and confused" issue which was exposed by the CVE-2015-5157 fix. It's also probably a good general attack surface reduction, and it replaces some scary code with IMO less sca