> pin (i.e. mark as read-only).
> > >
> > > These register flags should already be pinned by Linux guests, but once
> > > compromised, this self-protection mechanism could be disabled, which is
> > > not the case with this dedicated hypercall.
> > >
On Fri, Apr 02, 2021 at 08:42:07AM +0200, Sedat Dilek wrote:
> On Thu, Feb 25, 2021 at 10:25 PM Kees Cook wrote:
> >
> > On Thu, 11 Feb 2021 12:42:58 -0700, Nathan Chancellor wrote:
> > > fw_cfg_showrev() is called by an indirect call in kobj_attr_show(),
> > > wh
kobj_structure' expects the second parameter to be of type 'struct
> kobj_attribute'.
>
> $ cat /sys/firmware/qemu_fw_cfg/rev
> 3
>
> [...]
Applied to kspp/cfi/cleanups, thanks!
[1/1] qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
https://git.kernel.org/kees/c/f5c4679d6c49
--
Kees Cook
t;)
> Link: https://github.com/ClangBuiltLinux/linux/issues/1299
> Signed-off-by: Nathan Chancellor
Ah, nice, yes.
Reviewed-by: Kees Cook
Michael, are you able to take this? I can snag it if needed.
-Kees
> ---
> drivers/firmware/qemu_fw_cfg.c | 8 +++-
> 1 file changed, 3 inser
I spent way too much time trying to figure out why the emulated NVDIMM
was missing under Linux. In an effort to help others who might be looking
for these kinds of things in the future, include a hint.
Signed-off-by: Kees Cook
---
docs/nvdimm.txt | 5 +++--
1 file changed, 3 insertions(+), 2
sirkin" <m...@redhat.com>
> Cc: Anthony Liguori <aligu...@amazon.com>
> Cc: Anton Vorontsov <an...@enomsg.org>
> Cc: Colin Cross <ccr...@android.com>
> Cc: Kees Cook <keesc...@chromium.org>
> Cc: Tony Luck <tony.l...@intel.com>
> Cc: Ste
On Sun, Jul 17, 2016 at 10:50 PM, Namhyung Kim <namhy...@kernel.org> wrote:
> Hello,
>
> On Sun, Jul 17, 2016 at 10:12:26PM -0700, Kees Cook wrote:
>> On Sun, Jul 17, 2016 at 9:37 PM, Namhyung Kim <namhy...@kernel.org> wrote:
>> > The virtio pstore driver provid
;
> Cc: "Michael S. Tsirkin" <m...@redhat.com>
> Cc: Anthony Liguori <aligu...@amazon.com>
> Cc: Anton Vorontsov <an...@enomsg.org>
> Cc: Colin Cross <ccr...@android.com>
> Cc: Kees Cook <keesc...@chromium.org>
> Cc: Tony Luck <ton
that holds all the approved
argument strings, at which point seccomp could then trust the chased
pointers that land in this range.) Obviously eBPF is a prerequisite to
this, but it isn't the full solution, as far as I understand it.
-Kees
--
Kees Cook
Chrome OS Security
/libseccomp/files
Packages are available for Debian/Ubuntu and Fedora packaging is currently in
progress.
Gentoo has en ebuild as well. If you hit any snags with the packaging
there or in Debian and Ubuntu, let me know. :)
-Kees
--
Kees Cook
Chrome OS Security
Thanks for preparing the debdiffs! It looks like karmic is vulnerable
too, so we'll need that as well. I'll update the debdiffs to use proper
DEP-3 and fix up the formatting of the changelogs a bit (CVE- vs CVE:
), and get these building.
** Also affects: libvirt (Ubuntu Karmic)
Importance:
** Changed in: libvirt (Ubuntu Natty)
Importance: High = Undecided
** Changed in: libvirt (Ubuntu Natty)
Assignee: Serge Hallyn (serge-hallyn) = (unassigned)
** Changed in: qemu-kvm (Ubuntu Maverick)
Milestone: maverick-updates = None
** Changed in: libvirt (Ubuntu Lucid)
** Changed in: qemu-kvm (Ubuntu Maverick)
Assignee: Ubuntu Security Team (ubuntu-security) = Kees Cook (kees)
** Changed in: qemu-kvm (Ubuntu Lucid)
Assignee: Ubuntu Security Team (ubuntu-security) = Kees Cook (kees)
** Changed in: qemu-kvm (Ubuntu Karmic)
Importance: Undecided
13 matches
Mail list logo