Hi Greg-
Jiri has had these patches applied to 3.12 for a while. Can you
backport to 3.10? See below.
Thanks,
Andy
On Thu, Oct 29, 2015 at 12:05 PM, Mateusz Guzik wrote:
> On Wed, Oct 14, 2015 at 08:29:21AM -0700, Andy Lutomirski wrote:
>> On Wed, Oct 14, 2015 at 5:19 AM, Mate
On Thu, Dec 24, 2015 at 7:30 AM, Jann Horn wrote:
> This adds a new ptrace_may_access_file() method that extracts
> the caller credentials from the supplied file instead of the
> current task. (However, the current task may still be
> inspected for auditing purposes, e.g. by the Smack LSM.)
>
I t
ernel.
Fix it by generating the keymap in the dmi_walk callback instead of
storing a pointer.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
This seems to work on my laptop. It applies to platform-drivers-x86/for-next.
drivers/platform/x86/dell-wmi.c
On 04/03/2013 08:35 AM, Eric Dumazet wrote:
> On Wed, 2013-04-03 at 17:10 +0200, Sven Joachim wrote:
>> On 2013-04-03 16:00 +0200, Eric Dumazet wrote:
>
>>
>>> It might be a wrong sender (application bug or bad identity), and udevd
>>> correctly discards the incoming message.
>>
>> How would I fin
On Wed, Apr 3, 2013 at 11:43 AM, Eric Dumazet wrote:
> On Wed, 2013-04-03 at 10:58 -0700, Andy Lutomirski wrote:
>
>>
>> This sounds suspiciously like an SCM_CREDENTIALS bug triggered by a
>> race. There's a fix (that needs both a new version from me and a review
&g
On Wed, Apr 3, 2013 at 5:47 PM, Eric W. Biederman wrote:
> Eric Dumazet writes:
>
>> On Wed, 2013-04-03 at 17:05 -0700, Eric W. Biederman wrote:
>>> Sven Joachim writes:
>>>
>>> > On 2013-04-03 00:11 +0200, Greg Kroah-Hartman wrote:
>>> >
>>> >> 3.8-stable review patch. If anyone has any object
This is a security bug.
The follow-up will fix nsproxy to discourage this type of issue from
happening again.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
net/core/scm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/scm.c b/net/core/scm.c
index
Xen doesn't call start_secondary.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
espfix still doesn't seem to work on Xen (it goes boom in some way that
I don't understand right now), but initializing all CPUs instead of just
one of them seems like a good start.
On Tue, Jul 15, 2014 at 8:38 AM, Konrad Rzeszutek Wilk
wrote:
> On Tue, Jul 15, 2014 at 08:26:41AM -0700, Andy Lutomirski wrote:
>> Xen doesn't call start_secondary.
>
> Duh!
>>
>> Cc: stable@vger.kernel.org
>> Signed-off-by: Andy Lutomirski
>> ---
&g
On Tue, Jul 15, 2014 at 8:45 AM, Boris Ostrovsky
wrote:
> On 07/15/2014 11:38 AM, Konrad Rzeszutek Wilk wrote:
>>
>> On Tue, Jul 15, 2014 at 08:26:41AM -0700, Andy Lutomirski wrote:
>>>
>>> Xen doesn't call start_secondary.
>>
>> Duh!
>>
//xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=xen/arch/x86/x86_64/entry.S;h=a3ed216b390c2e87a21ff377850ee34ee7f2bc74;hb=HEAD
and (search for do_iret):
http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=xen/arch/x86/traps.c;h=677074b4e628ed99d407b1045d859355e590d604;hb=HEAD
> -hpa
>
>
On Tue, Jul 15, 2014 at 9:05 AM, Boris Ostrovsky
wrote:
> On 07/15/2014 11:54 AM, Andy Lutomirski wrote:
>>
>> On Tue, Jul 15, 2014 at 8:45 AM, Boris Ostrovsky
>> wrote:
>>>
>>> On 07/15/2014 11:38 AM, Konrad Rzeszutek Wilk wrote:
>>>>
turn value
>> syscall_exit:
>> LOCKDEP_SYS_EXIT
>>@@ -675,12 +676,12 @@ syscall_fault:
>> END(syscall_fault)
>>
>> syscall_badsys:
>>- movl $-ENOSYS,PT_EAX(%esp)
>>- jmp syscall_exit
>>+ movl $-ENOSYS,%eax
>&
On Mon, Jul 21, 2014 at 10:20 AM, H. Peter Anvin wrote:
> On 07/21/2014 09:53 AM, Andy Lutomirski wrote:
>> On Sun, Jul 20, 2014 at 3:07 PM, H. Peter Anvin wrote:
>>> This is not a subtle regression at all. It is in fact a very very serious
>>> one.
>>
>&
g syscalls on CPUs not supporting the sysenter feature.
s/not supporting/supporting/
That means that this is IMO much worse than the other way around: all
newish 32-bit systems are affected.
Other than the typo and the missing Cc: stable:
Reviewed-and-tested-by: Andy Lutomirski
--Andy
--
To unsu
On Tue, Jul 22, 2014 at 3:21 PM, Kamal Mostafa wrote:
> 3.8.13.27 -stable review patch. If anyone has any objections, please let me
> know.
>
> --
>
> From: Andy Lutomirski
>
> commit 554086d85e71f30abe46fc014fea31929a7c6a8a upstream.
>
> The bad
On 07/23/2014 12:36 PM, Eric Paris wrote:
> This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744
> plus fixing it a different way...
You sent something like this a couple days ago. What changed?
--Andy
>
> We found, when trying to run an application from an application whic
the bad part of it.
The printk in question isn't actually bare; the level is "%s".
The bug this fixes is purely cosmetic; backports are optional.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
arch/x86/kernel/vsyscall_64.c | 8
1 file changed, 4 insertions(
On Mon, Jul 28, 2014 at 3:33 PM, tip-bot for Andy Lutomirski
wrote:
> Commit-ID: 7209a75d2009dbf7745e2fd354abf25c3deb3ca3
> Gitweb: http://git.kernel.org/tip/7209a75d2009dbf7745e2fd354abf25c3deb3ca3
> Author: Andy Lutomirski
> AuthorDate: Wed, 23 Jul 2014 08:34:11 -0700
>
On Mon, Jun 9, 2014 at 3:30 PM, Greg KH wrote:
> On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
>> From: Andy Lutomirski
>>
>> Fixes an easy DoS and possible information disclosure.
>>
>> This does nothing about the broken state of x32 auditin
On Mon, Jun 9, 2014 at 3:46 PM, Greg KH wrote:
> On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
>> On Mon, Jun 9, 2014 at 3:30 PM, Greg KH wrote:
>> > On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
>> >> From: Andy Lutomirski
>
On Mon, Jun 9, 2014 at 3:53 PM, Linus Torvalds
wrote:
> On Mon, Jun 9, 2014 at 3:35 PM, Andy Lutomirski wrote:
>>
>> Hmm. It seems that it didn't make it into Linus' tree. Crap.
>
> I assume that if there is a maintainer who normally sends me stuff by
> git,
6:40 -0700)
----
Andy Lutomirski (1):
auditsc: audit_krule mask accesses need bounds checking
kernel/auditsc.c | 27 ++-
1 file changed, 18 insertions(+), 9 deletions(-)
NB: This is exactly the same patch that's been on the list, exce
On Mon, Jun 9, 2014 at 5:32 PM, Greg KH wrote:
> On Mon, Jun 09, 2014 at 03:55:20PM -0700, Andy Lutomirski wrote:
>> On Mon, Jun 9, 2014 at 3:46 PM, Greg KH wrote:
>> > On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
>> >> On Mon, Jun 9, 2014 at
the bad part of it.
The printk in question isn't actually bare; the level is "%s".
The bug this fixes is purely cosmetic; backports are optional.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
arch/x86/kernel/vsyscall_64.c | 8
1 file changed, 4 insertions(
probably been broken since Linux 2.6.27:
af0575bba0 i386 syscall audit fast-path
Cc: stable@vger.kernel.org
Cc: Roland McGrath
Reported-by: Toralf Förster
Signed-off-by: Andy Lutomirski
---
I realize that the syscall audit fast path and badsys code, on 32-bit
x86 no less, is possibly one of the
On Tue, Jun 24, 2014 at 3:51 AM, Borislav Petkov wrote:
> On Mon, Jun 23, 2014 at 02:22:15PM -0700, Andy Lutomirski wrote:
>> The bad syscall nr paths are their own incomprehensible route
>> through the entry control flow. Rearrange them to work just like
>> syscall
the bad part of it.
The printk in question isn't actually bare; the level is "%s".
The bug this fixes is purely cosmetic; backports are optional.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
arch/x86/kernel/vsyscall_64.c | 8
1 file changed, 4 insertions(
On Thu, Feb 13, 2014 at 10:38 AM, Richard Yao wrote:
> This patch is now in Linus' tree:
>
> https://github.com/torvalds/linux/commit/b6f52ae2f0d32387bde2b89883e3b64d88b9bfe8
Great!
-stable people: can you pick this up?
Thanks,
Andy
--
To unsubscribe from this list: send the line "unsubscribe s
On 01/14/2014 09:37 PM, Len Brown wrote:
> From: Len Brown
>
> In Linux-3.9 we removed the mwait_idle() loop:
> 'x86 idle: remove mwait_idle() and "idle=mwait" cmdline param'
> (69fb3676df3329a7142803bb3502fa59dc0db2e3)
>
> The reasoning was that modern machines should be sufficiently
> happy du
On Thu, Oct 9, 2014 at 3:36 PM, Andy Lutomirski wrote:
> On Wed, Oct 8, 2014 at 12:37 PM, Andy Lutomirski wrote:
>> Accessing do_remount_sb should require global CAP_SYS_ADMIN, but
>> only one of the two call sites was appropriately protected.
>>
>> Fixes CVE-2014-797
On Mon, Oct 13, 2014 at 11:53 PM, Linus Torvalds
wrote:
> On Tue, Oct 14, 2014 at 7:33 AM, Andy Lutomirski wrote:
>>
>> Linus, can you pull this?
>
> Pulled. You didn't mark the commit for stable. Oversight?
Yeah. I'll email.
>
>Linus
--
Andy L
The fix is a1480dcc3c706e309a4723446f2e84fedd5b in Linus' tree.
I think that this is needed for Linux 3.8 and newer. The patch will
probably apply to much older versions, but it won't have any effect.
Sorry for the missing Cc: stable tag.
https://git.kernel.org/cgit/linux/kernel/git/torvald
be observed with qemu using
-cpu qemu64,-tsc,+tsc-deadline
This also happens to me in nested KVM for unknown reasons.
With this patch, I can boot cleanly (although without a TSC).
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
arch/x86/kernel/apic/apic.c | 4 ++--
arch/x86/kernel
On 10/24/2014 08:07 AM, Paolo Bonzini wrote:
> From: Nadav Amit
>
> Before changing rip (during jmp, call, ret, etc.) the target should be
> asserted
> to be canonical one, as real CPUs do. During sysret, both target rsp and rip
> should be canonical. If any of these values is noncanonical, a #
On 10/24/2014 08:07 AM, Paolo Bonzini wrote:
> From: "Michael S. Tsirkin"
>
> KVM_EXIT_UNKNOWN is a kvm bug, we don't really know whether it was
> triggered by a priveledged application. Let's not kill the guest: WARN
> and inject #UD instead.
This scares me a bit. For guest CPL3, it's probabl
On Fri, Oct 24, 2014 at 2:54 PM, Paolo Bonzini wrote:
> On 10/24/2014 07:57 PM, Andy Lutomirski wrote:
>> > KVM_EXIT_UNKNOWN is a kvm bug, we don't really know whether it was
>> > triggered by a priveledged application. Let's not kill the guest: WARN
>>
On Oct 25, 2014 12:57 PM, "Nadav Amit" wrote:
>
>
> > On Oct 24, 2014, at 20:53, Andy Lutomirski wrote:
> >
> > On 10/24/2014 08:07 AM, Paolo Bonzini wrote:
> >> From: Nadav Amit
> >>
> >> Before changing rip (during jmp, call, ret, e
.
Fixes 8c7aa698baca x86_64, entry: Filter RFLAGS.NT on entry from userspace
Reported-by: Rusty Russell
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
Linus, etc: this should probably go in pretty quickly before it hits -stable
too hard. Fortunately it's unlikely to be a meani
On Fri, Nov 7, 2014 at 3:09 PM, wrote:
>
> This is a note to let you know that I've just added the patch titled
>
> x86_64, entry: Filter RFLAGS.NT on entry from userspace
>
> to the 3.10-stable tree which can be found at:
>
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-q
On Fri, Nov 7, 2014 at 4:50 PM, Anish Bhatt wrote:
> Thanks for following up and fixing my patch all the way to stable Andy.
No problem. Enjoy your Far Cry :)
If you try it on Xen and discover that it doesn't work, take it up
with the Xen people. I don't think there's anything Linux can do
abo
this is compatible with Sandstorm's revision
1bf0c4847b. That revision of Sandstorm does not work without this
fix if 9566d6742852 is applied.
Cc: Kenton Varda
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
fs/namespace.c | 16
fs/proc/root.c | 2 +-
On Fri, Aug 15, 2014 at 12:05 PM, Serge Hallyn wrote:
> Quoting Andy Lutomirski (l...@amacapital.net):
>> Currently, creating a new mount (as opposed to bindmount) in a
>> non-root userns will implicitly set nodev unless the fs is devpts.
>> Something like this will be neces
On Fri, Aug 15, 2014 at 11:49 AM, Rusty Russell wrote:
> Andy Lutomirski writes:
>> The commit
>>
>> 4982223e51e8 module: set nx before marking module MODULE_STATE_COMING.
>>
>> introduced a regression: if a module fails to parse its arguments or
>
On Fri, Aug 15, 2014 at 12:37 PM, Serge Hallyn wrote:
> Quoting Andy Lutomirski (l...@amacapital.net):
>> On Fri, Aug 15, 2014 at 12:05 PM, Serge Hallyn
>> wrote:
>> > Quoting Andy Lutomirski (l...@amacapital.net):
>> >> Currently, creating a new mount (as
On Wed, Aug 13, 2014 at 5:03 PM, Andy Lutomirski wrote:
> Currently, creating a new mount (as opposed to bindmount) in a
> non-root userns will implicitly set nodev unless the fs is devpts.
> Something like this will be necessary for file systems that allow
> the mounter to create
Fixes an easy DoS and possible information disclosure.
This does nothing about the broken state of x32 auditing.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
kernel/auditsc.c | 27 ++-
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a
Fixes an easy DoS and possible information disclosure.
This does nothing about the broken state of x32 auditing.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
kernel/auditsc.c | 27 ++-
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a
On Wed, May 28, 2014 at 7:23 PM, Eric Paris wrote:
> On Wed, 2014-05-28 at 18:44 -0700, Andy Lutomirski wrote:
>> Fixes an easy DoS and possible information disclosure.
>>
>> This does nothing about the broken state of x32 auditing.
>>
>> Cc: stable@vger.
On Wed, May 28, 2014 at 7:43 PM, Eric Paris wrote:
> On Wed, 2014-05-28 at 19:27 -0700, Andy Lutomirski wrote:
>> On Wed, May 28, 2014 at 7:23 PM, Eric Paris wrote:
>> > On Wed, 2014-05-28 at 18:44 -0700, Andy Lutomirski wrote:
>> >> Fixes an easy DoS and p
t, then this fix is critical if you care about Zebra.
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman"
Signed-off-by: Andy Lutomirski
---
This, or something like it, is needed for 3.15.
include/linux/netlink.h | 7 ---
net/netlink/af_netlink.c | 7 ++-
2 files cha
f this patch by Anish
Bhatt.
Cc: stable@vger.kernel.org
Reported-by: Anish Bhatt
Signed-off-by: Andy Lutomirski
---
arch/x86/ia32/ia32entry.S| 12
arch/x86/kernel/cpu/common.c | 2 +-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/x86/ia32/ia32entry.S
immeasurable in a tight loop, since it will predict
correctly almost every time. And, unless cfi state works across
.pushsection (does it?), getting the cfi annotations right will be
more complicated.
--Andy
--
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: s
On Wed, Oct 1, 2014 at 7:32 AM, Chuck Ebbert wrote:
> On Wed, 1 Oct 2014 09:09:13 -0500
> Chuck Ebbert wrote:
>
>> On Tue, 30 Sep 2014 21:51:27 -0700
>> Andy Lutomirski wrote:
>>
>> > The NT flag doesn't do anything in long mode other than causing IRET
On Wed, Oct 1, 2014 at 7:56 AM, Chuck Ebbert wrote:
> On Wed, 1 Oct 2014 07:46:54 -0700
> Andy Lutomirski wrote:
>
>> On Wed, Oct 1, 2014 at 7:32 AM, Chuck Ebbert wrote:
>> > On Wed, 1 Oct 2014 09:09:13 -0500
>> > Chuck Ebbert wrote:
>> >
>>
On Oct 1, 2014 8:26 AM, "H. Peter Anvin" wrote:
>
> On 10/01/2014 08:22 AM, H. Peter Anvin wrote:
> > On 09/30/2014 09:51 PM, Andy Lutomirski wrote:
> >>
> >> diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
> >> index 4299eb050
On Wed, Oct 1, 2014 at 8:50 AM, Andy Lutomirski wrote:
> On Oct 1, 2014 8:26 AM, "H. Peter Anvin" wrote:
>>
>> On 10/01/2014 08:22 AM, H. Peter Anvin wrote:
>> > On 09/30/2014 09:51 PM, Andy Lutomirski wrote:
>> >>
>> >> diff --g
urns into a GPF.
I haven't touched anything on 32-bit kernels.
The syscall mask change comes from a variant of this patch by Anish
Bhatt.
Cc: stable@vger.kernel.org
Reported-by: Anish Bhatt
Signed-off-by: Andy Lutomirski
---
arch/x86/ia32/ia32entry.S| 18 +-
arch/x86
crashing the program. This patch fixes Far Cry
on Wine: https://bugs.winehq.org/show_bug.cgi?id=33275
Cc: stable@vger.kernel.org
Reported-by: Anish Bhatt
Signed-off-by: Andy Lutomirski
---
arch/x86/ia32/ia32entry.S| 18 +-
arch/x86/kernel/cpu/common.c | 2 +-
2 files ch
On Wed, Oct 1, 2014 at 11:49 AM, Andy Lutomirski wrote:
> The NT flag doesn't do anything in long mode other than causing IRET
> to #GP. Oddly, CPL3 code can still set NT using popf.
>
[...]
> +
> + /*
> +* Sysenter doesn't filter f
Accessing do_remount_sb should require global CAP_SYS_ADMIN, but
only one of the two call sites was appropriately protected.
Fixes CVE-2014-7975.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
*Sigh*
Build the thing below and do something like:
$ cd /dev/pts
$ remount_ro /dev
On Wed, Oct 8, 2014 at 12:37 PM, Andy Lutomirski wrote:
> Accessing do_remount_sb should require global CAP_SYS_ADMIN, but
> only one of the two call sites was appropriately protected.
>
> Fixes CVE-2014-7975.
Due to my ineptitude, the cat is well and truly out of the bag on this
o
On 04/11/2014 10:36 AM, tip-bot for H. Peter Anvin wrote:
> Commit-ID: b3b42ac2cbae1f3cecbb6229964a4d48af31d382
> Gitweb: http://git.kernel.org/tip/b3b42ac2cbae1f3cecbb6229964a4d48af31d382
> Author: H. Peter Anvin
> AuthorDate: Sun, 16 Mar 2014 15:31:54 -0700
> Committer: H. Peter Anvin
On 04/11/2014 11:29 AM, H. Peter Anvin wrote:
> On 04/11/2014 11:27 AM, Brian Gerst wrote:
>> Is this bug really still present in modern CPUs? This change breaks
>> running 16-bit apps in Wine. I have a few really old games I like to
>> play on occasion, and I don't have a copy of Win 3.11 to put
On 04/11/2014 02:24 PM, H. Peter Anvin wrote:
> On 04/11/2014 02:16 PM, Andy Lutomirski wrote:
>> I wonder if there's an easy-ish good-enough fix:
>>
>> Allocate some percpu space in the fixmap. (OK, this is ugly, but
>> kvmclock already does it, so it
On Fri, Apr 11, 2014 at 2:59 PM, H. Peter Anvin wrote:
> On 04/11/2014 02:53 PM, Andy Lutomirski wrote:
>>
>> How big of a functionality problem is it? Apparently it doesn't break
>> 16-bit code on wine.
>>
>
> It breaks *some* 16-bit code. This is actu
The caller needs capabilities on the namespace being queried, not on
their own namespace. This is a security bug, although it likely has
only a minor impact.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
Someone should check that I'm right. I had trouble getting '
This is unlikely to be exploitable for anything except an OOPS.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
Notes:
This is entirely untested, but it looks obviously correct to me.
crypto/crypto_user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a
On Apr 23, 2014 4:40 AM, "Dan Carpenter" wrote:
>
> On Tue, Apr 22, 2014 at 12:30:28PM -0700, Andy Lutomirski wrote:
> > This is unlikely to be exploitable for anything except an OOPS.
> >
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Andy Lutomirski
chard.
>
> Signed-off-by: Jiri Slaby
> Reported-by: Richard Biener
> Cc: stable@vger.kernel.org
> Cc: Andy Lutomirski
> Cc: Thomas Gleixner
> Cc: Ingo Molnar
> Cc: "H. Peter Anvin"
> Cc: x...@kernel.org
> ---
> arch/x86/vdso/vdso32/sigreturn.S | 1
The one in do_debug is probably harmless, but better safe than
sorry. The one in do_bounds is less harmless.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
arch/x86/kernel/traps.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/traps.c b
On Mon, Mar 23, 2015 at 4:21 PM, Marcelo Tosatti wrote:
>
> The following point:
>
> 2. per-CPU pvclock time info is updated if the
>underlying CPU changes.
>
> Is not true anymore since "KVM: x86: update pvclock area conditionally,
> on cpu migration".
>
> Add task migration notificat
d to it at all.
> (Guest can have all tasks pinned, so the revert changed nothing.)
>
>> Add task migration notification back.
>>
>> Problem noticed by Andy Lutomirski.
>
> What is the problem?
The kvmclock spec says that the host will increment a version field to
an
On Mar 25, 2015 2:29 PM, "Marcelo Tosatti" wrote:
>
> On Wed, Mar 25, 2015 at 01:52:15PM +0100, Radim Krčmář wrote:
> > 2015-03-25 12:08+0100, Radim Krčmář:
> > > Reverting the patch protects us from any migration, but I don't think we
> > > need to care about changing VCPUs as long as we read a c
On Wed, Mar 25, 2015 at 3:41 PM, Marcelo Tosatti wrote:
> On Wed, Mar 25, 2015 at 03:33:10PM -0700, Andy Lutomirski wrote:
>> On Mar 25, 2015 2:29 PM, "Marcelo Tosatti" wrote:
>> >
>> > On Wed, Mar 25, 2015 at 01:52:15PM +0100, Radim Krčmář wrote:
>&
On Wed, Mar 25, 2015 at 4:13 PM, Marcelo Tosatti wrote:
> On Wed, Mar 25, 2015 at 03:48:02PM -0700, Andy Lutomirski wrote:
>> On Wed, Mar 25, 2015 at 3:41 PM, Marcelo Tosatti wrote:
>> > On Wed, Mar 25, 2015 at 03:33:10PM -0700, Andy Lutomirski wrote:
>> >> On
On Wed, Mar 25, 2015 at 4:08 AM, Radim Krčmář wrote:
> 2015-03-24 15:33-0700, Andy Lutomirski:
>> On Tue, Mar 24, 2015 at 8:34 AM, Radim Krčmář wrote:
>> > What is the problem?
>>
>> The kvmclock spec says that the host will increment a version field to
>> an
On Thu, Mar 26, 2015 at 4:29 AM, Marcelo Tosatti wrote:
> On Wed, Mar 25, 2015 at 04:22:03PM -0700, Andy Lutomirski wrote:
>> On Wed, Mar 25, 2015 at 4:13 PM, Marcelo Tosatti wrote:
>> > On Wed, Mar 25, 2015 at 03:48:02PM -0700, Andy Lutomirski wrote:
>> >> O
On Thu, Mar 26, 2015 at 1:31 PM, Radim Krcmar wrote:
> 2015-03-26 11:51-0700, Andy Lutomirski:
>> On Thu, Mar 26, 2015 at 4:29 AM, Marcelo Tosatti wrote:
>> > On Wed, Mar 25, 2015 at 04:22:03PM -0700, Andy Lutomirski wrote:
>> >> Suppose we start out with all vc
[much snippage]
On Thu, Mar 26, 2015 at 1:58 PM, Andy Lutomirski wrote:
>
> If the versioning were fixed, I think we could almost get away with:
>
> pvti = pvti for vcpu 0;
>
> ver1 = pvti->version;
> check stable bit;
> rdtsc_barrier, rdtsc, read scale, shift, etc.
ted if the
>> >underlying CPU changes.
>> >
>> > Is not true anymore since "KVM: x86: update pvclock area conditionally,
>> > on cpu migration".
>> >
>> > Add task migration notification back.
>> >
>> > Problem notic
On Thu, Mar 26, 2015 at 3:56 PM, Marcelo Tosatti wrote:
> On Thu, Mar 26, 2015 at 01:58:25PM -0700, Andy Lutomirski wrote:
>> On Thu, Mar 26, 2015 at 1:31 PM, Radim Krcmar wrote:
>> > 2015-03-26 11:51-0700, Andy Lutomirski:
>> >> On Thu, Mar 26, 2015 at 4:29 AM,
On Thu, Mar 26, 2015 at 4:22 PM, Marcelo Tosatti wrote:
> On Thu, Mar 26, 2015 at 04:09:53PM -0700, Andy Lutomirski wrote:
>> On Thu, Mar 26, 2015 at 3:56 PM, Marcelo Tosatti wrote:
>> > On Thu, Mar 26, 2015 at 01:58:25PM -0700, Andy Lutomirski wrote:
>> >> On Thu,
much better than sysexit.
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
---
This needs careful review even though it's short. It everyone likes
it, I'll resubmit with a second patch to tear out the associated
paravirt gunk.
I wouldn't be at all surprised if this breaks X
On Mar 28, 2015 1:35 AM, "Ingo Molnar" wrote:
>
>
> * Andy Lutomirski wrote:
>
> > Sysexit is scary on 64-bit kernels -- sysexit must be invoked with
> > usergs and IRQs on. That means that we rely on sti to correctly
> > mask interrupts for one instructi
On Sun, Mar 29, 2015 at 12:07 PM, Denys Vlasenko
wrote:
> On Fri, Mar 27, 2015 at 10:54 PM, Andy Lutomirski wrote:
>> --- a/arch/x86/ia32/ia32entry.S
>> +++ b/arch/x86/ia32/ia32entry.S
>> @@ -180,28 +180,34 @@ sysenter_dispatch:
>> testl $_TIF_ALLWORK_MAS
pu1 ||
> - (pvti->pvti.version & 1) ||
> + smp_rmb();
> + } while (unlikely((pvti->pvti.version & 1) ||
> pvti->pvti.version != version ||
> pvti->migrate_count != migrate_count));
>
> --
> 2.3.4
>
--
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Dec 8, 2014 at 7:45 AM, Konrad Rzeszutek Wilk
wrote:
> On Fri, Dec 05, 2014 at 07:03:28PM -0800, Andy Lutomirski wrote:
>> paravirt_enabled has the following effects:
>>
>> - Disables the F00F bug workaround warning. There is no F00F bug
>>workarou
Otherwise, if buggy user code points DS or ES into the TLS array,
they would be corrupted after a context switch.
- begin test case -
/*
* Copyright (c) 2014 Andy Lutomirski
* GPL v2
*/
static unsigned short GDT3(int idx)
{
return (idx << 3) | 3;
}
static int create_t
the gsbase test still fails.
- begin es test -
/*
* Copyright (c) 2014 Andy Lutomirski
* GPL v2
*/
static unsigned short GDT3(int idx)
{
return (idx << 3) | 3;
}
static int create_tls(int idx, unsigned int base)
{
struct user_desc desc = {
.entry_
freed */
> @@ -217,7 +218,11 @@ bool may_setgroups(void)
> {
> struct user_namespace *user_ns = current_user_ns();
>
> - return ns_capable(user_ns, CAP_SETGID);
> + /* It is not safe to use setgroups until a gid mapping in
> +* the user namespac
dentials can be obtained.
>
> I can not find a combination of existing system calls that allows
> setting uid, euid, suid, and fsuid from the fsuid making the previous
> use of fsuid for allowing unprivileged mappings a bug.
Right.
>
> This is part of a fix for CVE-2014-8989.
Revi
till can't parse that sentence.
The code itself is:
Reviewed-by: Andy Lutomirski
> Limiting unprivileged gid mapping establishment (which is temporarily
> absent) to the creator of the user namespace also ensures that the
> combination of uid and gid can already be obtained without pr
e have a race: we could see that setgroups
is allowed before the user clears the bit and then see that there is a
gid mapping after the other thread is done.
--Andy
--
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the
ntly: in may_setgroups, do:
if (!userns_gid_mappings_established)
return false;
/* User code can start with setgroups allowed, disallow it, and then
add a mapping. We need to prevent a race that could cause this
function to return true. */
smp_rmb();
if (!userns_setgroups_allowed)
return false;
--Andy
> Thanks,
> //richard
--
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
gid_map"?
The code is:
Reviewed-by: Andy Lutomirski
>
> Cc: stable@vger.kernel.org
> Signed-off-by: "Eric W. Biederman"
> ---
> kernel/user_namespace.c | 5 +
> 1 file changed, 5 insertions(+)
>
> diff --git a/kernel/user_namespace.c b/kern
On Mon, Dec 8, 2014 at 2:26 PM, Eric W. Biederman wrote:
> Andy Lutomirski writes:
>
>> On Mon, Dec 8, 2014 at 2:07 PM, Eric W. Biederman
>> wrote:
>>>
>>> setgroups is unique in not needing a valid mapping before it can be called,
>>> in t
On Mon, Dec 8, 2014 at 2:39 PM, Eric W. Biederman wrote:
> Richard Weinberger writes:
>
>> Am 08.12.2014 um 23:25 schrieb Andy Lutomirski:
>>> On Mon, Dec 8, 2014 at 2:17 PM, Richard Weinberger wrote:
>>>> Am 08.12.2014 um 23:07 schrieb Eric W. Biederman:
>&
On Mon, Dec 8, 2014 at 2:44 PM, Eric W. Biederman wrote:
> Andy Lutomirski writes:
>
>> On Mon, Dec 8, 2014 at 2:11 PM, Eric W. Biederman
>> wrote:
>>>
>>> - Expose the knob to user space through a proc file /proc//setgroups
>>>
>>> A val
rrently do not pass in a struct file so file_ns_capable
> is unusable.
Reviewed-by: Andy Lutomirski
But I still don't like the name "setgroups". People may look at that
and have no clue what the scope of the setting is. And anyone who, as
root, writes "deny" to /proc
1 - 100 of 195 matches
Mail list logo