[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Xen Security Advisory 240 (CVE-2017-15595) - Unlimited recursion in linear pagetable de-typing

To: James Dingwall <james-xen@xxxxxxxxxxxxxx>, xen-users@xxxxxxxxxxxxx
From: Juergen Gross <jgross@xxxxxxxx>
Date: Thu, 16 Nov 2017 15:52:40 +0100
Delivery-date: Thu, 16 Nov 2017 14:53:11 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

On 16/11/17 15:39, James Dingwall wrote:
> On Thu, Nov 16, 2017 at 03:11:39PM +0100, Juergen Gross wrote:
>> On 16/11/17 14:58, James Dingwall wrote:
>>> On Wed, Nov 15, 2017 at 05:13:22PM +0000, Xen.org security team wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA256
>>>>
>>>>             Xen Security Advisory CVE-2017-15595 / XSA-240
>>>>                                version 5
>>>>
>>>>            Unlimited recursion in linear pagetable de-typing
>>> <snip>
>>>>
>>>> c0c624f51fb1bd9e31a2c120343164d545ab6e709ed4bb9e5dd89b5c4c4e49f8  
>>>> xsa240-4.8/0001-x86-limit-linear-page-table-use-to-a-single-level.patch
>>>> 7e3c2c4a4d0ee0a29abaa7aceffbb774b1f92aa81dfa4c5d1c5c5156b6bb0a3a  
>>>> xsa240-4.8/0002-x86-mm-Disable-PV-linear-pagetables-by-default.patch
>>>> f174ee608a7f7f0601ae46edafbf443c90a87632609c1b4145fb0e2e5c4b1b51  
>>>> xsa240-4.8/0003-x86-dont-wrongly-trigger-linear-page-table-assertion.patch
>>> <snip>
>>>
>>> I'm trying to apply patch 0003 to a 4.8.2 branch but it is rejected (patch 
>>> --verbose -p1).  The hunk it is 
>>> trying to remove does not exist in the stable-4.8 branch or at tag 
>>> RELEASE-4.8.2.  Trying to find 
>>> CONFIG_PV_LINEAR_PT in git does not show this in stable-4.8 or stable-4.9 
>>> branches (but it is present in the 
>>> staging branches.)  It looks like the patch issued for 4.6 would apply, is 
>>> this satisfactory for 4.8.2?
>>
>> What about applying above patches 0001 and 0002 first?
> 
> I have, this is all on top of a checkout of xen-4.8.2.  0001 and 0002 don't 
> appear to have been changed, only 
> 0003 added.  e1fa1c6ee152105c9adf5fb5ff4507028a87d2a3 on staging-4.8 
> introduces the CONFIG_PV_LINEAR_PT option 
> so the patch doesn't apply unless using code not on the stable-4.8 branch.  I 
> think it is is small enough that I 
> could modify it for 4.8.2 but I'd prefer not to get it wrong:)

Aah, sorry, this has meanwhile been discussed on xen-devel. Please see

https://lists.xen.org/archives/html/xen-devel/2017-11/msg00964.html

and follow-ups.


Juergen

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
https://lists.xen.org/xen-users

References:
- [Xen-users] Xen Security Advisory 240 (CVE-2017-15595) - Unlimited recursion in linear pagetable de-typing
  - From: Xen . org security team
- Re: [Xen-users] Xen Security Advisory 240 (CVE-2017-15595) - Unlimited recursion in linear pagetable de-typing
  - From: James Dingwall
- Re: [Xen-users] Xen Security Advisory 240 (CVE-2017-15595) - Unlimited recursion in linear pagetable de-typing
  - From: Juergen Gross
- Re: [Xen-users] Xen Security Advisory 240 (CVE-2017-15595) - Unlimited recursion in linear pagetable de-typing
  - From: James Dingwall

Prev by Date: Re: [Xen-users] Xen Security Advisory 240 (CVE-2017-15595) - Unlimited recursion in linear pagetable de-typing
Next by Date: [Xen-users] macvtap on Xen
Previous by thread: Re: [Xen-users] Xen Security Advisory 240 (CVE-2017-15595) - Unlimited recursion in linear pagetable de-typing
Next by thread: [Xen-users] hvm domU crash on linux 4.14.0 with xen 4.8.2
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.