Re: [PATCH 00/23] Hardened usercopy whitelisting

From: Kees Cook
Date: Fri Oct 20 2017 - 23:04:41 EST

Next message: Andi Kleen: "Re: [PATCH mmotm] lib/bug.c: fix build when MODULES are not enabled"
Previous message: Dongjiu Geng: "[PATCH v7] acpi: apei: remove the unused dead-code for SEA/NMI notification type"
In reply to: Paolo Bonzini: "Re: [PATCH 00/23] Hardened usercopy whitelisting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 20, 2017 at 4:25 PM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:
> On 21/10/2017 00:40, Paolo Bonzini wrote:
>> This breaks KVM completely on x86, due to two ioctls
>> (KVM_GET/SET_CPUID2) accessing the cpuid_entries field of struct
>> kvm_vcpu_arch.
>>
>> There's also another broken ioctl, KVM_XEN_HVM_CONFIG, but it is
>> obsolete and not a big deal at all.
>>
>> I can post some patches, but probably not until the beginning of
>> November due to travelling. Please do not send this too close to the
>> beginning of the merge window.
>
> Sleeping is overrated, sending patches now...

Oh awesome, thank you very much for tracking this down and building fixes!

I'll insert these into the usercopy whitelisting series, and see if I
can find any similar cases.

Thanks!

-Kees

--
Kees Cook
Pixel Security

Next message: Andi Kleen: "Re: [PATCH mmotm] lib/bug.c: fix build when MODULES are not enabled"
Previous message: Dongjiu Geng: "[PATCH v7] acpi: apei: remove the unused dead-code for SEA/NMI notification type"
In reply to: Paolo Bonzini: "Re: [PATCH 00/23] Hardened usercopy whitelisting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]