From: Antoine Martin <antoine@nagafix.co.uk>
To: Jan Kiszka <jan.kiszka@web.de>
Cc: Marcelo Tosatti <mtosatti@redhat.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
Roland McGrath <roland@redhat.com>
Subject: Re: kvm ptrace 32bit DoS bug - bisected
Date: Sat, 17 Oct 2009 20:24:46 +0700 [thread overview]
Message-ID: <4AD9C59E.7000100@nagafix.co.uk> (raw)
In-Reply-To: <4AA68C1F.1010704@web.de>
Jan Kiszka wrote:
> Marcelo Tosatti wrote:
>> On Sun, Sep 06, 2009 at 02:50:00PM +0700, Antoine Martin wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA512
>>>
>>> [snip]
>>>>> Is this an AMD host?
>>>> Nope, Intel Core2, more host info :
>>> I have put all the relevant binaries and their config files here:
>>> http://uml.devloop.org.uk/kvmbug/
>>> Host kernel, qemu binary, kvm guest kernel and the UML binary I have
>>> used for bisecting.
>> Antoine,
>>
>> Works for me with master branch. Its likely this commit fixed it:
>>
>> commit 76d4622776d007de3f90f311591babc5f6ba6f39
>> Author: Avi Kivity <avi@redhat.com>
>> Date: Tue Sep 1 12:03:25 2009 +0300
>>
>> KVM: VMX: Check cpl before emulating debug register access
>>
>> Debug registers may only be accessed from cpl 0. Unfortunately, vmx will
>> code to emulate the instruction even though it was issued from guest
>> userspace, possibly leading to an unexpected trap later.
>>
>> It will be included in 2.6.30 / 2.6.27 stable (.29 is not maintained
>> anymore).
>
> Easy to check: Does the UML image still contain mov-to-db instructions?
> If not, this commit cannot make the difference.
I'd be happy to grep it if you give me the mov-to-db opcode.
Anyway, I am happy to report that upgrading the host to 2.6.31 prevents
the guests from crashing.
Antoine
next prev parent reply other threads:[~2009-10-17 13:24 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-05 13:41 kvm ptrace 32bit DoS bug - bisected Antoine Martin
2009-09-05 20:43 ` Marcelo Tosatti
2009-09-06 7:37 ` Antoine Martin
2009-09-06 7:50 ` Antoine Martin
2009-09-08 16:33 ` Marcelo Tosatti
2009-09-08 16:53 ` Jan Kiszka
2009-10-17 13:24 ` Antoine Martin [this message]
2009-10-18 6:50 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AD9C59E.7000100@nagafix.co.uk \
--to=antoine@nagafix.co.uk \
--cc=jan.kiszka@web.de \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=roland@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).