* Patch "x86/mm/xen: Suppress hugetlbfs in PV guests" (CVE-2016-3961) is missing in 3.4, 3.10 and 3.12 stable tree
@ 2016-11-21 15:22 Thomas Deutschmann
2016-11-21 15:40 ` Willy Tarreau
2016-11-22 20:16 ` Jiri Slaby
0 siblings, 2 replies; 3+ messages in thread
From: Thomas Deutschmann @ 2016-11-21 15:22 UTC (permalink / raw)
To: stable@vger.kernel.org
Cc: lizefan, Willy Tarreau, Jiri Slaby, Jan Beulich, xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 2802 bytes --]
Hi,
the following patch is present in the following LTS kernels
>=linux-3.2.81
>=linux-3.16.36
>=linux-3.18.33
>=linux-4.1.24
>=linux-4.4.9
however it is missing from LTS kernels
- linux-3.4
- linux-3.10
- linux-3.12
> From 103f6112f253017d7062cd74d17f4a514ed4485c Mon Sep 17 00:00:00 2001
> From: Jan Beulich <JBeulich@suse.com>
> Date: Thu, 21 Apr 2016 00:27:04 -0600
> Subject: x86/mm/xen: Suppress hugetlbfs in PV guests
>
> Huge pages are not normally available to PV guests. Not suppressing
> hugetlbfs use results in an endless loop of page faults when user mode
> code tries to access a hugetlbfs mapped area (since the hypervisor
> denies such PTEs to be created, but error indications can't be
> propagated out of xen_set_pte_at(), just like for various of its
> siblings), and - once killed in an oops like this:
>
> kernel BUG at .../fs/hugetlbfs/inode.c:428!
> invalid opcode: 0000 [#1] SMP
> ...
> RIP: e030:[<ffffffff811c333b>] [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
> ...
> Call Trace:
> [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
> [<ffffffff81167b3d>] evict+0xbd/0x1b0
> [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
> [<ffffffff81165b0e>] dput+0x1fe/0x220
> [<ffffffff81150535>] __fput+0x155/0x200
> [<ffffffff81079fc0>] task_work_run+0x60/0xa0
> [<ffffffff81063510>] do_exit+0x160/0x400
> [<ffffffff810637eb>] do_group_exit+0x3b/0xa0
> [<ffffffff8106e8bd>] get_signal+0x1ed/0x470
> [<ffffffff8100f854>] do_signal+0x14/0x110
> [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
> [<ffffffff814178a5>] retint_user+0x8/0x13
>
> This is CVE-2016-3961 / XSA-174.
>
> Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Andy Lutomirski <luto@amacapital.net>
> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> Cc: Borislav Petkov <bp@alien8.de>
> Cc: Brian Gerst <brgerst@gmail.com>
> Cc: David Vrabel <david.vrabel@citrix.com>
> Cc: Denys Vlasenko <dvlasenk@redhat.com>
> Cc: H. Peter Anvin <hpa@zytor.com>
> Cc: Juergen Gross <JGross@suse.com>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Luis R. Rodriguez <mcgrof@suse.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Toshi Kani <toshi.kani@hp.com>
> Cc: stable@vger.kernel.org
> Cc: xen-devel <xen-devel@lists.xenproject.org>
> Link: http://lkml.kernel.org/r/57188ED802000078000E431C@prv-mh.provo.novell.com
> Signed-off-by: Ingo Molnar <mingo@kernel.org>
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=103f6112f253017d7062cd74d17f4a514ed4485c
--
Regards,
Thomas
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 951 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Patch "x86/mm/xen: Suppress hugetlbfs in PV guests" (CVE-2016-3961) is missing in 3.4, 3.10 and 3.12 stable tree
2016-11-21 15:22 Patch "x86/mm/xen: Suppress hugetlbfs in PV guests" (CVE-2016-3961) is missing in 3.4, 3.10 and 3.12 stable tree Thomas Deutschmann
@ 2016-11-21 15:40 ` Willy Tarreau
2016-11-22 20:16 ` Jiri Slaby
1 sibling, 0 replies; 3+ messages in thread
From: Willy Tarreau @ 2016-11-21 15:40 UTC (permalink / raw)
To: Thomas Deutschmann
Cc: stable@vger.kernel.org, lizefan, Jiri Slaby, Jan Beulich,
xen-devel
On Mon, Nov 21, 2016 at 04:22:10PM +0100, Thomas Deutschmann wrote:
> > From 103f6112f253017d7062cd74d17f4a514ed4485c Mon Sep 17 00:00:00 2001
> > From: Jan Beulich <JBeulich@suse.com>
> > Date: Thu, 21 Apr 2016 00:27:04 -0600
> > Subject: x86/mm/xen: Suppress hugetlbfs in PV guests
Queued for next 3.10, thanks Thomas.
Willy
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Patch "x86/mm/xen: Suppress hugetlbfs in PV guests" (CVE-2016-3961) is missing in 3.4, 3.10 and 3.12 stable tree
2016-11-21 15:22 Patch "x86/mm/xen: Suppress hugetlbfs in PV guests" (CVE-2016-3961) is missing in 3.4, 3.10 and 3.12 stable tree Thomas Deutschmann
2016-11-21 15:40 ` Willy Tarreau
@ 2016-11-22 20:16 ` Jiri Slaby
1 sibling, 0 replies; 3+ messages in thread
From: Jiri Slaby @ 2016-11-22 20:16 UTC (permalink / raw)
To: Thomas Deutschmann, stable@vger.kernel.org
Cc: lizefan, Willy Tarreau, Jan Beulich, xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 598 bytes --]
On 11/21/2016, 04:22 PM, Thomas Deutschmann wrote:
> Hi,
>
> the following patch is present in the following LTS kernels
>
>> =linux-3.2.81
>> =linux-3.16.36
>> =linux-3.18.33
>> =linux-4.1.24
>> =linux-4.4.9
>
>
> however it is missing from LTS kernels
>
> - linux-3.4
> - linux-3.10
> - linux-3.12
>
>
>> From 103f6112f253017d7062cd74d17f4a514ed4485c Mon Sep 17 00:00:00 2001
>> From: Jan Beulich <JBeulich@suse.com>
>> Date: Thu, 21 Apr 2016 00:27:04 -0600
>> Subject: x86/mm/xen: Suppress hugetlbfs in PV guests
Applied to 3.12. Thanks!
--
js
suse labs
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 825 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-11-22 20:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-21 15:22 Patch "x86/mm/xen: Suppress hugetlbfs in PV guests" (CVE-2016-3961) is missing in 3.4, 3.10 and 3.12 stable tree Thomas Deutschmann
2016-11-21 15:40 ` Willy Tarreau
2016-11-22 20:16 ` Jiri Slaby
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).