* Re: [PATCH 1/1] Ddrivers: hv: Turn off write permission on the hypercall page
[not found] <1486603856-27642-1-git-send-email-kys@exchange.microsoft.com>
@ 2017-02-09 6:54 ` Greg KH
2017-02-09 15:48 ` KY Srinivasan
2017-02-10 1:12 ` Stephen Hemminger
2017-02-10 14:47 ` Greg KH
2 siblings, 1 reply; 5+ messages in thread
From: Greg KH @ 2017-02-09 6:54 UTC (permalink / raw)
To: kys
Cc: linux-kernel, devel, olaf, apw, vkuznets, jasowang,
leann.ogasawara, keescook, stephen, sds, stable
On Wed, Feb 08, 2017 at 06:30:56PM -0700, kys@exchange.microsoft.com wrote:
> From: K. Y. Srinivasan <kys@microsoft.com>
>
> The hypercall page only needs to be executable but currently it is setup to
> be writable as well. Fix the issue.
>
> Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
> Cc: <stable@vger.kernel.org>
What type of bug is this fixing that it is needed to be backported?
Does this affect any current users? How far back should it go?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH 1/1] Ddrivers: hv: Turn off write permission on the hypercall page
2017-02-09 6:54 ` [PATCH 1/1] Ddrivers: hv: Turn off write permission on the hypercall page Greg KH
@ 2017-02-09 15:48 ` KY Srinivasan
0 siblings, 0 replies; 5+ messages in thread
From: KY Srinivasan @ 2017-02-09 15:48 UTC (permalink / raw)
To: Greg KH
Cc: linux-kernel@vger.kernel.org, devel@linuxdriverproject.org,
olaf@aepfle.de, apw@canonical.com, vkuznets@redhat.com,
jasowang@redhat.com, leann.ogasawara@canonical.com,
keescook@google.com, stephen@networkplumber.org,
sds@tycho.nsa.gov, stable@vger.kernel.org
> -----Original Message-----
> From: Greg KH [mailto:gregkh@linuxfoundation.org]
> Sent: Wednesday, February 8, 2017 10:55 PM
> To: KY Srinivasan <kys@microsoft.com>
> Cc: linux-kernel@vger.kernel.org; devel@linuxdriverproject.org;
> olaf@aepfle.de; apw@canonical.com; vkuznets@redhat.com;
> jasowang@redhat.com; leann.ogasawara@canonical.com;
> keescook@google.com; stephen@networkplumber.org; sds@tycho.nsa.gov;
> stable@vger.kernel.org
> Subject: Re: [PATCH 1/1] Ddrivers: hv: Turn off write permission on the
> hypercall page
>
> On Wed, Feb 08, 2017 at 06:30:56PM -0700, kys@exchange.microsoft.com
> wrote:
> > From: K. Y. Srinivasan <kys@microsoft.com>
> >
> > The hypercall page only needs to be executable but currently it is setup to
> > be writable as well. Fix the issue.
> >
> > Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
> > Cc: <stable@vger.kernel.org>
>
> What type of bug is this fixing that it is needed to be backported?
> Does this affect any current users? How far back should it go?
This issue has been there from day 1 and the mapping was setup after the
scan was done (for questionable mappings) and so we did not see it. Now, we
are setting up the hypercall page much earlier in the boot sequence and so
this issue was noticed. Once this is committed, I will send the patch for stable.
The main issue is that the page can be written and is executable and could be
a vulnerability.
Thanks,
K. Y
>
> thanks,
>
> greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] Ddrivers: hv: Turn off write permission on the hypercall page
[not found] <1486603856-27642-1-git-send-email-kys@exchange.microsoft.com>
2017-02-09 6:54 ` [PATCH 1/1] Ddrivers: hv: Turn off write permission on the hypercall page Greg KH
@ 2017-02-10 1:12 ` Stephen Hemminger
2017-02-10 14:47 ` Greg KH
2 siblings, 0 replies; 5+ messages in thread
From: Stephen Hemminger @ 2017-02-10 1:12 UTC (permalink / raw)
To: kys
Cc: kys, gregkh, linux-kernel, devel, olaf, apw, vkuznets, jasowang,
leann.ogasawara, keescook, sds, stable
On Wed, 8 Feb 2017 18:30:56 -0700
kys@exchange.microsoft.com wrote:
> From: K. Y. Srinivasan <kys@microsoft.com>
>
> The hypercall page only needs to be executable but currently it is setup to
> be writable as well. Fix the issue.
>
> Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
> Cc: <stable@vger.kernel.org>
> ---
> arch/x86/hyperv/hv_init.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c
> index c224b7d..db64baf 100644
> --- a/arch/x86/hyperv/hv_init.c
> +++ b/arch/x86/hyperv/hv_init.c
> @@ -125,7 +125,7 @@ void hyperv_init(void)
> guest_id = generate_guest_id(0, LINUX_VERSION_CODE, 0);
> wrmsrl(HV_X64_MSR_GUEST_OS_ID, guest_id);
>
> - hypercall_pg = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_EXEC);
> + hypercall_pg = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_RX);
> if (hypercall_pg == NULL) {
> wrmsrl(HV_X64_MSR_GUEST_OS_ID, 0);
Verified that this fixes the original problem.
I don't see the warning anymore and the guest works normally.
Reported-by: Stephen Hemminger <stephen@networkplumber.org>
Tested-by: Stephen Hemminger <stephen@networkplumber.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] Ddrivers: hv: Turn off write permission on the hypercall page
[not found] <1486603856-27642-1-git-send-email-kys@exchange.microsoft.com>
2017-02-09 6:54 ` [PATCH 1/1] Ddrivers: hv: Turn off write permission on the hypercall page Greg KH
2017-02-10 1:12 ` Stephen Hemminger
@ 2017-02-10 14:47 ` Greg KH
2017-02-10 15:15 ` KY Srinivasan
2 siblings, 1 reply; 5+ messages in thread
From: Greg KH @ 2017-02-10 14:47 UTC (permalink / raw)
To: kys
Cc: linux-kernel, devel, olaf, apw, vkuznets, jasowang,
leann.ogasawara, keescook, stephen, sds, stable
On Wed, Feb 08, 2017 at 06:30:56PM -0700, kys@exchange.microsoft.com wrote:
> From: K. Y. Srinivasan <kys@microsoft.com>
>
> The hypercall page only needs to be executable but currently it is setup to
> be writable as well. Fix the issue.
>
> Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
I had to hand-edit the subject: line, please be more careful :(
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH 1/1] Ddrivers: hv: Turn off write permission on the hypercall page
2017-02-10 14:47 ` Greg KH
@ 2017-02-10 15:15 ` KY Srinivasan
0 siblings, 0 replies; 5+ messages in thread
From: KY Srinivasan @ 2017-02-10 15:15 UTC (permalink / raw)
To: Greg KH
Cc: linux-kernel@vger.kernel.org, devel@linuxdriverproject.org,
olaf@aepfle.de, apw@canonical.com, vkuznets@redhat.com,
jasowang@redhat.com, leann.ogasawara@canonical.com,
keescook@google.com, stephen@networkplumber.org,
sds@tycho.nsa.gov, stable@vger.kernel.org
> -----Original Message-----
> From: Greg KH [mailto:gregkh@linuxfoundation.org]
> Sent: Friday, February 10, 2017 6:48 AM
> To: KY Srinivasan <kys@microsoft.com>
> Cc: linux-kernel@vger.kernel.org; devel@linuxdriverproject.org;
> olaf@aepfle.de; apw@canonical.com; vkuznets@redhat.com;
> jasowang@redhat.com; leann.ogasawara@canonical.com;
> keescook@google.com; stephen@networkplumber.org; sds@tycho.nsa.gov;
> stable@vger.kernel.org
> Subject: Re: [PATCH 1/1] Ddrivers: hv: Turn off write permission on the
> hypercall page
>
> On Wed, Feb 08, 2017 at 06:30:56PM -0700, kys@exchange.microsoft.com
> wrote:
> > From: K. Y. Srinivasan <kys@microsoft.com>
> >
> > The hypercall page only needs to be executable but currently it is setup to
> > be writable as well. Fix the issue.
> >
> > Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
>
> I had to hand-edit the subject: line, please be more careful :(
Thanks; will do.
K. Y
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-02-10 15:15 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1486603856-27642-1-git-send-email-kys@exchange.microsoft.com>
2017-02-09 6:54 ` [PATCH 1/1] Ddrivers: hv: Turn off write permission on the hypercall page Greg KH
2017-02-09 15:48 ` KY Srinivasan
2017-02-10 1:12 ` Stephen Hemminger
2017-02-10 14:47 ` Greg KH
2017-02-10 15:15 ` KY Srinivasan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox