** Description changed:
+ == SRU Justification ==
+ The ldt_gdt_64 x86 selftest segfaults with the currently released Trusty 3.13
kernel. The commit that introduced the segfault is aeb315d60afe ("x86/ldt: Make
modify_ldt synchronous").
+
+ == Fix ==
+ Upstream commit 8ff5bd2e1e27 ("x86/signal/64: Fix SS if needed when
delivering a 64-bit signal"). This commit was found by doing a reverse git
bisect of the upstream kernel (i.e., when did the test stop segfaulting).
+
+ == Regression Potential ==
+ Low. The commit is very small and isolated and the code path is only executed
in special circumstances (and for x86 only). I built a test kernel and ran the
whole set of x86 selftests and perf NMI test for several hours to verify
stability.
+
+ == Test Case ==
+ Run the ldt_gdt_64 x86 selftets from a current upstream kernel source. The
test segfaults consistently.
+
+
+ Original bug description:
+
Trusty 3.13 segfaults when running ldt_gdt_64 from the kernel's x86
selftests.
git bisect revealed that the following commit introduced the issue:
commit aeb315d60afee129d32558f4a4b356eec2e7da7b
Author: Andy Lutomirski <l...@kernel.org>
Date: Thu Jul 30 14:31:32 2015 -0700
- x86/ldt: Make modify_ldt synchronous
-
- CVE-2017-5754
-
- commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream.
-
- modify_ldt() has questionable locking and does not synchronize
- threads. Improve it: redesign the locking and synchronize all
- threads' LDTs using an IPI on all modifications.
-
- This will dramatically slow down modify_ldt in multithreaded
- programs, but there shouldn't be any multithreaded programs that
- care about modify_ldt's performance in the first place.
-
- This fixes some fallout from the CVE-2015-5157 fixes.
-
- Signed-off-by: Andy Lutomirski <l...@kernel.org>
- Reviewed-by: Borislav Petkov <b...@suse.de>
- Cc: Andrew Cooper <andrew.coop...@citrix.com>
- Cc: Andy Lutomirski <l...@amacapital.net>
- Cc: Boris Ostrovsky <boris.ostrov...@oracle.com>
- Cc: Borislav Petkov <b...@alien8.de>
- Cc: Brian Gerst <brge...@gmail.com>
- Cc: Denys Vlasenko <dvlas...@redhat.com>
- Cc: H. Peter Anvin <h...@zytor.com>
- Cc: Jan Beulich <jbeul...@suse.com>
- Cc: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
- Cc: Linus Torvalds <torva...@linux-foundation.org>
- Cc: Peter Zijlstra <pet...@infradead.org>
- Cc: Sasha Levin <sasha.le...@oracle.com>
- Cc: Steven Rostedt <rost...@goodmis.org>
- Cc: Thomas Gleixner <t...@linutronix.de>
- Link:
http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org
- Signed-off-by: Ingo Molnar <mi...@kernel.org>
- Signed-off-by: Jiri Slaby <jsl...@suse.cz>
- (cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c)
- Signed-off-by: Juerg Haefliger <juerg.haefli...@canonical.com>
- Signed-off-by: Stefan Bader <stefan.ba...@canonical.com>
+ x86/ldt: Make modify_ldt synchronous
+
+ CVE-2017-5754
+
+ commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream.
+
+ modify_ldt() has questionable locking and does not synchronize
+ threads. Improve it: redesign the locking and synchronize all
+ threads' LDTs using an IPI on all modifications.
+
+ This will dramatically slow down modify_ldt in multithreaded
+ programs, but there shouldn't be any multithreaded programs that
+ care about modify_ldt's performance in the first place.
+
+ This fixes some fallout from the CVE-2015-5157 fixes.
+
+ Signed-off-by: Andy Lutomirski <l...@kernel.org>
+ Reviewed-by: Borislav Petkov <b...@suse.de>
+ Cc: Andrew Cooper <andrew.coop...@citrix.com>
+ Cc: Andy Lutomirski <l...@amacapital.net>
+ Cc: Boris Ostrovsky <boris.ostrov...@oracle.com>
+ Cc: Borislav Petkov <b...@alien8.de>
+ Cc: Brian Gerst <brge...@gmail.com>
+ Cc: Denys Vlasenko <dvlas...@redhat.com>
+ Cc: H. Peter Anvin <h...@zytor.com>
+ Cc: Jan Beulich <jbeul...@suse.com>
+ Cc: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
+ Cc: Linus Torvalds <torva...@linux-foundation.org>
+ Cc: Peter Zijlstra <pet...@infradead.org>
+ Cc: Sasha Levin <sasha.le...@oracle.com>
+ Cc: Steven Rostedt <rost...@goodmis.org>
+ Cc: Thomas Gleixner <t...@linutronix.de>
+ Link:
http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org
+ Signed-off-by: Ingo Molnar <mi...@kernel.org>
+ Signed-off-by: Jiri Slaby <jsl...@suse.cz>
+ (cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c)
+ Signed-off-by: Juerg Haefliger <juerg.haefli...@canonical.com>
+ Signed-off-by: Stefan Bader <stefan.ba...@canonical.com>
** Description changed:
== SRU Justification ==
The ldt_gdt_64 x86 selftest segfaults with the currently released Trusty 3.13
kernel. The commit that introduced the segfault is aeb315d60afe ("x86/ldt: Make
modify_ldt synchronous").
== Fix ==
Upstream commit 8ff5bd2e1e27 ("x86/signal/64: Fix SS if needed when
delivering a 64-bit signal"). This commit was found by doing a reverse git
bisect of the upstream kernel (i.e., when did the test stop segfaulting).
== Regression Potential ==
Low. The commit is very small and isolated and the code path is only executed
in special circumstances (and for x86 only). I built a test kernel and ran the
whole set of x86 selftests and perf NMI test for several hours to verify
stability.
== Test Case ==
Run the ldt_gdt_64 x86 selftets from a current upstream kernel source. The
test segfaults consistently.
-
Original bug description:
Trusty 3.13 segfaults when running ldt_gdt_64 from the kernel's x86
selftests.
git bisect revealed that the following commit introduced the issue:
commit aeb315d60afee129d32558f4a4b356eec2e7da7b
Author: Andy Lutomirski <l...@kernel.org>
Date: Thu Jul 30 14:31:32 2015 -0700
x86/ldt: Make modify_ldt synchronous
CVE-2017-5754
commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream.
modify_ldt() has questionable locking and does not synchronize
threads. Improve it: redesign the locking and synchronize all
threads' LDTs using an IPI on all modifications.
This will dramatically slow down modify_ldt in multithreaded
programs, but there shouldn't be any multithreaded programs that
care about modify_ldt's performance in the first place.
This fixes some fallout from the CVE-2015-5157 fixes.
Signed-off-by: Andy Lutomirski <l...@kernel.org>
Reviewed-by: Borislav Petkov <b...@suse.de>
Cc: Andrew Cooper <andrew.coop...@citrix.com>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Boris Ostrovsky <boris.ostrov...@oracle.com>
Cc: Borislav Petkov <b...@alien8.de>
Cc: Brian Gerst <brge...@gmail.com>
Cc: Denys Vlasenko <dvlas...@redhat.com>
Cc: H. Peter Anvin <h...@zytor.com>
Cc: Jan Beulich <jbeul...@suse.com>
Cc: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Sasha Levin <sasha.le...@oracle.com>
Cc: Steven Rostedt <rost...@goodmis.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Link:
http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org
Signed-off-by: Ingo Molnar <mi...@kernel.org>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
(cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c)
Signed-off-by: Juerg Haefliger <juerg.haefli...@canonical.com>
Signed-off-by: Stefan Bader <stefan.ba...@canonical.com>
** Description changed:
== SRU Justification ==
The ldt_gdt_64 x86 selftest segfaults with the currently released Trusty 3.13
kernel. The commit that introduced the segfault is aeb315d60afe ("x86/ldt: Make
modify_ldt synchronous").
== Fix ==
Upstream commit 8ff5bd2e1e27 ("x86/signal/64: Fix SS if needed when
delivering a 64-bit signal"). This commit was found by doing a reverse git
bisect of the upstream kernel (i.e., when did the test stop segfaulting).
+ The backport of the commit is a simple context adjustment. The second commit
is a pre-requisite which simply renames some defines (no functional changes).
== Regression Potential ==
Low. The commit is very small and isolated and the code path is only executed
in special circumstances (and for x86 only). I built a test kernel and ran the
whole set of x86 selftests and perf NMI test for several hours to verify
stability.
== Test Case ==
Run the ldt_gdt_64 x86 selftets from a current upstream kernel source. The
test segfaults consistently.
Original bug description:
Trusty 3.13 segfaults when running ldt_gdt_64 from the kernel's x86
selftests.
git bisect revealed that the following commit introduced the issue:
commit aeb315d60afee129d32558f4a4b356eec2e7da7b
Author: Andy Lutomirski <l...@kernel.org>
Date: Thu Jul 30 14:31:32 2015 -0700
x86/ldt: Make modify_ldt synchronous
CVE-2017-5754
commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream.
modify_ldt() has questionable locking and does not synchronize
threads. Improve it: redesign the locking and synchronize all
threads' LDTs using an IPI on all modifications.
This will dramatically slow down modify_ldt in multithreaded
programs, but there shouldn't be any multithreaded programs that
care about modify_ldt's performance in the first place.
This fixes some fallout from the CVE-2015-5157 fixes.
Signed-off-by: Andy Lutomirski <l...@kernel.org>
Reviewed-by: Borislav Petkov <b...@suse.de>
Cc: Andrew Cooper <andrew.coop...@citrix.com>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Boris Ostrovsky <boris.ostrov...@oracle.com>
Cc: Borislav Petkov <b...@alien8.de>
Cc: Brian Gerst <brge...@gmail.com>
Cc: Denys Vlasenko <dvlas...@redhat.com>
Cc: H. Peter Anvin <h...@zytor.com>
Cc: Jan Beulich <jbeul...@suse.com>
Cc: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Sasha Levin <sasha.le...@oracle.com>
Cc: Steven Rostedt <rost...@goodmis.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Link:
http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org
Signed-off-by: Ingo Molnar <mi...@kernel.org>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
(cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c)
Signed-off-by: Juerg Haefliger <juerg.haefli...@canonical.com>
Signed-off-by: Stefan Bader <stefan.ba...@canonical.com>
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755817
Title:
Segmentation fault in ldt_gdt_64
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Trusty:
New
Bug description:
== SRU Justification ==
The ldt_gdt_64 x86 selftest segfaults with the currently released Trusty 3.13
kernel. The commit that introduced the segfault is aeb315d60afe ("x86/ldt: Make
modify_ldt synchronous").
== Fix ==
Upstream commit 8ff5bd2e1e27 ("x86/signal/64: Fix SS if needed when
delivering a 64-bit signal"). This commit was found by doing a reverse git
bisect of the upstream kernel (i.e., when did the test stop segfaulting).
The backport of the commit is a simple context adjustment. The second commit
is a pre-requisite which simply renames some defines (no functional changes).
== Regression Potential ==
Low. The commit is very small and isolated and the code path is only executed
in special circumstances (and for x86 only). I built a test kernel and ran the
whole set of x86 selftests and perf NMI test for several hours to verify
stability.
== Test Case ==
Run the ldt_gdt_64 x86 selftets from a current upstream kernel source. The
test segfaults consistently.
Original bug description:
Trusty 3.13 segfaults when running ldt_gdt_64 from the kernel's x86
selftests.
git bisect revealed that the following commit introduced the issue:
commit aeb315d60afee129d32558f4a4b356eec2e7da7b
Author: Andy Lutomirski <l...@kernel.org>
Date: Thu Jul 30 14:31:32 2015 -0700
x86/ldt: Make modify_ldt synchronous
CVE-2017-5754
commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream.
modify_ldt() has questionable locking and does not synchronize
threads. Improve it: redesign the locking and synchronize all
threads' LDTs using an IPI on all modifications.
This will dramatically slow down modify_ldt in multithreaded
programs, but there shouldn't be any multithreaded programs that
care about modify_ldt's performance in the first place.
This fixes some fallout from the CVE-2015-5157 fixes.
Signed-off-by: Andy Lutomirski <l...@kernel.org>
Reviewed-by: Borislav Petkov <b...@suse.de>
Cc: Andrew Cooper <andrew.coop...@citrix.com>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Boris Ostrovsky <boris.ostrov...@oracle.com>
Cc: Borislav Petkov <b...@alien8.de>
Cc: Brian Gerst <brge...@gmail.com>
Cc: Denys Vlasenko <dvlas...@redhat.com>
Cc: H. Peter Anvin <h...@zytor.com>
Cc: Jan Beulich <jbeul...@suse.com>
Cc: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Sasha Levin <sasha.le...@oracle.com>
Cc: Steven Rostedt <rost...@goodmis.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Link:
http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org
Signed-off-by: Ingo Molnar <mi...@kernel.org>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
(cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c)
Signed-off-by: Juerg Haefliger <juerg.haefli...@canonical.com>
Signed-off-by: Stefan Bader <stefan.ba...@canonical.com>
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
