Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Jul 2015 23:12:48 -0700
From: Andy Lutomirski <luto@...capital.net>
To: Josh Boyer <jwboyer@...oraproject.org>
Cc: oss security list <oss-security@...ts.openwall.com>
Subject: Re: Linux x86_64 NMI security issues

On 07/24/2015 07:16 AM, Josh Boyer wrote:
> On Wed, Jul 22, 2015 at 2:12 PM, Andy Lutomirski <luto@...capital.net> wrote:
>> Note: Several of these fixes each depend on a few patches immediately
>> before them.  The NMI stack switching fix also depends on changes made
>> in 4.2 and will appear to apply but crash on older kernels.  I have a
>> different variant that's more portable.
> 
> Given that none of these are going to apply cleanly on older kernels,
> do you have backports available for 4.1.y and the longterm stable
> kernels?
> 

There's this:

https://git.kernel.org/cgit/linux/kernel/git/luto/linux.git/commit/?h=x86/nmi-backport

which is a combined effort of me and Ben Hutchings.  It's not synced up
to the fixes in Linus' tree.

Note that even Linus' tree doesn't have the synchronous modify_ldt fix
yet.  I sent a hopefully final version of that out a few minutes ago.

--Andy

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ