Re: [PATCH 0/3] tcm_vhost fix cmd leak and bad target

On Wed, Apr 10, 2013 at 11:23:08AM +0800, Asias He wrote: Asias He (3): tcm_vhost: Fix tv_cmd leak in vhost_scsi_handle_vq tcm_vhost: Add vhost_scsi_send_bad_target() helper tcm_vhost: Send bad target to guest when cmd fails drivers/vhost/tcm_vhost.c | 44

[PATCH v2 0/4] tcm_vhost fix cmd leak and send bad target

v2: - Fix the order of out and head parameter. Asias He (4): tcm_vhost: Remove double check of response tcm_vhost: Fix tv_cmd leak in vhost_scsi_handle_vq tcm_vhost: Add vhost_scsi_send_bad_target() helper tcm_vhost: Send bad target to guest when cmd fails drivers/vhost/tcm_vhost.c | 53

[PATCH v2 2/4] tcm_vhost: Fix tv_cmd leak in vhost_scsi_handle_vq

If we fail to submit the allocated tv_vmd to tcm_vhost_submission_work, we will leak the tv_vmd. Free tv_vmd on fail path. Signed-off-by: Asias He as...@redhat.com --- drivers/vhost/tcm_vhost.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/vhost/tcm_vhost.c

[PATCH v2 3/4] tcm_vhost: Add vhost_scsi_send_bad_target() helper

Share the send bad target code with other use cases. Signed-off-by: Asias He as...@redhat.com --- drivers/vhost/tcm_vhost.c | 31 ++- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/drivers/vhost/tcm_vhost.c b/drivers/vhost/tcm_vhost.c index

[PATCH v2 4/4] tcm_vhost: Send bad target to guest when cmd fails

Send bad target to guest in case: 1) we can not allocate the cmd 2) fail to submit the cmd Signed-off-by: Asias He as...@redhat.com --- drivers/vhost/tcm_vhost.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/vhost/tcm_vhost.c b/drivers/vhost/tcm_vhost.c

Re: [kernel-hardening] Re: [PATCH] x86: make IDT read-only

* Kees Cook keesc...@chromium.org wrote: That's the area in which we just map 1:1 to memory. Anything allocated with e.g. kmalloc() ends up with those addresses. Ah-ha! Yes, I see now when comparing the debug/kernel_page_tables reports. It's just the High Kernel Mapping that we

Re: [Xen-devel] Readonly GDT

On 10.04.13 at 02:43, H. Peter Anvin h...@zytor.com wrote: OK, thinking about the GDT here. The GDT is quite small -- 256 bytes on i386, 128 bytes on x86-64. As such, we probably don't want to allocate a full page to it for only that. This means that in order to create a readonly mapping

Re: [kernel-hardening] Re: [PATCH] x86: make IDT read-only

* H. Peter Anvin h...@zytor.com wrote: On 04/09/2013 11:22 AM, Kees Cook wrote: Can we create a RO fixed per-cpu area? Fixed and percpu are mutually exclusive... There's a fixmap area that holds kmap_atomic() percpu mappings: FIX_KMAP_BEGIN, /* reserved pte's for temporary

Re: [PATCH] x86: make IDT read-only

* Eric W. Biederman ebied...@xmission.com wrote: H. Peter Anvin h...@zytor.com writes: On 04/08/2013 03:43 PM, Kees Cook wrote: This makes the IDT unconditionally read-only. This primarily removes the IDT from being a target for arbitrary memory write attacks. It has an added benefit

Re: [PATCH] x86: make IDT read-only

Ingo Molnar mi...@kernel.org writes: * Eric W. Biederman ebied...@xmission.com wrote: H. Peter Anvin h...@zytor.com writes: On 04/08/2013 03:43 PM, Kees Cook wrote: This makes the IDT unconditionally read-only. This primarily removes the IDT from being a target for arbitrary memory

Re: [Xen-devel] Readonly GDT

Right... the TSS does get written to during a task switch. Jan Beulich jbeul...@suse.com wrote: On 10.04.13 at 02:43, H. Peter Anvin h...@zytor.com wrote: OK, thinking about the GDT here. The GDT is quite small -- 256 bytes on i386, 128 bytes on x86-64. As such, we probably don't want to

Re: [PATCH] x86: make IDT read-only

On Wed, Apr 10, 2013 at 3:40 AM, Eric W. Biederman ebied...@xmission.com wrote: Ingo Molnar mi...@kernel.org writes: * Eric W. Biederman ebied...@xmission.com wrote: H. Peter Anvin h...@zytor.com writes: On 04/08/2013 03:43 PM, Kees Cook wrote: This makes the IDT unconditionally

Re: [PATCH] x86: make IDT read-only

On 04/10/2013 09:31 AM, Eric Northup wrote: If the effect is measurable I agree it is a legitimate optimization. At one point there was a suggestion to make the code in the IDT vectors differ based on the which interrupt was registed. While that can also reduce cache misses that can get

Re: [Xen-devel] Readonly GDT

On 04/10/2013 02:42 AM, Jan Beulich wrote: However, the packing solution has the advantage of reducing address space consumption which matters on 32 bits: even on i386 we can easily burn a megabyte of address space for 4096 processors, but burning 16 megabytes starts to hurt. Packing

[PATCH v3] x86: use a read-only IDT alias on all CPUs

Make a copy of the IDT (as seen via the sidt instruction) read-only. This primarily removes the IDT from being a target for arbitrary memory write attacks, and has the added benefit of also not leaking the kernel base offset, if it has been relocated. We already did this on vendor == Intel and

Re: [PATCH v2 0/4] tcm_vhost fix cmd leak and send bad target

On Wed, 2013-04-10 at 15:06 +0800, Asias He wrote: v2: - Fix the order of out and head parameter. Asias He (4): tcm_vhost: Remove double check of response tcm_vhost: Fix tv_cmd leak in vhost_scsi_handle_vq tcm_vhost: Add vhost_scsi_send_bad_target() helper tcm_vhost: Send bad