** Description changed:
+ == SRU Justification ==
+ The ldt_gdt_64 x86 selftest segfaults with the currently released Trusty 3.13
kernel. The commit that introduced the segfault is aeb315d60afe ("x86/ldt: Make
modify_ldt synchronous").
+
+ == Fix ==
+ Upstream commit 8ff5bd2e1e27 ("x86/signal/64: Fix SS if needed when
delivering a 64-bit signal"). This commit was found by doing a reverse git
bisect of the upstream kernel (i.e., when did the test stop segfaulting).
+
+ == Regression Potential ==
+ Low. The commit is very small and isolated and the code path is only executed
in special circumstances (and for x86 only). I built a test kernel and ran the
whole set of x86 selftests and perf NMI test for several hours to verify
stability.
+
+ == Test Case ==
+ Run the ldt_gdt_64 x86 selftets from a current upstream kernel source. The
test segfaults consistently.
+
+
+ Original bug description:
+
Trusty 3.13 segfaults when running ldt_gdt_64 from the kernel's x86
selftests.
git bisect revealed that the following commit introduced the issue:
commit aeb315d60afee129d32558f4a4b356eec2e7da7b
Author: Andy Lutomirski <[email protected]>
Date: Thu Jul 30 14:31:32 2015 -0700
- x86/ldt: Make modify_ldt synchronous
-
- CVE-2017-5754
-
- commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream.
-
- modify_ldt() has questionable locking and does not synchronize
- threads. Improve it: redesign the locking and synchronize all
- threads' LDTs using an IPI on all modifications.
-
- This will dramatically slow down modify_ldt in multithreaded
- programs, but there shouldn't be any multithreaded programs that
- care about modify_ldt's performance in the first place.
-
- This fixes some fallout from the CVE-2015-5157 fixes.
-
- Signed-off-by: Andy Lutomirski <[email protected]>
- Reviewed-by: Borislav Petkov <[email protected]>
- Cc: Andrew Cooper <[email protected]>
- Cc: Andy Lutomirski <[email protected]>
- Cc: Boris Ostrovsky <[email protected]>
- Cc: Borislav Petkov <[email protected]>
- Cc: Brian Gerst <[email protected]>
- Cc: Denys Vlasenko <[email protected]>
- Cc: H. Peter Anvin <[email protected]>
- Cc: Jan Beulich <[email protected]>
- Cc: Konrad Rzeszutek Wilk <[email protected]>
- Cc: Linus Torvalds <[email protected]>
- Cc: Peter Zijlstra <[email protected]>
- Cc: Sasha Levin <[email protected]>
- Cc: Steven Rostedt <[email protected]>
- Cc: Thomas Gleixner <[email protected]>
- Link:
http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org
- Signed-off-by: Ingo Molnar <[email protected]>
- Signed-off-by: Jiri Slaby <[email protected]>
- (cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c)
- Signed-off-by: Juerg Haefliger <[email protected]>
- Signed-off-by: Stefan Bader <[email protected]>
+ x86/ldt: Make modify_ldt synchronous
+
+ CVE-2017-5754
+
+ commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream.
+
+ modify_ldt() has questionable locking and does not synchronize
+ threads. Improve it: redesign the locking and synchronize all
+ threads' LDTs using an IPI on all modifications.
+
+ This will dramatically slow down modify_ldt in multithreaded
+ programs, but there shouldn't be any multithreaded programs that
+ care about modify_ldt's performance in the first place.
+
+ This fixes some fallout from the CVE-2015-5157 fixes.
+
+ Signed-off-by: Andy Lutomirski <[email protected]>
+ Reviewed-by: Borislav Petkov <[email protected]>
+ Cc: Andrew Cooper <[email protected]>
+ Cc: Andy Lutomirski <[email protected]>
+ Cc: Boris Ostrovsky <[email protected]>
+ Cc: Borislav Petkov <[email protected]>
+ Cc: Brian Gerst <[email protected]>
+ Cc: Denys Vlasenko <[email protected]>
+ Cc: H. Peter Anvin <[email protected]>
+ Cc: Jan Beulich <[email protected]>
+ Cc: Konrad Rzeszutek Wilk <[email protected]>
+ Cc: Linus Torvalds <[email protected]>
+ Cc: Peter Zijlstra <[email protected]>
+ Cc: Sasha Levin <[email protected]>
+ Cc: Steven Rostedt <[email protected]>
+ Cc: Thomas Gleixner <[email protected]>
+ Link:
http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org
+ Signed-off-by: Ingo Molnar <[email protected]>
+ Signed-off-by: Jiri Slaby <[email protected]>
+ (cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c)
+ Signed-off-by: Juerg Haefliger <[email protected]>
+ Signed-off-by: Stefan Bader <[email protected]>
** Description changed:
== SRU Justification ==
The ldt_gdt_64 x86 selftest segfaults with the currently released Trusty 3.13
kernel. The commit that introduced the segfault is aeb315d60afe ("x86/ldt: Make
modify_ldt synchronous").
== Fix ==
Upstream commit 8ff5bd2e1e27 ("x86/signal/64: Fix SS if needed when
delivering a 64-bit signal"). This commit was found by doing a reverse git
bisect of the upstream kernel (i.e., when did the test stop segfaulting).
== Regression Potential ==
Low. The commit is very small and isolated and the code path is only executed
in special circumstances (and for x86 only). I built a test kernel and ran the
whole set of x86 selftests and perf NMI test for several hours to verify
stability.
== Test Case ==
Run the ldt_gdt_64 x86 selftets from a current upstream kernel source. The
test segfaults consistently.
-
Original bug description:
Trusty 3.13 segfaults when running ldt_gdt_64 from the kernel's x86
selftests.
git bisect revealed that the following commit introduced the issue:
commit aeb315d60afee129d32558f4a4b356eec2e7da7b
Author: Andy Lutomirski <[email protected]>
Date: Thu Jul 30 14:31:32 2015 -0700
x86/ldt: Make modify_ldt synchronous
CVE-2017-5754
commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream.
modify_ldt() has questionable locking and does not synchronize
threads. Improve it: redesign the locking and synchronize all
threads' LDTs using an IPI on all modifications.
This will dramatically slow down modify_ldt in multithreaded
programs, but there shouldn't be any multithreaded programs that
care about modify_ldt's performance in the first place.
This fixes some fallout from the CVE-2015-5157 fixes.
Signed-off-by: Andy Lutomirski <[email protected]>
Reviewed-by: Borislav Petkov <[email protected]>
Cc: Andrew Cooper <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Boris Ostrovsky <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: H. Peter Anvin <[email protected]>
Cc: Jan Beulich <[email protected]>
Cc: Konrad Rzeszutek Wilk <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Sasha Levin <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link:
http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org
Signed-off-by: Ingo Molnar <[email protected]>
Signed-off-by: Jiri Slaby <[email protected]>
(cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c)
Signed-off-by: Juerg Haefliger <[email protected]>
Signed-off-by: Stefan Bader <[email protected]>
** Description changed:
== SRU Justification ==
The ldt_gdt_64 x86 selftest segfaults with the currently released Trusty 3.13
kernel. The commit that introduced the segfault is aeb315d60afe ("x86/ldt: Make
modify_ldt synchronous").
== Fix ==
Upstream commit 8ff5bd2e1e27 ("x86/signal/64: Fix SS if needed when
delivering a 64-bit signal"). This commit was found by doing a reverse git
bisect of the upstream kernel (i.e., when did the test stop segfaulting).
+ The backport of the commit is a simple context adjustment. The second commit
is a pre-requisite which simply renames some defines (no functional changes).
== Regression Potential ==
Low. The commit is very small and isolated and the code path is only executed
in special circumstances (and for x86 only). I built a test kernel and ran the
whole set of x86 selftests and perf NMI test for several hours to verify
stability.
== Test Case ==
Run the ldt_gdt_64 x86 selftets from a current upstream kernel source. The
test segfaults consistently.
Original bug description:
Trusty 3.13 segfaults when running ldt_gdt_64 from the kernel's x86
selftests.
git bisect revealed that the following commit introduced the issue:
commit aeb315d60afee129d32558f4a4b356eec2e7da7b
Author: Andy Lutomirski <[email protected]>
Date: Thu Jul 30 14:31:32 2015 -0700
x86/ldt: Make modify_ldt synchronous
CVE-2017-5754
commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream.
modify_ldt() has questionable locking and does not synchronize
threads. Improve it: redesign the locking and synchronize all
threads' LDTs using an IPI on all modifications.
This will dramatically slow down modify_ldt in multithreaded
programs, but there shouldn't be any multithreaded programs that
care about modify_ldt's performance in the first place.
This fixes some fallout from the CVE-2015-5157 fixes.
Signed-off-by: Andy Lutomirski <[email protected]>
Reviewed-by: Borislav Petkov <[email protected]>
Cc: Andrew Cooper <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Boris Ostrovsky <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: H. Peter Anvin <[email protected]>
Cc: Jan Beulich <[email protected]>
Cc: Konrad Rzeszutek Wilk <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Sasha Levin <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link:
http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org
Signed-off-by: Ingo Molnar <[email protected]>
Signed-off-by: Jiri Slaby <[email protected]>
(cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c)
Signed-off-by: Juerg Haefliger <[email protected]>
Signed-off-by: Stefan Bader <[email protected]>
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755817
Title:
Segmentation fault in ldt_gdt_64
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
