Re: [CVE-2014-9090] x86_64, traps: Stop using IST for #SS
Hi Willy,
On Fri, Dec 05, 2014 at 02:57:26PM +0100, Willy Tarreau wrote:
> Hi Luis,
>
> On Fri, Dec 05, 2014 at 01:51:45PM +0000, Luis Henriques wrote:
> > [ Re-sending as I missed some people on the CC list. Sorry! ]
> >
> > Following this email I am sending for review the CVE-2014-9090 fix
> > backports for both Lucid (2.6.32) and Precise (3.2.0).
> >
> > I'm also CC'ing Debian mailing-lists, Moritz, Ben and Willy as these
> > backports could be of interest both to Debian and to the 2.6.32 and
> > 3.2 stable kernels.
>
> That's really kind. I'm having a kill list of 2.6.32 patches here as
> well that I expect to put into 2.6.32.65-rc1 this week-end, including
> this one. We've done several rounds with Andy last night at carefully
> testing all the backports till we got something rock solid. We were
> missing a few fixes in this area some time ago, making it hard to
> merge the fixes properly.
>
Wow! That's an impressive list of commits. Thanks a lot for
sharing.
Now, are they all really required for fixing CVE-2014-9090? Or are
they just some other miscellaneous fixes? Some of them are *really*
frightening :-)
Your backport of commit 6f442be2fb22 ("x86_64, traps: Stop using IST
for #SS") seems to be identical to mine, but I'm unable to confirm
that it is sufficient to fix the security issue.
> I'm attaching the whole list as a tgz. Maybe the last two will not yet
> get in, I'm synchronizing with Greg on this.
>
Yeah, I remember Andy asking on the stable mailing-list to hold these
two patches for a week or two, so I dropped both from the 3.16 kernel
queue and added them to my TODO :)
Cheers,
--
Luís
> Thanks,
> Willy
>
Reply to: