[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [CVE-2014-9090] x86_64, traps: Stop using IST for #SS

Hi Willy,

On Fri, Dec 05, 2014 at 02:57:26PM +0100, Willy Tarreau wrote:
> Hi Luis,
> On Fri, Dec 05, 2014 at 01:51:45PM +0000, Luis Henriques wrote:
> > [ Re-sending as I missed some people on the CC list.  Sorry! ]
> > 
> > Following this email I am sending for review the CVE-2014-9090 fix
> > backports for both Lucid (2.6.32) and Precise (3.2.0).
> > 
> > I'm also CC'ing Debian mailing-lists, Moritz, Ben and Willy as these
> > backports could be of interest both to Debian and to the 2.6.32 and
> > 3.2 stable kernels.
> That's really kind. I'm having a kill list of 2.6.32 patches here as
> well that I expect to put into this week-end, including
> this one. We've done several rounds with Andy last night at carefully
> testing all the backports till we got something rock solid. We were
> missing a few fixes in this area some time ago, making it hard to
> merge the fixes properly.

Wow!  That's an impressive list of commits.  Thanks a lot for

Now, are they all really required for fixing CVE-2014-9090?  Or are
they just some other miscellaneous fixes?  Some of them are *really*
frightening :-)

Your backport of commit 6f442be2fb22 ("x86_64, traps: Stop using IST
for #SS") seems to be identical to mine, but I'm unable to confirm
that it is sufficient to fix the security issue.

> I'm attaching the whole list as a tgz. Maybe the last two will not yet
> get in, I'm synchronizing with Greg on this.

Yeah, I remember Andy asking on the stable mailing-list to hold these
two patches for a week or two, so I dropped both from the 3.16 kernel
queue and added them to my TODO :)


> Thanks,
> Willy

Reply to: