Re: CVE-2017-5754 - ETA?
On 2018-01-12 21:21:06 +0000, Nick wrote:
> It might have aged out of the buffer that dmesg reports on.
No, there's the beginning of the dmesg output:
[ 0.000000] Linux version 4.9.0-5-amd64 (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18) ) #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04)
But I think I've found the reason:
In arch/x86/mm/kaiser.c:
void __init kaiser_check_boottime_disable(void)
{
[...]
if (boot_cpu_has(X86_FEATURE_XENPV))
goto silent_disable;
[...]
disable:
pr_info("disabled\n");
silent_disable:
kaiser_enabled = 0;
setup_clear_cpu_cap(X86_FEATURE_KAISER);
}
I must be in the "silent_disable" case (this is a Xen guest).
It's unfortunate that no-one mentions this case!
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: