[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2017-5754 - ETA?

On 2018-01-12 21:21:06 +0000, Nick wrote:
> It might have aged out of the buffer that dmesg reports on.

No, there's the beginning of the dmesg output:

[    0.000000] Linux version 4.9.0-5-amd64 (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18) ) #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04)

But I think I've found the reason:

In arch/x86/mm/kaiser.c:

void __init kaiser_check_boottime_disable(void)
        if (boot_cpu_has(X86_FEATURE_XENPV))
                goto silent_disable;

        kaiser_enabled = 0;

I must be in the "silent_disable" case (this is a Xen guest).

It's unfortunate that no-one mentions this case!

Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to: