Re: CVE-2017-5754 - ETA?
On Fri, 2018-01-12 at 22:40 +0100, Vincent Lefevre wrote:
> On 2018-01-12 21:21:06 +0000, Nick wrote:
> > It might have aged out of the buffer that dmesg reports on.
>
> No, there's the beginning of the dmesg output:
>
> [ 0.000000] Linux version 4.9.0-5-amd64 (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18) ) #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04)
>
> But I think I've found the reason:
>
> In arch/x86/mm/kaiser.c:
>
> void __init kaiser_check_boottime_disable(void)
> {
> [...]
> if (boot_cpu_has(X86_FEATURE_XENPV))
> goto silent_disable;
> [...]
> disable:
> pr_info("disabled\n");
>
> silent_disable:
> kaiser_enabled = 0;
> setup_clear_cpu_cap(X86_FEATURE_KAISER);
> }
>
> I must be in the "silent_disable" case (this is a Xen guest).
>
> It's unfortunate that no-one mentions this case!
Hmm. I have a system running under Xen and get the 'page tables
isolation: enabled' message. Here's what I hope are relevant parts from
dmesg output...
[ 0.000000] Linux version 4.9.0-5-amd64 (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170
516 (Debian 6.3.0-18) ) #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04)
...
[ 0.000000] DMI: Xen HVM domU, BIOS 4.8.1-pre-memset3 06/07/2017
[ 0.000000] Hypervisor detected: Xen
[ 0.000000] Xen version 4.8.
...
[ 0.000000] Booting paravirtualized kernel on Xen HVM
...
[ 0.000000] Kernel/User page tables isolation: enabled
--
Tixy
Reply to: