1. 17 Nov, 2010 4 commits
    • Avi Kivity's avatar
      KVM: VMX: Fix host userspace gsbase corruption · c8770e7b
      Avi Kivity authored
      We now use load_gs_index() to load gs safely; unfortunately this also
      changes MSR_KERNEL_GS_BASE, which we managed separately.  This resulted
      in confusion and breakage running 32-bit host userspace on a 64-bit kernel.
      
      Fix by
      - saving guest MSR_KERNEL_GS_BASE before we we reload the host's gs
      - doing the host save/load unconditionally, instead of only when in guest
        long mode
      
      Things can be cleaned up further, but this is the minmal fix for now.
      Signed-off-by: default avatarAvi Kivity <avi@redhat.com>
      Signed-off-by: default avatarMarcelo Tosatti <mtosatti@redhat.com>
      c8770e7b
    • Avi Kivity's avatar
      KVM: Correct ordering of ldt reload wrt fs/gs reload · 0a77fe4c
      Avi Kivity authored
      If fs or gs refer to the ldt, they must be reloaded after the ldt.  Reorder
      the code to that effect.
      
      Userspace code that uses the ldt with kvm is nonexistent, so this doesn't fix
      a user-visible bug.
      Signed-off-by: default avatarAvi Kivity <avi@redhat.com>
      Signed-off-by: default avatarMarcelo Tosatti <mtosatti@redhat.com>
      0a77fe4c
    • Marcus Meissner's avatar
      kernel: make /proc/kallsyms mode 400 to reduce ease of attacking · 59365d13
      Marcus Meissner authored
      Making /proc/kallsyms readable only for root by default makes it
      slightly harder for attackers to write generic kernel exploits by
      removing one source of knowledge where things are in the kernel.
      
      This is the second submit, discussion happened on this on first submit
      and mostly concerned that this is just one hole of the sieve ...  but
      one of the bigger ones.
      
      Changing the permissions of at least System.map and vmlinux is also
      required to fix the same set, but a packaging issue.
      
      Target of this starter patch and follow ups is removing any kind of
      kernel space address information leak from the kernel.
      
      [ Side note: the default of root-only reading is the "safe" value, and
        it's easy enough to then override at any time after boot.  The /proc
        filesystem allows root to change the permissions with a regular
        chmod, so you can "revert" this at run-time by simply doing
      
          chmod og+r /proc/kallsyms
      
        as root if you really want regular users to see the kernel symbols.
        It does help some tools like "perf" figure them out without any
        setup, so it may well make sense in some situations.  - Linus ]
      Signed-off-by: default avatarMarcus Meissner <meissner@suse.de>
      Acked-by: default avatarTejun Heo <tj@kernel.org>
      Acked-by: default avatarEugene Teo <eugeneteo@kernel.org>
      Reviewed-by: default avatarJesper Juhl <jj@chaosbits.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      59365d13
    • Linus Torvalds's avatar
      Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6 · 1d663650
      Linus Torvalds authored
      * 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6:
        nfs: Ignore kmemleak false positive in nfs_readdir_make_qstr
        SUNRPC: Simplify rpc_alloc_iostats by removing pointless local variable
        nfs: trivial: remove unused nfs_wait_event macro
        NFS: readdir shouldn't read beyond the reply returned by the server
        NFS: Fix a couple of regressions in readdir.
        Revert "NFSv4: Fall back to ordinary lookup if nfs4_atomic_open() returns EISDIR"
        Regression: fix mounting NFS when NFSv3 support is not compiled
        NLM: Fix a regression in lockd
      1d663650
  2. 16 Nov, 2010 17 commits
  3. 15 Nov, 2010 19 commits