Web lists-archives.com

Re: CVE-2017-5754 - ETA?




On 2018-01-12 21:21:06 +0000, Nick wrote:
> It might have aged out of the buffer that dmesg reports on.

No, there's the beginning of the dmesg output:

[    0.000000] Linux version 4.9.0-5-amd64 (debian-kernel@xxxxxxxxxxxxxxxx) (gcc version 6.3.0 20170516 (Debian 6.3.0-18) ) #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04)

But I think I've found the reason:

In arch/x86/mm/kaiser.c:

void __init kaiser_check_boottime_disable(void)
{
[...]
        if (boot_cpu_has(X86_FEATURE_XENPV))
                goto silent_disable;
[...]
disable:
        pr_info("disabled\n");

silent_disable:
        kaiser_enabled = 0;
        setup_clear_cpu_cap(X86_FEATURE_KAISER);
}

I must be in the "silent_disable" case (this is a Xen guest).

It's unfortunate that no-one mentions this case!

-- 
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)