from:"Sedat Dilek"

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

2024-12-24 Thread Sedat Dilek

On Sun, Dec 22, 2024 at 11:37 AM Sedat Dilek  wrote:
>
> On Sat, Dec 21, 2024 at 10:31 PM Andrew Cooper
>  wrote:
> >
> > On 21/12/2024 6:25 pm, Sedat Dilek wrote:
> > > With...
> > >
> > > dileks@iniza:~/src/xtf/git$ mv tests/xsa-454 ../
> > > dileks@iniza:~/src/xtf/git$ mv tests/xsa-consoleio-write ../
> >
> > That's completely bizzare.   There's nothing interestingly different
> > with those two tests vs the others.
> >
> > I take it the crash is repeatable when using either of these?
> >
> > ~Andrew
>
> This time I stopped SDDM and thus KDE-6/Wayland session.
>
> Tested with Debian's officially 6.12.6-amd64 kernel in VT-3.
>
> test-hvm32pae-xsa-consoleio-write SUCCESS <--- 1st time I tried, never
> said this is not OK
>
> test-hvm64-xsa-454 leads to FROZEN system and DATA LOSS (here: ext4).
> Reproducibly as told many times.- in Debian and selfmade kernels version 
> 6.12.6.
>
> Stolen from the picture I took with my smartphone:
>
> sudo ./xft-runner test-hvm64-xsa-454
>
> Executing 'xl create -p tests/xsa-454/test-hvm64-xsa-454.cfg'
> Executing 'xl console test-hvm64-xsa-454'
> Executing 'xl unpause test-hvm64-xsa-454'
>
> ^^ System does NOT react!
>
> I can send you the picture on request.
>
> -Sedat-

[ CC 1091...@bugs.debian.org ]

I upgraded to Xen version 4.19.1 in Debian/unstable AMD64.

# xl info | egrep 'release|version|commandline|caps'
release: 6.12.6-amd64
version: #1 SMP PREEMPT_DYNAMIC Debian 6.12.6-1 (2024-12-21)
hw_caps:
bfebfbff:17bae3bf:28100800:0001:0001:::0100
virt_caps  : pv hvm hap shadow gnttab-v1 gnttab-v2
xen_version: 4.19.1
xen_caps   : xen-3.0-x86_64 hvm-3.0-x86_32 hvm-3.0-x86_32p
hvm-3.0-x86_64
xen_commandline: placeholder

dileks@iniza:~/src/xtf/git$ sudo ./xtf-runner --host test-hvm64-xsa-454
Executing 'xl create -p tests/xsa-454/test-hvm64-xsa-454.cfg'
Executing 'xl console test-hvm64-xsa-454'
Executing 'xl unpause test-hvm64-xsa-454'
--- Xen Test Framework ---
Environment: HVM 64bit (Long mode 4 levels)
XSA-454 PoC
Success: Not vulnerable to XSA-454
Test result: SUCCESS

Combined test results:
test-hvm64-xsa-454   SUCCESS

root@iniza:~# LC_ALL=C ll /var/log/xen/*xsa-454*.log
-rw-r--r-- 1 root adm 232 Dec 24 17:11
/var/log/xen/qemu-dm-test-hvm64-xsa-454.log
-rw-r--r-- 1 root adm 232 Dec 24 17:11 /var/log/xen/xl-test-hvm64-xsa-454.log

root@iniza:~# cat /var/log/xen/qemu-dm-test-hvm64-xsa-454.log
VNC server running on 127.0.0.1:5900
xen-qemu-system-i386: failed to create 'console' device '0': declining
to handle console type 'xenconsoled'
xen-qemu-system-i386: terminating on signal 1 from pid 6302
(/usr/lib/xen-4.19/bin/xl)

root@iniza:~# cat /var/log/xen/xl-test-hvm64-xsa-454.log
Waiting for domain test-hvm64-xsa-454 (domid 144) to die [pid 6302]
Domain 144 has shut down, reason code 0 0x0
Action for shutdown reason code 0 is destroy
Domain 144 needs to be cleaned up: destroying the domain
Done. Exiting now

Due to Debian-Bug #1091360 ("qemu-system-xen: Build against libxen-dev
version 4.19.1-1") I am not able to do the full XFT tests.

-Sedat-

Link: https://bugs.debian.org/1091360

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

2024-12-21 Thread Sedat Dilek

On Sat, Dec 21, 2024 at 7:17 PM Sedat Dilek  wrote:
>
> On Fri, Dec 20, 2024 at 2:39 AM Andrew Cooper  
> wrote:
> >
> > On 20/12/2024 12:27 am, Sedat Dilek wrote:
> > > On Fri, Dec 20, 2024 at 12:26 AM Andrew Cooper
> > >  wrote:
> > >> On 19/12/2024 11:10 pm, Sedat Dilek wrote:
> > >>> On Thu, Dec 19, 2024 at 6:07 PM Sedat Dilek  
> > >>> wrote:
> > >>>> On Thu, Dec 19, 2024 at 5:44 PM Andrew Cooper 
> > >>>>  wrote:
> > >>>>> On 19/12/2024 4:14 pm, Sedat Dilek wrote:
> > >>>>>> Hi,
> > >>>>>>
> > >>>>>> Linux v6.12.6 will include XEN CVE fixes from mainline.
> > >>>>>>
> > >>>>>> Here, I use Debian/unstable AMD64 and the SLIM LLVM toolchain 19.1.x
> > >>>>>> from kernel.org.
> > >>>>>>
> > >>>>>> What does it mean in ISSUE DESCRIPTION...
> > >>>>>>
> > >>>>>> Furthermore, the hypercall page has no provision for Control-flow
> > >>>>>> Integrity schemes (e.g. kCFI/CET-IBT/FineIBT), and will simply
> > >>>>>> malfunction in such configurations.
> > >>>>>>
> > >>>>>> ...when someone uses Clang-kCFI?
> > >>>>> The hypercall page has functions of the form:
> > >>>>>
> > >>>>> MOV $x, %eax
> > >>>>> VMCALL / VMMCALL / SYSCALL
> > >>>>> RET
> > >>>>>
> > >>>>> There are no ENDBR instructions, and no prologue/epilogue for 
> > >>>>> hash-based
> > >>>>> CFI schemes.
> > >>>>>
> > >>>>> This is because it's code provided by Xen, not code provided by Linux.
> > >>>>>
> > >>>>> The absence of ENDBR instructions will yield #CP when CET-IBT is 
> > >>>>> active,
> > >>>>> and the absence of hash prologue/epilogue lets the function be used 
> > >>>>> in a
> > >>>>> type-confused manor that CFI should have caught.
> > >>>>>
> > >>>>> ~Andrew
> > >>>> Thanks for the technical explanation, Andrew.
> > >>>>
> > >>>> Hope that helps the folks of "CLANG CONTROL FLOW INTEGRITY SUPPORT".
> > >>>>
> > >>>> I am not an active user of XEN in the Linux-kernel but I am willing to
> > >>>> test when Linux v6.12.6 is officially released and give feedback.
> > >>>>
> > >>> https://wiki.xenproject.org/wiki/Testing_Xen#Presence_test
> > >>> https://wiki.xenproject.org/wiki/Testing_Xen#Commands_for_presence_testing
> > >>>
> > >>> # apt install -t unstable xen-utils-4.17 -y
> > >>>
> > >>> # xl list
> > >>> NameID   Mem VCPUs  State   
> > >>> Time(s)
> > >>> Domain-0 0  7872 4 r-   
> > >>>   398.2
> > >>>
> > >>> Some basic tests LGTM - see also attached stuff.
> > >>>
> > >>> If you have any tests to recommend, let me know.
> > >> That itself is good enough as a smoke test.  Thankyou for trying it out.
> > >>
> > >> If you want something a bit more thorough, try
> > >> https://xenbits.xen.org/docs/xtf/  (Xen's self-tests)
> > >>
> > >> Grab and build it, and `./xtf-runner -aqq --host` will run a variety of
> > >> extra codepaths in dom0, without the effort of making/running full 
> > >> guests.
> > >>
> > >> ~Andrew
> > > Run on Debian 6.12.5 and my selfmade 6.12.5 and 6.12.6.
> > > All tests lead to a reboot in case of Debian or in my kernels to a 
> > > shutdown.
> > >
> > > Can you recommend a specific test?
> >
> > Oh, that's distinctly less good.
> >
> > Start with just "example".  It's literally a hello world microkernel,
> > but the symptoms you're seeing is a dom0 crash, so it will likely
> > provoke it.
> >
> > Do you have serial to the machine?  If so, boot Xen with `console=com1
> > com1=115200,8n1` (or com2, as appropriate).
> >
> > If not and you've only

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

2024-12-21 Thread Sedat Dilek

On Fri, Dec 20, 2024 at 2:39 AM Andrew Cooper  wrote:
>
> On 20/12/2024 12:27 am, Sedat Dilek wrote:
> > On Fri, Dec 20, 2024 at 12:26 AM Andrew Cooper
> >  wrote:
> >> On 19/12/2024 11:10 pm, Sedat Dilek wrote:
> >>> On Thu, Dec 19, 2024 at 6:07 PM Sedat Dilek  wrote:
> >>>> On Thu, Dec 19, 2024 at 5:44 PM Andrew Cooper 
> >>>>  wrote:
> >>>>> On 19/12/2024 4:14 pm, Sedat Dilek wrote:
> >>>>>> Hi,
> >>>>>>
> >>>>>> Linux v6.12.6 will include XEN CVE fixes from mainline.
> >>>>>>
> >>>>>> Here, I use Debian/unstable AMD64 and the SLIM LLVM toolchain 19.1.x
> >>>>>> from kernel.org.
> >>>>>>
> >>>>>> What does it mean in ISSUE DESCRIPTION...
> >>>>>>
> >>>>>> Furthermore, the hypercall page has no provision for Control-flow
> >>>>>> Integrity schemes (e.g. kCFI/CET-IBT/FineIBT), and will simply
> >>>>>> malfunction in such configurations.
> >>>>>>
> >>>>>> ...when someone uses Clang-kCFI?
> >>>>> The hypercall page has functions of the form:
> >>>>>
> >>>>> MOV $x, %eax
> >>>>> VMCALL / VMMCALL / SYSCALL
> >>>>> RET
> >>>>>
> >>>>> There are no ENDBR instructions, and no prologue/epilogue for hash-based
> >>>>> CFI schemes.
> >>>>>
> >>>>> This is because it's code provided by Xen, not code provided by Linux.
> >>>>>
> >>>>> The absence of ENDBR instructions will yield #CP when CET-IBT is active,
> >>>>> and the absence of hash prologue/epilogue lets the function be used in a
> >>>>> type-confused manor that CFI should have caught.
> >>>>>
> >>>>> ~Andrew
> >>>> Thanks for the technical explanation, Andrew.
> >>>>
> >>>> Hope that helps the folks of "CLANG CONTROL FLOW INTEGRITY SUPPORT".
> >>>>
> >>>> I am not an active user of XEN in the Linux-kernel but I am willing to
> >>>> test when Linux v6.12.6 is officially released and give feedback.
> >>>>
> >>> https://wiki.xenproject.org/wiki/Testing_Xen#Presence_test
> >>> https://wiki.xenproject.org/wiki/Testing_Xen#Commands_for_presence_testing
> >>>
> >>> # apt install -t unstable xen-utils-4.17 -y
> >>>
> >>> # xl list
> >>> NameID   Mem VCPUs  State   
> >>> Time(s)
> >>> Domain-0 0  7872 4 r- 
> >>> 398.2
> >>>
> >>> Some basic tests LGTM - see also attached stuff.
> >>>
> >>> If you have any tests to recommend, let me know.
> >> That itself is good enough as a smoke test.  Thankyou for trying it out.
> >>
> >> If you want something a bit more thorough, try
> >> https://xenbits.xen.org/docs/xtf/  (Xen's self-tests)
> >>
> >> Grab and build it, and `./xtf-runner -aqq --host` will run a variety of
> >> extra codepaths in dom0, without the effort of making/running full guests.
> >>
> >> ~Andrew
> > Run on Debian 6.12.5 and my selfmade 6.12.5 and 6.12.6.
> > All tests lead to a reboot in case of Debian or in my kernels to a shutdown.
> >
> > Can you recommend a specific test?
>
> Oh, that's distinctly less good.
>
> Start with just "example".  It's literally a hello world microkernel,
> but the symptoms you're seeing is a dom0 crash, so it will likely
> provoke it.
>
> Do you have serial to the machine?  If so, boot Xen with `console=com1
> com1=115200,8n1` (or com2, as appropriate).
>
> If not and you've only got a regular screen, boot Xen with `vga=,keep
> noreboot` (comma is important) which might leave enough information on
> screen to get an idea of what's going on.
>
> Full command line docs at
> https://xenbits.xen.org/docs/unstable/misc/xen-command-line.html
>
> > dileks@iniza:~/src/xtf/git$ sudo ./xtf-runner --list functional xsa | grep 
> > xsa-4
> > test-pv64-xsa-444
> > test-hvm64-xsa-451
> > test-hvm64-xsa-454
> >
> > Is there no xsa-466 test?
>
> No.  XSA-466 is really "well don't do that then if it matters".
>
> More generally, not

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

2024-12-21 Thread Sedat Dilek

On Fri, Dec 20, 2024 at 2:39 AM Andrew Cooper  wrote:
>
> On 20/12/2024 12:27 am, Sedat Dilek wrote:
> > On Fri, Dec 20, 2024 at 12:26 AM Andrew Cooper
> >  wrote:
> >> On 19/12/2024 11:10 pm, Sedat Dilek wrote:
> >>> On Thu, Dec 19, 2024 at 6:07 PM Sedat Dilek  wrote:
> >>>> On Thu, Dec 19, 2024 at 5:44 PM Andrew Cooper 
> >>>>  wrote:
> >>>>> On 19/12/2024 4:14 pm, Sedat Dilek wrote:
> >>>>>> Hi,
> >>>>>>
> >>>>>> Linux v6.12.6 will include XEN CVE fixes from mainline.
> >>>>>>
> >>>>>> Here, I use Debian/unstable AMD64 and the SLIM LLVM toolchain 19.1.x
> >>>>>> from kernel.org.
> >>>>>>
> >>>>>> What does it mean in ISSUE DESCRIPTION...
> >>>>>>
> >>>>>> Furthermore, the hypercall page has no provision for Control-flow
> >>>>>> Integrity schemes (e.g. kCFI/CET-IBT/FineIBT), and will simply
> >>>>>> malfunction in such configurations.
> >>>>>>
> >>>>>> ...when someone uses Clang-kCFI?
> >>>>> The hypercall page has functions of the form:
> >>>>>
> >>>>> MOV $x, %eax
> >>>>> VMCALL / VMMCALL / SYSCALL
> >>>>> RET
> >>>>>
> >>>>> There are no ENDBR instructions, and no prologue/epilogue for hash-based
> >>>>> CFI schemes.
> >>>>>
> >>>>> This is because it's code provided by Xen, not code provided by Linux.
> >>>>>
> >>>>> The absence of ENDBR instructions will yield #CP when CET-IBT is active,
> >>>>> and the absence of hash prologue/epilogue lets the function be used in a
> >>>>> type-confused manor that CFI should have caught.
> >>>>>
> >>>>> ~Andrew
> >>>> Thanks for the technical explanation, Andrew.
> >>>>
> >>>> Hope that helps the folks of "CLANG CONTROL FLOW INTEGRITY SUPPORT".
> >>>>
> >>>> I am not an active user of XEN in the Linux-kernel but I am willing to
> >>>> test when Linux v6.12.6 is officially released and give feedback.
> >>>>
> >>> https://wiki.xenproject.org/wiki/Testing_Xen#Presence_test
> >>> https://wiki.xenproject.org/wiki/Testing_Xen#Commands_for_presence_testing
> >>>
> >>> # apt install -t unstable xen-utils-4.17 -y
> >>>
> >>> # xl list
> >>> NameID   Mem VCPUs  State   
> >>> Time(s)
> >>> Domain-0 0  7872 4 r- 
> >>> 398.2
> >>>
> >>> Some basic tests LGTM - see also attached stuff.
> >>>
> >>> If you have any tests to recommend, let me know.
> >> That itself is good enough as a smoke test.  Thankyou for trying it out.
> >>
> >> If you want something a bit more thorough, try
> >> https://xenbits.xen.org/docs/xtf/  (Xen's self-tests)
> >>
> >> Grab and build it, and `./xtf-runner -aqq --host` will run a variety of
> >> extra codepaths in dom0, without the effort of making/running full guests.
> >>
> >> ~Andrew
> > Run on Debian 6.12.5 and my selfmade 6.12.5 and 6.12.6.
> > All tests lead to a reboot in case of Debian or in my kernels to a shutdown.
> >
> > Can you recommend a specific test?
>
> Oh, that's distinctly less good.
>
> Start with just "example".  It's literally a hello world microkernel,
> but the symptoms you're seeing is a dom0 crash, so it will likely
> provoke it.
>
> Do you have serial to the machine?  If so, boot Xen with `console=com1
> com1=115200,8n1` (or com2, as appropriate).
>
> If not and you've only got a regular screen, boot Xen with `vga=,keep
> noreboot` (comma is important) which might leave enough information on
> screen to get an idea of what's going on.
>

YES

# xl info | grep xen_commandline
xen_commandline: placeholder vga=,keep noreboot

> Full command line docs at
> https://xenbits.xen.org/docs/unstable/misc/xen-command-line.html
>
> > dileks@iniza:~/src/xtf/git$ sudo ./xtf-runner --list functional xsa | grep 
> > xsa-4
> > test-pv64-xsa-444
> > test-hvm64-xsa-451
> > test-hvm64-xsa-454
> >
> > Is there no xsa-466 test?
>
> No.  XSA-466 is

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

2024-12-21 Thread Sedat Dilek

Run all SUCCESS tests on my selfmade kernel.

# xl info | egrep 'release|version|commandline|caps'
release: 6.12.6-1-amd64-clang19-kcfi
version: #1~trixie+dileks SMP PREEMPT_DYNAMIC 2024-12-19
hw_caps:
bfebfbff:17bae3bf:28100800:0001:0001:::0100
virt_caps  : pv hvm hap shadow gnttab-v1 gnttab-v2
xen_version: 4.17.4-pre
xen_caps   : xen-3.0-x86_64 hvm-3.0-x86_32 hvm-3.0-x86_32p
hvm-3.0-x86_64
xen_commandline: placeholder vga=,keep noreboot

dileks@iniza:~/src/xtf/git$ sudo ./xtf-runner --host $( grep SUCCESS
../TESTS-SUCCESS | awk '{ print $1 }' )
...
Combined test results:
test-hvm32-invlpg~hapSUCCESS
test-hvm32-invlpg~shadow SUCCESS
test-hvm32pae-invlpg~hap SUCCESS
test-hvm32pae-invlpg~shadow  SUCCESS
test-hvm64-invlpg~hapSUCCESS
test-hvm64-invlpg~shadow SUCCESS
test-hvm64-lbr-tsx-vmentry   SUCCESS
test-hvm32-livepatch-priv-check  SUCCESS
test-hvm64-livepatch-priv-check  SUCCESS
test-pv64-livepatch-priv-check   SUCCESS
test-hvm32-lm-ts SUCCESS
test-hvm64-lm-ts SUCCESS
test-hvm32pae-memop-seg  SUCCESS
test-hvm64-memop-seg SUCCESS
test-pv64-memop-seg  SUCCESS
test-hvm32pae-nmi-taskswitch-privSUCCESS
test-pv64-pv-iopl~hypercall  SUCCESS
test-pv64-pv-iopl~vmassist   SUCCESS
test-hvm32-xsa-122   SUCCESS
test-hvm32pae-xsa-122SUCCESS
test-hvm32pse-xsa-122SUCCESS
test-hvm64-xsa-122   SUCCESS
test-pv64-xsa-122SUCCESS
test-hvm64-xsa-168~shadowSUCCESS
test-hvm64-xsa-173~shadowSUCCESS
test-pv64-xsa-182SUCCESS
test-hvm32-xsa-188   SUCCESS
test-hvm32pae-xsa-188SUCCESS
test-hvm32pse-xsa-188SUCCESS
test-hvm64-xsa-188   SUCCESS
test-pv64-xsa-188SUCCESS
test-hvm32-xsa-192   SUCCESS
test-pv64-xsa-193SUCCESS
test-hvm64-xsa-195   SUCCESS
test-pv64-xsa-212SUCCESS
test-pv64-xsa-213SUCCESS
test-hvm64-xsa-221   SUCCESS
test-pv64-xsa-221SUCCESS
test-pv64-xsa-224SUCCESS
test-pv64-xsa-227SUCCESS
test-hvm64-xsa-231   SUCCESS
test-pv64-xsa-231SUCCESS
test-hvm64-xsa-232   SUCCESS
test-pv64-xsa-232SUCCESS
test-pv64-xsa-234SUCCESS
test-hvm32-xsa-239   SUCCESS
test-pv64-xsa-255SUCCESS
test-pv64-xsa-259SUCCESS
test-pv64-xsa-260SUCCESS
test-hvm64-xsa-261   SUCCESS
test-pv64-xsa-265SUCCESS
test-hvm64-xsa-269   SUCCESS
test-hvm64-xsa-277   SUCCESS
test-hvm64-xsa-278   SUCCESS
test-pv64-xsa-279SUCCESS
test-pv64-xsa-286SUCCESS
test-pv64-xsa-296SUCCESS
test-pv64-xsa-298SUCCESS
test-hvm64-xsa-304   SUCCESS
test-hvm64-xsa-308   SUCCESS
test-pv64-xsa-316SUCCESS
test-hvm32-xsa-317   SUCCESS
test-hvm32pae-xsa-317SUCCESS
test-hvm32pse-xsa-317SUCCESS
test-hvm64-xsa-317   SUCCESS
test-pv64-xsa-317SUCCESS
test-pv64-xsa-333SUCCESS
test-pv64-xsa-339SUCCESS

No CFI related stuff in dmesg seen after running XFT tests.

Best regards,
-Sedat-

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

2024-12-22 Thread Sedat Dilek

On Sat, Dec 21, 2024 at 10:31 PM Andrew Cooper
 wrote:
>
> On 21/12/2024 6:25 pm, Sedat Dilek wrote:
> > With...
> >
> > dileks@iniza:~/src/xtf/git$ mv tests/xsa-454 ../
> > dileks@iniza:~/src/xtf/git$ mv tests/xsa-consoleio-write ../
>
> That's completely bizzare.   There's nothing interestingly different
> with those two tests vs the others.
>
> I take it the crash is repeatable when using either of these?
>
> ~Andrew

This time I stopped SDDM and thus KDE-6/Wayland session.

Tested with Debian's officially 6.12.6-amd64 kernel in VT-3.

test-hvm32pae-xsa-consoleio-write SUCCESS <--- 1st time I tried, never
said this is not OK

test-hvm64-xsa-454 leads to FROZEN system and DATA LOSS (here: ext4).
Reproducibly as told many times.- in Debian and selfmade kernels version 6.12.6.

Stolen from the picture I took with my smartphone:

sudo ./xft-runner test-hvm64-xsa-454

Executing 'xl create -p tests/xsa-454/test-hvm64-xsa-454.cfg'
Executing 'xl console test-hvm64-xsa-454'
Executing 'xl unpause test-hvm64-xsa-454'

^^ System does NOT react!

I can send you the picture on request.

-Sedat-

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

2024-12-24 Thread Sedat Dilek

On Tue, Dec 24, 2024 at 5:23 PM Sedat Dilek  wrote:
>
> On Sun, Dec 22, 2024 at 11:37 AM Sedat Dilek  wrote:
> >
> > On Sat, Dec 21, 2024 at 10:31 PM Andrew Cooper
> >  wrote:
> > >
> > > On 21/12/2024 6:25 pm, Sedat Dilek wrote:
> > > > With...
> > > >
> > > > dileks@iniza:~/src/xtf/git$ mv tests/xsa-454 ../
> > > > dileks@iniza:~/src/xtf/git$ mv tests/xsa-consoleio-write ../
> > >
> > > That's completely bizzare.   There's nothing interestingly different
> > > with those two tests vs the others.
> > >
> > > I take it the crash is repeatable when using either of these?
> > >
> > > ~Andrew
> >
> > This time I stopped SDDM and thus KDE-6/Wayland session.
> >
> > Tested with Debian's officially 6.12.6-amd64 kernel in VT-3.
> >
> > test-hvm32pae-xsa-consoleio-write SUCCESS <--- 1st time I tried, never
> > said this is not OK
> >
> > test-hvm64-xsa-454 leads to FROZEN system and DATA LOSS (here: ext4).
> > Reproducibly as told many times.- in Debian and selfmade kernels version 
> > 6.12.6.
> >
> > Stolen from the picture I took with my smartphone:
> >
> > sudo ./xft-runner test-hvm64-xsa-454
> >
> > Executing 'xl create -p tests/xsa-454/test-hvm64-xsa-454.cfg'
> > Executing 'xl console test-hvm64-xsa-454'
> > Executing 'xl unpause test-hvm64-xsa-454'
> >
> > ^^ System does NOT react!
> >
> > I can send you the picture on request.
> >
> > -Sedat-
>
> [ CC 1091...@bugs.debian.org ]
>
> I upgraded to Xen version 4.19.1 in Debian/unstable AMD64.
>
> # xl info | egrep 'release|version|commandline|caps'
> release: 6.12.6-amd64
> version: #1 SMP PREEMPT_DYNAMIC Debian 6.12.6-1 (2024-12-21)
> hw_caps:
> bfebfbff:17bae3bf:28100800:0001:0001:::0100
> virt_caps  : pv hvm hap shadow gnttab-v1 gnttab-v2
> xen_version: 4.19.1
> xen_caps   : xen-3.0-x86_64 hvm-3.0-x86_32 hvm-3.0-x86_32p
> hvm-3.0-x86_64
> xen_commandline: placeholder
>
> dileks@iniza:~/src/xtf/git$ sudo ./xtf-runner --host test-hvm64-xsa-454
> Executing 'xl create -p tests/xsa-454/test-hvm64-xsa-454.cfg'
> Executing 'xl console test-hvm64-xsa-454'
> Executing 'xl unpause test-hvm64-xsa-454'
> --- Xen Test Framework ---
> Environment: HVM 64bit (Long mode 4 levels)
> XSA-454 PoC
> Success: Not vulnerable to XSA-454
> Test result: SUCCESS
>
> Combined test results:
> test-hvm64-xsa-454   SUCCESS
>
> root@iniza:~# LC_ALL=C ll /var/log/xen/*xsa-454*.log
> -rw-r--r-- 1 root adm 232 Dec 24 17:11
> /var/log/xen/qemu-dm-test-hvm64-xsa-454.log
> -rw-r--r-- 1 root adm 232 Dec 24 17:11 /var/log/xen/xl-test-hvm64-xsa-454.log
>
> root@iniza:~# cat /var/log/xen/qemu-dm-test-hvm64-xsa-454.log
> VNC server running on 127.0.0.1:5900
> xen-qemu-system-i386: failed to create 'console' device '0': declining
> to handle console type 'xenconsoled'
> xen-qemu-system-i386: terminating on signal 1 from pid 6302
> (/usr/lib/xen-4.19/bin/xl)
>
> root@iniza:~# cat /var/log/xen/xl-test-hvm64-xsa-454.log
> Waiting for domain test-hvm64-xsa-454 (domid 144) to die [pid 6302]
> Domain 144 has shut down, reason code 0 0x0
> Action for shutdown reason code 0 is destroy
> Domain 144 needs to be cleaned up: destroying the domain
> Done. Exiting now
>
> Due to Debian-Bug #1091360 ("qemu-system-xen: Build against libxen-dev
> version 4.19.1-1") I am not able to do the full XFT tests.
>
> -Sedat-
>
> Link: https://bugs.debian.org/1091360

With NEW qemu-system-xen/unstable (1:9.2.0+ds-3) both 6.12.6 kernel -
Debian and selfmade run with SUCCESS.

Nothing scary in dmesg-log.

Happy XMAS,
-Sedat-
# cat /proc/version 
Linux version 6.12.6-1-amd64-clang19-kcfi (sedat.di...@gmail.com@iniza) 
(ClangBuiltLinux clang version 19.1.6 (https://github.com/llvm/llvm-project.git 
e21dc4bd5474d04b8e62d7331362edcc5648d7e5), ClangBuiltLinux LLD 19.1.6 
(https://github.com/llvm/llvm-project.git 
e21dc4bd5474d04b8e62d7331362edcc5648d7e5)) #1~trixie+dileks SMP PREEMPT_DYNAMIC 
2024-12-19

# LC_ALL=C dmesg -T | grep kCFI
[Tue Dec 24 22:34:51 2024] SMP alternatives: Using kCFI

# xl info | egrep 'release|version|commandline|caps'
release: 6.12.6-1-amd64-clang19-kcfi
version: #1~trixie+dileks SMP PREEMPT_DYNAMIC 2024-12-19
hw_caps: 
bfebfbff:17bae3bf:28100800:0001:0001:::0100
virt_caps  : pv hvm

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

Re: [Linux-6.12.y] XEN: CVE-2024-53241 / XSA-466 and Clang-kCFI

7 matches

Site Navigation

Mail list logo

Footer information