Friday, June 8th:
>
> * https://sourceforge.net/projects/libseccomp/files
>
> Packages are available for Debian/Ubuntu and Fedora packaging is currently in
> progress.
Gentoo has en ebuild as well. If you hit any snags with the packaging
there or in Debian and Ubuntu, let me know. :)
-Kees
--
Kees Cook
Chrome OS Security
#x27;t immediately help, since threads can race pointer target
contents (i.e. seccomp sees one thing, and then the syscall see
another thing). Having an immutable memory area could help with this
(i.e. some kind of "locked" memory range that holds all the "approved"
argument strings, at which point seccomp could then trust the chased
pointers that land in this range.) Obviously eBPF is a prerequisite to
this, but it isn't the full solution, as far as I understand it.
-Kees
--
Kees Cook
Chrome OS Security
Thanks for preparing the debdiffs! It looks like karmic is vulnerable
too, so we'll need that as well. I'll update the debdiffs to use proper
DEP-3 and fix up the formatting of the changelogs a bit ("CVE-" vs "CVE:
"), and get these building.
** Also affects: libvirt (Ubuntu Karmic)
Importance:
** Changed in: libvirt (Ubuntu Natty)
Importance: High => Undecided
** Changed in: libvirt (Ubuntu Natty)
Assignee: Serge Hallyn (serge-hallyn) => (unassigned)
** Changed in: qemu-kvm (Ubuntu Maverick)
Milestone: maverick-updates => None
** Changed in: libvirt (Ubuntu Lucid)
S
** Changed in: qemu-kvm (Ubuntu Maverick)
Assignee: Ubuntu Security Team (ubuntu-security) => Kees Cook (kees)
** Changed in: qemu-kvm (Ubuntu Lucid)
Assignee: Ubuntu Security Team (ubuntu-security) => Kees Cook (kees)
** Changed in: qemu-kvm (Ubuntu Karmic)
Importance: Und
> pin (i.e. mark as read-only).
> > >
> > > These register flags should already be pinned by Linux guests, but once
> > > compromised, this self-protection mechanism could be disabled, which is
> > > not the case with this dedicated hypercall.
> > >
virtqueues - one for (sync) read and another
> for (async) write. Since it cannot wait for write finished, it supports
> up to 128 concurrent IO.
>
> Cc: Paolo Bonzini
> Cc: Radim Krčmář
> Cc: "Michael S. Tsirkin"
> Cc: Anthony Liguori
> Cc: Anton Vorontsov
> Cc:
nchronous, it would be fine IMHO. However I
> don't know how to make write operation synchronous since it's called
> with a spinlock held (from any context including NMI).
>
> Cc: Paolo Bonzini
> Cc: Radim Krčmář
> Cc: "Michael S. Tsirkin"
> Cc: Anthony Liguori
&
On Sun, Jul 17, 2016 at 10:50 PM, Namhyung Kim wrote:
> Hello,
>
> On Sun, Jul 17, 2016 at 10:12:26PM -0700, Kees Cook wrote:
>> On Sun, Jul 17, 2016 at 9:37 PM, Namhyung Kim wrote:
>> > The virtio pstore driver provides interface to the pstore subsystem so
>> >
I spent way too much time trying to figure out why the emulated NVDIMM
was missing under Linux. In an effort to help others who might be looking
for these kinds of things in the future, include a hint.
Signed-off-by: Kees Cook
---
docs/nvdimm.txt | 5 +++--
1 file changed, 3 insertions(+), 2
On Fri, Apr 02, 2021 at 08:42:07AM +0200, Sedat Dilek wrote:
> On Thu, Feb 25, 2021 at 10:25 PM Kees Cook wrote:
> >
> > On Thu, 11 Feb 2021 12:42:58 -0700, Nathan Chancellor wrote:
> > > fw_cfg_showrev() is called by an indirect call in kobj_attr_show(),
> > > wh
sysfs driver for QEMU's fw_cfg
> device")
> Link: https://github.com/ClangBuiltLinux/linux/issues/1299
> Signed-off-by: Nathan Chancellor
Ah, nice, yes.
Reviewed-by: Kees Cook
Michael, are you able to take this? I can snag it if needed.
-Kees
> ---
> drivers/firmware/q
mber of 'struct
> kobj_structure' expects the second parameter to be of type 'struct
> kobj_attribute'.
>
> $ cat /sys/firmware/qemu_fw_cfg/rev
> 3
>
> [...]
Applied to kspp/cfi/cleanups, thanks!
[1/1] qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
https://git.kernel.org/kees/c/f5c4679d6c49
--
Kees Cook
13 matches
Mail list logo
