--- - branch: netbsd-8 date: Mon Jan 1 19:09:04 UTC 2018 files: - new: 1.255.6.3 old: 1.255.6.2 path: src/sys/arch/amd64/amd64/machdep.c pathrev: src/sys/arch/amd64/amd64/machdep.c@1.255.6.3 type: modified - new: 1.29.6.1 old: '1.29' path: src/sys/arch/amd64/include/segments.h pathrev: src/sys/arch/amd64/include/segments.h@1.29.6.1 type: modified - new: 1.782.6.2 old: 1.782.6.1 path: src/sys/arch/i386/i386/machdep.c pathrev: src/sys/arch/i386/i386/machdep.c@1.782.6.2 type: modified - new: 1.59.6.1 old: '1.59' path: src/sys/arch/i386/include/segments.h pathrev: src/sys/arch/i386/include/segments.h@1.59.6.1 type: modified - new: 1.28.6.1 old: '1.28' path: src/sys/arch/x86/x86/vm_machdep.c pathrev: src/sys/arch/x86/x86/vm_machdep.c@1.28.6.1 type: modified id: 20180101T190904Z.f2b48705dac4974d77686b090f15383846f0e6be log: "Pull up following revision(s) (requested by maxv in ticket #477):\n\tsys/arch/amd64/amd64/machdep.c: revision 1.280\n\tsys/arch/amd64/include/segments.h: revision 1.34\n\tsys/arch/i386/i386/machdep.c: revision 1.800\n\tsys/arch/i386/include/segments.h: revision 1.64 via patch\n\tsys/arch/x86/x86/vm_machdep.c: revision 1.30\nFix a huge privilege separation vulnerability in Xen-amd64.\nOn amd64 the kernel runs in ring3, like userland, and therefore SEL_KPL\nequals SEL_UPL. While Xen can make a distinction between usermode and\nkernelmode in %cs, it can't when it comes to iopl. Since we set SEL_KPL\nin iopl, Xen sees SEL_UPL, and allows (unprivileged) userland processes\nto read and write to the CPU ports.\nIt is easy, then, to completely escalate privileges; by reprogramming the\nPIC, by reading the ATA disks, by intercepting the keyboard interrupts\n(keylogger), etc.\nDeclare IOPL_KPL, set to 1 on Xen-amd64, which allows the kernel to use\nthe ports but not userland. I didn't test this change on i386, but it\nseems fine enough.\n" module: src subject: 'CVS commit: [netbsd-8] src/sys/arch' unixtime: '1514833744' user: snj