When a tcp socket is closed, if it detects that its net namespace is
exiting, close immediately and do not wait for FIN sequence.
For normal sockets, a reference is taken to their net namespace, so it will
never exit while the socket is open. However, kernel sockets do not take a
reference to their net namespace, so it may begin exiting while the kernel
socket is still open. In this case if the kernel socket is a tcp socket,
it will stay open trying to complete its close sequence. The sock's dst(s)
hold a reference to their interface, which are all transferred to the
namespace's loopback interface when the real interfaces are taken down.
When the namespace tries to take down its loopback interface, it hangs
waiting for all references to the loopback interface to release, which
results in messages like:
unregister_netdevice: waiting for lo to become free. Usage count = 1
These messages continue until the socket finally times out and closes.
Since the net namespace cleanup holds the net_mutex while calling its
registered pernet callbacks, any new net namespace initialization is
blocked until the current net namespace finishes exiting.
After this change, the tcp socket notices the exiting net namespace, and
closes immediately, releasing its dst(s) and their reference to the
loopback interface, which lets the net namespace continue exiting.
Guest GPR values are live in the hardware GPRs at VM-exit. Do not
leave any guest values in hardware GPRs after the guest GPR values are
saved to the vcpu_vmx structure.
This is a partial mitigation for CVE 2017-5715 and CVE 2017-5753.
Specifically, it defeats the Project Zero PoC for CVE 2017-5715.
Suggested-by: Eric Northup <email address hidden>
Signed-off-by: Jim Mattson <email address hidden>
Reviewed-by: Eric Northup <email address hidden>
Reviewed-by: Benjamin Serebrin <email address hidden>
Reviewed-by: Andrew Honig <email address hidden>
[Paolo: Add AMD bits, Signed-off-by: Tom Lendacky <email address hidden>]
Signed-off-by: Paolo Bonzini <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
UBUNTU: SAUCE: powerpc: use sync instead of hwsync mnemonic
CVE-2017-5754
hwsync was added as a mnemonic for sync in binutils 2.25, prior
to that there is no support for hwsync. Replace uses of hwsync
with sync to maintain compatibility with older binutils.
Fixes: ee71154ed061 ("UBUNTU: SAUCE: rfi-flush: Add barriers to the fallback L1D flushing")
Acked-by: Kamal Mostafa <email address hidden>
Signed-off-by: Seth Forshee <email address hidden>
