Date: Mon, 6 Aug 2012 09:08:36 -0400 From: Bill Crisp <bcrisp@crispernetworks.com> To: James <james@hicag.org> Cc: freebsd-hackers@freebsd.org, Xin Li <delphij@delphij.net> Subject: Re: CVE-2012-0217 Intel's sysret Kernel Privilege Escalation and FreeBSD 6.2/6.3 Message-ID: <CAOmNS50OqC3HCAx-8x7OEV8KyfxrUhV2PaMhZMEZOAyBOj83DQ@mail.gmail.com> In-Reply-To: <CAD4099k=h9T=fEXK5UjYoGifo8NGKcPWRA7eQ4C15sgdR2CMQQ@mail.gmail.com> References: <CAOmNS514kLwq=MpGbwL324MQGQYrCAgM9ByaocRujjG1M55%2BTg@mail.gmail.com> <4FFF4B95.9080105@delphij.net> <CAOmNS50Gz_cnaqhxu0%2BbUO1JUBfUF6OHS2TaHZhiw6C-NtipGQ@mail.gmail.com> <CAD4099k=h9T=fEXK5UjYoGifo8NGKcPWRA7eQ4C15sgdR2CMQQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the patch! I gave it a try on a few servers, and saw a big increase in load on the servers, most of the load comes from apache under normal circumstances and it that load did go up a lot. I had to roll back the patched kernel and the load went back to what it normally is. Did you experience anything similar on any servers? On a server where the load was ~1 it went up with what seemed to be the same number of requests to something like ~6 or so on a single core servers. Ones that had higher load already also went up considerably. Any ideas on what I might be able to do? Let me know if you have a chance. On Wed, Jul 18, 2012 at 4:59 PM, James <james@hicag.org> wrote: > On Wed, Jul 18, 2012 at 3:26 PM, Bill Crisp <bcrisp@crispernetworks.com> > wrote: > > > > Unfortunately I tried to put the code from the patch in place but there > > seems to be some missing functions in the header file and too many > > arguments to a function and some other errors below: > > Hi Bill. Yes, the patch for >= FreeBSD 7 won't apply directly to > 6. ksi and the refined SIGBUS traps don't exist yet. Here's how I > fixed it at work. Using this on multiple releng_6* branches. > > HTH! > > -- > James. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOmNS50OqC3HCAx-8x7OEV8KyfxrUhV2PaMhZMEZOAyBOj83DQ>