From owner-freebsd-hackers@FreeBSD.ORG Mon Aug 6 13:08:37 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D2277106566B for ; Mon, 6 Aug 2012 13:08:37 +0000 (UTC) (envelope-from bcrisp@crispernetworks.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7BE888FC1A for ; Mon, 6 Aug 2012 13:08:37 +0000 (UTC) Received: by vbmv11 with SMTP id v11so1536363vbm.13 for ; Mon, 06 Aug 2012 06:08:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=IjO7pLxJofii5IP+41lfuJiaTfYBKzMlGvuiYJlFkW8=; b=LTL/mXqhIUhJ1ef5hRh9IvfUbu3GvYoPhviX9/Urh7Zk9KZuqrs06fKEtKyXW7ZtdY djkuSh/zzs5+CLdx8MyjH5vpRHto87ayBNneijo8mH5wkX1EQprLvjMWrr8JtiXT71aJ 8aTYyNWSNxtRYsveGDLyzta5jbRXHZzaF9kaOc2yDYVXvOG+SDjMtHDrQCGkUdoBgrpy eAbs1rzCxOmeN2hJpVRqg/feNlJnAHDP+Ui22hOu2z/ak2PcDKb+QY72b9/C8DiuRqLE lG4rph6AT6wXhYfanCecXyIQxoUuGyeCqnu+GHjzc1GbxMYwl19X3vbrkqo1QLpbs8BC tstg== MIME-Version: 1.0 Received: by 10.220.220.78 with SMTP id hx14mr8012769vcb.23.1344258516472; Mon, 06 Aug 2012 06:08:36 -0700 (PDT) Received: by 10.58.125.42 with HTTP; Mon, 6 Aug 2012 06:08:36 -0700 (PDT) In-Reply-To: References: <4FFF4B95.9080105@delphij.net> Date: Mon, 6 Aug 2012 09:08:36 -0400 Message-ID: From: Bill Crisp To: James X-Gm-Message-State: ALoCoQnNEjffOUD+210Xps1Wka+f5/HbgOpC6iSgXFh2ZVDaD7MiRWfjNO9VMmt8scfvVBrsPTg5 Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-hackers@freebsd.org, Xin Li Subject: Re: CVE-2012-0217 Intel's sysret Kernel Privilege Escalation and FreeBSD 6.2/6.3 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2012 13:08:37 -0000 Thanks for the patch! I gave it a try on a few servers, and saw a big increase in load on the servers, most of the load comes from apache under normal circumstances and it that load did go up a lot. I had to roll back the patched kernel and the load went back to what it normally is. Did you experience anything similar on any servers? On a server where the load was ~1 it went up with what seemed to be the same number of requests to something like ~6 or so on a single core servers. Ones that had higher load already also went up considerably. Any ideas on what I might be able to do? Let me know if you have a chance. On Wed, Jul 18, 2012 at 4:59 PM, James wrote: > On Wed, Jul 18, 2012 at 3:26 PM, Bill Crisp > wrote: > > > > Unfortunately I tried to put the code from the patch in place but there > > seems to be some missing functions in the header file and too many > > arguments to a function and some other errors below: > > Hi Bill. Yes, the patch for >= FreeBSD 7 won't apply directly to > 6. ksi and the refined SIGBUS traps don't exist yet. Here's how I > fixed it at work. Using this on multiple releng_6* branches. > > HTH! > > -- > James. >