[kernel] r12284 - in dists/sid/linux-2.6/debian: . patches/bugfix patches/series

Dann Frazier dannf at alioth.debian.org
Sat Oct 4 00:04:27 UTC 2008 

Author: dannf
Date: Sat Oct  4 00:04:25 2008
New Revision: 12284

Log:
[x86] Fix broken LDT access in VMI (CVE-2008-4410)

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/x86-fix-broken-LDT-access-in-VMI.patch
   dists/sid/linux-2.6/debian/patches/series/8
Modified:
   dists/sid/linux-2.6/debian/changelog

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	(original)
+++ dists/sid/linux-2.6/debian/changelog	Sat Oct  4 00:04:25 2008
@@ -1,3 +1,9 @@
+linux-2.6 (2.6.26-8) UNRELEASED; urgency=low
+
+  * [x86] Fix broken LDT access in VMI (CVE-2008-4410)
+
+ -- dann frazier <dannf at debian.org>  Fri, 03 Oct 2008 17:38:31 -0600
+
 linux-2.6 (2.6.26-7) unstable; urgency=low
 
   [ Bastian Blank ]

Added: dists/sid/linux-2.6/debian/patches/bugfix/x86-fix-broken-LDT-access-in-VMI.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/x86-fix-broken-LDT-access-in-VMI.patch	Sat Oct  4 00:04:25 2008
@@ -0,0 +1,34 @@
+commit de59985e3a623d4d5d6207f1777398ca0606ab1c
+Author: Zachary Amsden <zach at vmware.com>
+Date:   Tue Sep 30 11:02:12 2008 -0700
+
+    x86: Fix broken LDT access in VMI
+    
+    After investigating a JRE failure, I found this bug was introduced a
+    long time ago, and had already managed to survive another bugfix which
+    occurred on the same line.  The result is a total failure of the JRE due
+    to LDT selectors not working properly.
+    
+    This one took a long time to rear up because LDT usage is not very
+    common, but the bug is quite serious.  It got introduced along with
+    another bug, already fixed, by 75b8bb3e56ca09a467fbbe5229bc68627f7445be
+    
+    Signed-off-by: Zachary Amsden <zach at vmware.com>
+    Cc: Ingo Molnar <mingo at redhat.com>
+    Cc: Glauber de Oliveira Costa <gcosta at redhat.com>
+    Cc: <stable at kernel.org>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/arch/x86/kernel/vmi_32.c b/arch/x86/kernel/vmi_32.c
+index 6ca515d..edfb09f 100644
+--- a/arch/x86/kernel/vmi_32.c
++++ b/arch/x86/kernel/vmi_32.c
+@@ -235,7 +235,7 @@ static void vmi_write_ldt_entry(struct desc_struct *dt, int entry,
+ 				const void *desc)
+ {
+ 	u32 *ldt_entry = (u32 *)desc;
+-	vmi_ops.write_idt_entry(dt, entry, ldt_entry[0], ldt_entry[1]);
++	vmi_ops.write_ldt_entry(dt, entry, ldt_entry[0], ldt_entry[1]);
+ }
+ 
+ static void vmi_load_sp0(struct tss_struct *tss,

Added: dists/sid/linux-2.6/debian/patches/series/8
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/series/8	Sat Oct  4 00:04:25 2008
@@ -0,0 +1 @@
++ bugfix/x86-fix-broken-LDT-access-in-VMI.patch

More information about the Kernel-svn-changes mailing list