[kernel] r13377 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/x86 patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Apr 9 04:48:01 UTC 2009
Author: dannf
Date: Thu Apr 9 04:47:59 2009
New Revision: 13377
Log:
KVM: VMX: Don't allow uninhibited access to EFER on i386 (CVE-2009-1242)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-vmx-inhibit-EFER-access.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/15lenny1
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Wed Apr 8 21:28:01 2009 (r13376)
+++ dists/lenny-security/linux-2.6/debian/changelog Thu Apr 9 04:47:59 2009 (r13377)
@@ -9,6 +9,7 @@
* Fix an off-by-two memory error in console selection (CVE-2009-1046)
* nfsd: drop CAP_MKNOD for non-root (CVE-2009-1072)
* af_rose/x25: Sanity check the maximum user frame size (CVE-2009-1265)
+ * KVM: VMX: Don't allow uninhibited access to EFER on i386 (CVE-2009-1242)
-- dann frazier <dannf at debian.org> Fri, 03 Apr 2009 19:12:51 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-vmx-inhibit-EFER-access.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-vmx-inhibit-EFER-access.patch Thu Apr 9 04:47:59 2009 (r13377)
@@ -0,0 +1,35 @@
+commit 16175a796d061833aacfbd9672235f2d2725df65
+Author: Avi Kivity <avi at redhat.com>
+Date: Mon Mar 23 22:13:44 2009 +0200
+
+ KVM: VMX: Don't allow uninhibited access to EFER on i386
+
+ vmx_set_msr() does not allow i386 guests to touch EFER, but they can still
+ do so through the default: label in the switch. If they set EFER_LME, they
+ can oops the host.
+
+ Fix by having EFER access through the normal channel (which will check for
+ EFER_LME) even on i386.
+
+ Reported-and-tested-by: Benjamin Gilbert <bgilbert at cs.cmu.edu>
+ Cc: stable at kernel.org
+ Signed-off-by: Avi Kivity <avi at redhat.com>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/arch/x86/kvm/vmx.c linux-source-2.6.26/arch/x86/kvm/vmx.c
+--- linux-source-2.6.26.orig/arch/x86/kvm/vmx.c 2009-03-25 17:20:38.000000000 -0600
++++ linux-source-2.6.26/arch/x86/kvm/vmx.c 2009-04-08 22:28:20.000000000 -0600
+@@ -890,11 +890,11 @@ static int vmx_set_msr(struct kvm_vcpu *
+ int ret = 0;
+
+ switch (msr_index) {
+-#ifdef CONFIG_X86_64
+ case MSR_EFER:
+ vmx_load_host_state(vmx);
+ ret = kvm_set_msr_common(vcpu, msr_index, data);
+ break;
++#ifdef CONFIG_X86_64
+ case MSR_FS_BASE:
+ vmcs_writel(GUEST_FS_BASE, data);
+ break;
Modified: dists/lenny-security/linux-2.6/debian/patches/series/15lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/15lenny1 Wed Apr 8 21:28:01 2009 (r13376)
+++ dists/lenny-security/linux-2.6/debian/patches/series/15lenny1 Thu Apr 9 04:47:59 2009 (r13377)
@@ -5,3 +5,4 @@
+ bugfix/all/fix-off-by-2-error-in-console-selection.patch
+ bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch
+ bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch
++ bugfix/x86/kvm-vmx-inhibit-EFER-access.patch
More information about the Kernel-svn-changes
mailing list