[kernel] r13378 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Apr 9 04:49:26 UTC 2009
Author: dannf
Date: Thu Apr 9 04:49:24 2009
New Revision: 13378
Log:
KVM: VMX: Don't allow uninhibited access to EFER on i386 (CVE-2009-1242)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/kvm-vmx-inhibit-EFER-access.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Thu Apr 9 04:47:59 2009 (r13377)
+++ dists/etch-security/linux-2.6.24/debian/changelog Thu Apr 9 04:49:24 2009 (r13378)
@@ -25,6 +25,7 @@
This issue does not effect pre-build Debian kernels.
* Fix an off-by-two memory error in console selection (CVE-2009-1046)
* af_rose/x25: Sanity check the maximum user frame size (CVE-2009-1265)
+ * KVM: VMX: Don't allow uninhibited access to EFER on i386 (CVE-2009-1242)
-- dann frazier <dannf at debian.org> Tue, 24 Feb 2009 23:25:36 -0700
Added: dists/etch-security/linux-2.6.24/debian/patches/bugfix/kvm-vmx-inhibit-EFER-access.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/kvm-vmx-inhibit-EFER-access.patch Thu Apr 9 04:49:24 2009 (r13378)
@@ -0,0 +1,36 @@
+commit 16175a796d061833aacfbd9672235f2d2725df65
+Author: Avi Kivity <avi at redhat.com>
+Date: Mon Mar 23 22:13:44 2009 +0200
+
+ KVM: VMX: Don't allow uninhibited access to EFER on i386
+
+ vmx_set_msr() does not allow i386 guests to touch EFER, but they can still
+ do so through the default: label in the switch. If they set EFER_LME, they
+ can oops the host.
+
+ Fix by having EFER access through the normal channel (which will check for
+ EFER_LME) even on i386.
+
+ Reported-and-tested-by: Benjamin Gilbert <bgilbert at cs.cmu.edu>
+ Cc: stable at kernel.org
+ Signed-off-by: Avi Kivity <avi at redhat.com>
+
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
+
+diff -urpN a/drivers/kvm/vmx.c b/drivers/kvm/vmx.c
+--- a/drivers/kvm/vmx.c 2008-01-24 15:58:37.000000000 -0700
++++ b/drivers/kvm/vmx.c 2009-04-08 22:46:00.000000000 -0600
+@@ -709,12 +709,12 @@ static int vmx_set_msr(struct kvm_vcpu *
+ int ret = 0;
+
+ switch (msr_index) {
+-#ifdef CONFIG_X86_64
+ case MSR_EFER:
+ ret = kvm_set_msr_common(vcpu, msr_index, data);
+ if (vmx->host_state.loaded)
+ load_transition_efer(vmx);
+ break;
++#ifdef CONFIG_X86_64
+ case MSR_FS_BASE:
+ vmcs_writel(GUEST_FS_BASE, data);
+ break;
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1 Thu Apr 9 04:47:59 2009 (r13377)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1 Thu Apr 9 04:49:24 2009 (r13378)
@@ -78,3 +78,4 @@
+ bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
+ bugfix/all/fix-off-by-2-error-in-console-selection.patch
+ bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch
++ bugfix/kvm-vmx-inhibit-EFER-access.patch
More information about the Kernel-svn-changes
mailing list