[kernel] r15540 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/x86 patches/series
Ben Hutchings
benh at alioth.debian.org
Fri Apr 23 00:14:57 UTC 2010
Author: benh
Date: Fri Apr 23 00:14:52 2010
New Revision: 15540
Log:
[x86] KVM: disable paravirt mmu reporting (Closes: #573071)
PV-MMU depends on hypercall patching, which was broken (at least on
AMD systems) by the fix for CVE-2010-0298. The PV-MMU feature is
considered obsolete by upstream and their fix was to stop reporting
it to guests.
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-x86-disable-paravirt-mmu-reporting.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/21lenny5
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Thu Apr 22 23:57:58 2010 (r15539)
+++ dists/lenny-security/linux-2.6/debian/changelog Fri Apr 23 00:14:52 2010 (r15540)
@@ -1,8 +1,13 @@
linux-2.6 (2.6.26-21lenny5) UNRELEASED; urgency=high
+ [ dann frazier ]
* USB: usbfs: only copy the actual data received (CVE-2010-1083)
* GFS2: Skip check for mandatory locks when unlocking (CVE-2010-0727)
+ [ Ben Hutchings ]
+ * [x86] KVM: disable paravirt mmu reporting (Closes: #573071) (regressed
+ due to fix for CVE-2010-0298; considered obsolete by upstream)
+
-- dann frazier <dannf at debian.org> Wed, 21 Apr 2010 22:37:06 -0600
linux-2.6 (2.6.26-21lenny4) stable-security; urgency=high
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-x86-disable-paravirt-mmu-reporting.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-x86-disable-paravirt-mmu-reporting.patch Fri Apr 23 00:14:52 2010 (r15540)
@@ -0,0 +1,41 @@
+From stefan.bader at canonical.com Wed Apr 7 14:48:33 2010
+From: Marcelo Tosatti <mtosatti at redhat.com>
+Date: Fri, 19 Mar 2010 15:47:39 +0100
+Subject: KVM: x86: disable paravirt mmu reporting
+To: stable at kernel.org
+Cc: Marcelo Tosatti <mtosatti at redhat.com>, Avi Kivity <avi at redhat.com>, Gleb Natapov <gleb at redhat.com>
+Message-ID: <1269010059-25309-12-git-send-email-stefan.bader at canonical.com>
+
+
+From: Marcelo Tosatti <mtosatti at redhat.com>
+
+commit a68a6a7282373bedba8a2ed751b6384edb983a64 upstream
+
+Disable paravirt MMU capability reporting, so that new (or rebooted)
+guests switch to native operation.
+
+Paravirt MMU is a burden to maintain and does not bring significant
+advantages compared to shadow anymore.
+
+Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
+Signed-off-by: Avi Kivity <avi at redhat.com>
+Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+[bwh: Adjust context for 2.6.26]
+---
+ arch/x86/kvm/x86.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -1242,8 +1242,8 @@ int kvm_dev_ioctl_check_extension(long e
+ case KVM_CAP_NR_MEMSLOTS:
+ r = KVM_MEMORY_SLOTS;
+ break;
+- case KVM_CAP_PV_MMU:
+- r = !tdp_enabled;
++ case KVM_CAP_PV_MMU: /* obsolete */
++ r = 0;
+ break;
+ default:
+ r = 0;
Modified: dists/lenny-security/linux-2.6/debian/patches/series/21lenny5
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/21lenny5 Thu Apr 22 23:57:58 2010 (r15539)
+++ dists/lenny-security/linux-2.6/debian/patches/series/21lenny5 Fri Apr 23 00:14:52 2010 (r15540)
@@ -1,2 +1,3 @@
+ bugfix/all/usbfs-only-copy-received-data.patch
+ bugfix/all/gfs2-skip-check-for-mandatory-locks-when-unlocking.patch
++ bugfix/x86/kvm-x86-disable-paravirt-mmu-reporting.patch
More information about the Kernel-svn-changes
mailing list