[kernel] r15540 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/x86 patches/series

Ben Hutchings benh at alioth.debian.org
Fri Apr 23 00:14:57 UTC 2010


Author: benh
Date: Fri Apr 23 00:14:52 2010
New Revision: 15540

Log:
[x86] KVM: disable paravirt mmu reporting (Closes: #573071)

PV-MMU depends on hypercall patching, which was broken (at least on
AMD systems) by the fix for CVE-2010-0298.  The PV-MMU feature is
considered obsolete by upstream and their fix was to stop reporting
it to guests.

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-x86-disable-paravirt-mmu-reporting.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/21lenny5

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Thu Apr 22 23:57:58 2010	(r15539)
+++ dists/lenny-security/linux-2.6/debian/changelog	Fri Apr 23 00:14:52 2010	(r15540)
@@ -1,8 +1,13 @@
 linux-2.6 (2.6.26-21lenny5) UNRELEASED; urgency=high
 
+  [ dann frazier ]
   * USB: usbfs: only copy the actual data received (CVE-2010-1083)
   * GFS2: Skip check for mandatory locks when unlocking (CVE-2010-0727)
 
+  [ Ben Hutchings ]
+  * [x86] KVM: disable paravirt mmu reporting (Closes: #573071) (regressed
+    due to fix for CVE-2010-0298; considered obsolete by upstream)
+
  -- dann frazier <dannf at debian.org>  Wed, 21 Apr 2010 22:37:06 -0600
 
 linux-2.6 (2.6.26-21lenny4) stable-security; urgency=high

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-x86-disable-paravirt-mmu-reporting.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-x86-disable-paravirt-mmu-reporting.patch	Fri Apr 23 00:14:52 2010	(r15540)
@@ -0,0 +1,41 @@
+From stefan.bader at canonical.com  Wed Apr  7 14:48:33 2010
+From: Marcelo Tosatti <mtosatti at redhat.com>
+Date: Fri, 19 Mar 2010 15:47:39 +0100
+Subject: KVM: x86: disable paravirt mmu reporting
+To: stable at kernel.org
+Cc: Marcelo Tosatti <mtosatti at redhat.com>, Avi Kivity <avi at redhat.com>, Gleb Natapov <gleb at redhat.com>
+Message-ID: <1269010059-25309-12-git-send-email-stefan.bader at canonical.com>
+
+
+From: Marcelo Tosatti <mtosatti at redhat.com>
+
+commit a68a6a7282373bedba8a2ed751b6384edb983a64 upstream
+
+Disable paravirt MMU capability reporting, so that new (or rebooted)
+guests switch to native operation.
+
+Paravirt MMU is a burden to maintain and does not bring significant
+advantages compared to shadow anymore.
+
+Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
+Signed-off-by: Avi Kivity <avi at redhat.com>
+Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+[bwh: Adjust context for 2.6.26]
+---
+ arch/x86/kvm/x86.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -1242,8 +1242,8 @@ int kvm_dev_ioctl_check_extension(long e
+ 	case KVM_CAP_NR_MEMSLOTS:
+ 		r = KVM_MEMORY_SLOTS;
+ 		break;
+-	case KVM_CAP_PV_MMU:
+-		r = !tdp_enabled;
++	case KVM_CAP_PV_MMU:	/* obsolete */
++		r = 0;
+ 		break;
+ 	default:
+ 		r = 0;

Modified: dists/lenny-security/linux-2.6/debian/patches/series/21lenny5
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/21lenny5	Thu Apr 22 23:57:58 2010	(r15539)
+++ dists/lenny-security/linux-2.6/debian/patches/series/21lenny5	Fri Apr 23 00:14:52 2010	(r15540)
@@ -1,2 +1,3 @@
 + bugfix/all/usbfs-only-copy-received-data.patch
 + bugfix/all/gfs2-skip-check-for-mandatory-locks-when-unlocking.patch
++ bugfix/x86/kvm-x86-disable-paravirt-mmu-reporting.patch



More information about the Kernel-svn-changes mailing list