[kernel] r15126 - in dists/trunk/linux-2.6/debian: . patches/bugfix/x86 patches/series

Dann Frazier dannf at alioth.debian.org
Fri Feb 5 03:17:28 UTC 2010 

Author: dannf
Date: Fri Feb  5 03:17:25 2010
New Revision: 15126

Log:
KVM: PIT: control word is write-only (CVE-2010-0309)

Added:
   dists/trunk/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch
Modified:
   dists/trunk/linux-2.6/debian/changelog
   dists/trunk/linux-2.6/debian/patches/series/8

Modified: dists/trunk/linux-2.6/debian/changelog
==============================================================================
--- dists/trunk/linux-2.6/debian/changelog	Fri Feb  5 01:29:28 2010	(r15125)
+++ dists/trunk/linux-2.6/debian/changelog	Fri Feb  5 03:17:25 2010	(r15126)
@@ -6,6 +6,7 @@
   [ dann frazier ]
   * Remove TIF_ABI_PENDING bit from x86, sparc & powerpc, fixing
     32-bit userland/64-bit kernel breakage (Closes: #568416)
+  * KVM: PIT: control word is write-only (CVE-2010-0309)
   
   [ Ben Hutchings ]
   * Build lgs8gxx driver along with cxusb (Closes: #568414)

Added: dists/trunk/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/trunk/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch	Fri Feb  5 03:17:25 2010	(r15126)
@@ -0,0 +1,25 @@
+commit 336f40a728b9a4a5db5e1df5c89852c79ff95604
+Author: Marcelo Tosatti <mtosatti at redhat.com>
+Date:   Fri Jan 29 17:28:41 2010 -0200
+
+    KVM: PIT: control word is write-only
+    
+    PIT control word (address 0x43) is write-only, reads are undefined.
+    
+    Cc: stable at kernel.org
+    Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
+
+diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
+index caad189..6a74246 100644
+--- a/arch/x86/kvm/i8254.c
++++ b/arch/x86/kvm/i8254.c
+@@ -467,6 +467,9 @@ static int pit_ioport_read(struct kvm_io_device *this,
+ 		return -EOPNOTSUPP;
+ 
+ 	addr &= KVM_PIT_CHANNEL_MASK;
++	if (addr == 3)
++		return 0;
++
+ 	s = &pit_state->channels[addr];
+ 
+ 	mutex_lock(&pit_state->lock);

Modified: dists/trunk/linux-2.6/debian/patches/series/8
==============================================================================
--- dists/trunk/linux-2.6/debian/patches/series/8	Fri Feb  5 01:29:28 2010	(r15125)
+++ dists/trunk/linux-2.6/debian/patches/series/8	Fri Feb  5 03:17:25 2010	(r15126)
@@ -4,3 +4,4 @@
 + bugfix/all/cxusb-select-lgs8gxx.patch
 - bugfix/all/clocksource-events-Fix-fallout-of-generic-code-changes.patch
 + bugfix/all/clocksource-always-define-clocksource_max_deferment.patch
++ bugfix/x86/kvm-pit-control-word-is-write-only.patch

More information about the Kernel-svn-changes mailing list