[kernel] r15127 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/x86 patches/series
Dann Frazier
dannf at alioth.debian.org
Fri Feb 5 03:22:10 UTC 2010
Author: dannf
Date: Fri Feb 5 03:22:08 2010
New Revision: 15127
Log:
KVM: PIT: control word is write-only (CVE-2010-0309)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch
- copied unchanged from r15126, dists/trunk/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/21lenny3
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Fri Feb 5 03:17:25 2010 (r15126)
+++ dists/lenny-security/linux-2.6/debian/changelog Fri Feb 5 03:22:08 2010 (r15127)
@@ -1,6 +1,7 @@
linux-2.6 (2.6.26-21lenny3) UNRELEASED; urgency=high
* Additional fixes for CVE-2010-0307
+ * KVM: PIT: control word is write-only (CVE-2010-0309)
-- dann frazier <dannf at debian.org> Thu, 04 Feb 2010 17:43:31 -0700
Copied: dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch (from r15126, dists/trunk/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch Fri Feb 5 03:22:08 2010 (r15127, copy of r15126, dists/trunk/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch)
@@ -0,0 +1,25 @@
+commit 336f40a728b9a4a5db5e1df5c89852c79ff95604
+Author: Marcelo Tosatti <mtosatti at redhat.com>
+Date: Fri Jan 29 17:28:41 2010 -0200
+
+ KVM: PIT: control word is write-only
+
+ PIT control word (address 0x43) is write-only, reads are undefined.
+
+ Cc: stable at kernel.org
+ Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
+
+diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
+index caad189..6a74246 100644
+--- a/arch/x86/kvm/i8254.c
++++ b/arch/x86/kvm/i8254.c
+@@ -467,6 +467,9 @@ static int pit_ioport_read(struct kvm_io_device *this,
+ return -EOPNOTSUPP;
+
+ addr &= KVM_PIT_CHANNEL_MASK;
++ if (addr == 3)
++ return 0;
++
+ s = &pit_state->channels[addr];
+
+ mutex_lock(&pit_state->lock);
Modified: dists/lenny-security/linux-2.6/debian/patches/series/21lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/21lenny3 Fri Feb 5 03:17:25 2010 (r15126)
+++ dists/lenny-security/linux-2.6/debian/patches/series/21lenny3 Fri Feb 5 03:22:08 2010 (r15127)
@@ -1,3 +1,4 @@
+ bugfix/x86/get-rid-of-TIF_ABI_PENDING-bit.patch
+ bugfix/powerpc/powerpc-tif_abi_pending-bit-removal.patch
+ bugfix/sparc/sparc-tif_abi_pending-bit-removal.patch
++ bugfix/x86/kvm-pit-control-word-is-write-only.patch
More information about the Kernel-svn-changes
mailing list