[kernel] r15127 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/x86 patches/series

Dann Frazier dannf at alioth.debian.org
Fri Feb 5 03:22:10 UTC 2010 

Author: dannf
Date: Fri Feb  5 03:22:08 2010
New Revision: 15127

Log:
KVM: PIT: control word is write-only (CVE-2010-0309)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch
      - copied unchanged from r15126, dists/trunk/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/21lenny3

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Fri Feb  5 03:17:25 2010	(r15126)
+++ dists/lenny-security/linux-2.6/debian/changelog	Fri Feb  5 03:22:08 2010	(r15127)
@@ -1,6 +1,7 @@
 linux-2.6 (2.6.26-21lenny3) UNRELEASED; urgency=high
 
   * Additional fixes for CVE-2010-0307
+  * KVM: PIT: control word is write-only (CVE-2010-0309)
 
  -- dann frazier <dannf at debian.org>  Thu, 04 Feb 2010 17:43:31 -0700
 

Copied: dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch (from r15126, dists/trunk/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch	Fri Feb  5 03:22:08 2010	(r15127, copy of r15126, dists/trunk/linux-2.6/debian/patches/bugfix/x86/kvm-pit-control-word-is-write-only.patch)
@@ -0,0 +1,25 @@
+commit 336f40a728b9a4a5db5e1df5c89852c79ff95604
+Author: Marcelo Tosatti <mtosatti at redhat.com>
+Date:   Fri Jan 29 17:28:41 2010 -0200
+
+    KVM: PIT: control word is write-only
+    
+    PIT control word (address 0x43) is write-only, reads are undefined.
+    
+    Cc: stable at kernel.org
+    Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
+
+diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
+index caad189..6a74246 100644
+--- a/arch/x86/kvm/i8254.c
++++ b/arch/x86/kvm/i8254.c
+@@ -467,6 +467,9 @@ static int pit_ioport_read(struct kvm_io_device *this,
+ 		return -EOPNOTSUPP;
+ 
+ 	addr &= KVM_PIT_CHANNEL_MASK;
++	if (addr == 3)
++		return 0;
++
+ 	s = &pit_state->channels[addr];
+ 
+ 	mutex_lock(&pit_state->lock);

Modified: dists/lenny-security/linux-2.6/debian/patches/series/21lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/21lenny3	Fri Feb  5 03:17:25 2010	(r15126)
+++ dists/lenny-security/linux-2.6/debian/patches/series/21lenny3	Fri Feb  5 03:22:08 2010	(r15127)
@@ -1,3 +1,4 @@
 + bugfix/x86/get-rid-of-TIF_ABI_PENDING-bit.patch
 + bugfix/powerpc/powerpc-tif_abi_pending-bit-removal.patch
 + bugfix/sparc/sparc-tif_abi_pending-bit-removal.patch
++ bugfix/x86/kvm-pit-control-word-is-write-only.patch

More information about the Kernel-svn-changes mailing list