[kernel] r16607 - in dists/sid/linux-2.6/debian: . patches/bugfix/x86 patches/series

Ben Hutchings benh at alioth.debian.org
Sun Nov 28 20:24:48 UTC 2010 

Author: benh
Date: Sun Nov 28 20:24:42 2010
New Revision: 16607

Log:
[x86] KVM: VMX: Fix host userspace gsbase corruption (Closes: #604956)

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/x86/KVM-VMX-Fix-host-userspace-gsbase-corruption.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/29

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	Sun Nov 28 04:14:29 2010	(r16606)
+++ dists/sid/linux-2.6/debian/changelog	Sun Nov 28 20:24:42 2010	(r16607)
@@ -7,6 +7,7 @@
     CVE-2010-4165)
   * l2tp: Fix UDP socket reference count bugs in the pppol2tp driver
     (Closes: #604748)
+  * [x86] KVM: VMX: Fix host userspace gsbase corruption (Closes: #604956)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Sat, 27 Nov 2010 21:06:54 +0000
 

Added: dists/sid/linux-2.6/debian/patches/bugfix/x86/KVM-VMX-Fix-host-userspace-gsbase-corruption.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/x86/KVM-VMX-Fix-host-userspace-gsbase-corruption.patch	Sun Nov 28 20:24:42 2010	(r16607)
@@ -0,0 +1,71 @@
+Subject: [PATCH 2.6.32.y] KVM: VMX: Fix host userspace gsbase corruption
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Fri, 26 Nov 2010 06:31:36 +0000
+
+commit c8770e7ba63bb5dd8fe5f9d251275a8fa717fb78 upstream.
+
+We now use load_gs_index() to load gs safely; unfortunately this also
+changes MSR_KERNEL_GS_BASE, which we managed separately.  This resulted
+in confusion and breakage running 32-bit host userspace on a 64-bit kernel.
+
+Fix by
+- saving guest MSR_KERNEL_GS_BASE before we we reload the host's gs
+- doing the host save/load unconditionally, instead of only when in guest
+  long mode
+
+Things can be cleaned up further, but this is the minmal fix for now.
+
+Signed-off-by: Avi Kivity <avi at redhat.com>
+Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
+[bwh: Backport to 2.6.32]
+---
+ arch/x86/kvm/vmx.c |   16 +++++++++++-----
+ 1 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
+index 0abb3a5..7238dd9 100644
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -654,10 +654,7 @@ static void vmx_save_host_state(struct kvm_vcpu *vcpu)
+ #endif
+ 
+ #ifdef CONFIG_X86_64
+-	if (is_long_mode(&vmx->vcpu))
+-		save_msrs(vmx->host_msrs +
+-			  vmx->msr_offset_kernel_gs_base, 1);
+-
++	save_msrs(vmx->host_msrs + vmx->msr_offset_kernel_gs_base, 1);
+ #endif
+ 	load_msrs(vmx->guest_msrs, vmx->save_nmsrs);
+ 	load_transition_efer(vmx);
+@@ -672,17 +669,26 @@ static void __vmx_load_host_state(struct vcpu_vmx *vmx)
+ 	vmx->host_state.loaded = 0;
+ 	if (vmx->host_state.fs_reload_needed)
+ 		loadsegment(fs, vmx->host_state.fs_sel);
++#ifdef CONFIG_X86_64
++	if (is_long_mode(&vmx->vcpu))
++		save_msrs(vmx->guest_msrs + vmx->msr_offset_kernel_gs_base, 1);
++#endif
+ 	if (vmx->host_state.gs_ldt_reload_needed) {
+ 		kvm_load_ldt(vmx->host_state.ldt_sel);
+ #ifdef CONFIG_X86_64
+ 		load_gs_index(vmx->host_state.gs_sel);
+-		wrmsrl(MSR_KERNEL_GS_BASE, current->thread.gs);
+ #else
+ 		loadsegment(gs, vmx->host_state.gs_sel);
+ #endif
+ 	}
+ 	reload_tss();
++#ifdef CONFIG_X86_64
++	save_msrs(vmx->guest_msrs, vmx->msr_offset_kernel_gs_base);
++	save_msrs(vmx->guest_msrs + vmx->msr_offset_kernel_gs_base + 1,
++		  vmx->save_nmsrs - vmx->msr_offset_kernel_gs_base - 1);
++#else
+ 	save_msrs(vmx->guest_msrs, vmx->save_nmsrs);
++#endif
+ 	load_msrs(vmx->host_msrs, vmx->save_nmsrs);
+ 	reload_host_efer(vmx);
+ 	load_gdt(&__get_cpu_var(host_gdt));
+-- 
+1.7.2.3
+

Modified: dists/sid/linux-2.6/debian/patches/series/29
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/29	Sun Nov 28 04:14:29 2010	(r16606)
+++ dists/sid/linux-2.6/debian/patches/series/29	Sun Nov 28 20:24:42 2010	(r16607)
@@ -5,3 +5,4 @@
 + features/all/SCSI-megaraid_sas-Fix-fw-hang-caused-by-megaraid-sas-app.patch
 + bugfix/all/tcp-Make-TCP_MAXSEG-minimum-more-correct.patch
 + bugfix/all/l2tp-Fix-UDP-socket-reference-count-bugs-in-pppol2tp.patch
++ bugfix/x86/KVM-VMX-Fix-host-userspace-gsbase-corruption.patch

More information about the Kernel-svn-changes mailing list