[kernel] r16607 - in dists/sid/linux-2.6/debian: . patches/bugfix/x86 patches/series
Ben Hutchings
benh at alioth.debian.org
Sun Nov 28 20:24:48 UTC 2010
Author: benh
Date: Sun Nov 28 20:24:42 2010
New Revision: 16607
Log:
[x86] KVM: VMX: Fix host userspace gsbase corruption (Closes: #604956)
Added:
dists/sid/linux-2.6/debian/patches/bugfix/x86/KVM-VMX-Fix-host-userspace-gsbase-corruption.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/series/29
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog Sun Nov 28 04:14:29 2010 (r16606)
+++ dists/sid/linux-2.6/debian/changelog Sun Nov 28 20:24:42 2010 (r16607)
@@ -7,6 +7,7 @@
CVE-2010-4165)
* l2tp: Fix UDP socket reference count bugs in the pppol2tp driver
(Closes: #604748)
+ * [x86] KVM: VMX: Fix host userspace gsbase corruption (Closes: #604956)
-- Ben Hutchings <ben at decadent.org.uk> Sat, 27 Nov 2010 21:06:54 +0000
Added: dists/sid/linux-2.6/debian/patches/bugfix/x86/KVM-VMX-Fix-host-userspace-gsbase-corruption.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/x86/KVM-VMX-Fix-host-userspace-gsbase-corruption.patch Sun Nov 28 20:24:42 2010 (r16607)
@@ -0,0 +1,71 @@
+Subject: [PATCH 2.6.32.y] KVM: VMX: Fix host userspace gsbase corruption
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Fri, 26 Nov 2010 06:31:36 +0000
+
+commit c8770e7ba63bb5dd8fe5f9d251275a8fa717fb78 upstream.
+
+We now use load_gs_index() to load gs safely; unfortunately this also
+changes MSR_KERNEL_GS_BASE, which we managed separately. This resulted
+in confusion and breakage running 32-bit host userspace on a 64-bit kernel.
+
+Fix by
+- saving guest MSR_KERNEL_GS_BASE before we we reload the host's gs
+- doing the host save/load unconditionally, instead of only when in guest
+ long mode
+
+Things can be cleaned up further, but this is the minmal fix for now.
+
+Signed-off-by: Avi Kivity <avi at redhat.com>
+Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
+[bwh: Backport to 2.6.32]
+---
+ arch/x86/kvm/vmx.c | 16 +++++++++++-----
+ 1 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
+index 0abb3a5..7238dd9 100644
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -654,10 +654,7 @@ static void vmx_save_host_state(struct kvm_vcpu *vcpu)
+ #endif
+
+ #ifdef CONFIG_X86_64
+- if (is_long_mode(&vmx->vcpu))
+- save_msrs(vmx->host_msrs +
+- vmx->msr_offset_kernel_gs_base, 1);
+-
++ save_msrs(vmx->host_msrs + vmx->msr_offset_kernel_gs_base, 1);
+ #endif
+ load_msrs(vmx->guest_msrs, vmx->save_nmsrs);
+ load_transition_efer(vmx);
+@@ -672,17 +669,26 @@ static void __vmx_load_host_state(struct vcpu_vmx *vmx)
+ vmx->host_state.loaded = 0;
+ if (vmx->host_state.fs_reload_needed)
+ loadsegment(fs, vmx->host_state.fs_sel);
++#ifdef CONFIG_X86_64
++ if (is_long_mode(&vmx->vcpu))
++ save_msrs(vmx->guest_msrs + vmx->msr_offset_kernel_gs_base, 1);
++#endif
+ if (vmx->host_state.gs_ldt_reload_needed) {
+ kvm_load_ldt(vmx->host_state.ldt_sel);
+ #ifdef CONFIG_X86_64
+ load_gs_index(vmx->host_state.gs_sel);
+- wrmsrl(MSR_KERNEL_GS_BASE, current->thread.gs);
+ #else
+ loadsegment(gs, vmx->host_state.gs_sel);
+ #endif
+ }
+ reload_tss();
++#ifdef CONFIG_X86_64
++ save_msrs(vmx->guest_msrs, vmx->msr_offset_kernel_gs_base);
++ save_msrs(vmx->guest_msrs + vmx->msr_offset_kernel_gs_base + 1,
++ vmx->save_nmsrs - vmx->msr_offset_kernel_gs_base - 1);
++#else
+ save_msrs(vmx->guest_msrs, vmx->save_nmsrs);
++#endif
+ load_msrs(vmx->host_msrs, vmx->save_nmsrs);
+ reload_host_efer(vmx);
+ load_gdt(&__get_cpu_var(host_gdt));
+--
+1.7.2.3
+
Modified: dists/sid/linux-2.6/debian/patches/series/29
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/29 Sun Nov 28 04:14:29 2010 (r16606)
+++ dists/sid/linux-2.6/debian/patches/series/29 Sun Nov 28 20:24:42 2010 (r16607)
@@ -5,3 +5,4 @@
+ features/all/SCSI-megaraid_sas-Fix-fw-hang-caused-by-megaraid-sas-app.patch
+ bugfix/all/tcp-Make-TCP_MAXSEG-minimum-more-correct.patch
+ bugfix/all/l2tp-Fix-UDP-socket-reference-count-bugs-in-pppol2tp.patch
++ bugfix/x86/KVM-VMX-Fix-host-userspace-gsbase-corruption.patch
More information about the Kernel-svn-changes
mailing list