[kernel] r19994 - in dists/squeeze-security/linux-2.6/debian/patches: bugfix/x86 series
Dann Frazier
dannf at alioth.debian.org
Wed May 1 06:13:25 UTC 2013
Author: dannf
Date: Wed May 1 06:13:24 2013
New Revision: 19994
Log:
add follow-up fix for CVE-2013-1796
Added:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/KVM-x86-relax-MSR_KVM_SYSTEM_TIME-alignment-check.patch
Modified:
dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze2
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/KVM-x86-relax-MSR_KVM_SYSTEM_TIME-alignment-check.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/KVM-x86-relax-MSR_KVM_SYSTEM_TIME-alignment-check.patch Wed May 1 06:13:24 2013 (r19994)
@@ -0,0 +1,46 @@
+From patchwork Fri Mar 22 19:14:07 2013
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: KVM: x86: relax MSR_KVM_SYSTEM_TIME alignment check
+Date: Fri, 22 Mar 2013 19:14:07 -0000
+From: Marcelo Tosatti <mtosatti at redhat.com>
+X-Patchwork-Id: 2322271
+Message-Id: <20130322191407.GA23681 at amt.cnet>
+To: Andy Honig <ahonig at google.com>, Gleb Natapov <gleb at redhat.com>
+Cc: kvm <kvm at vger.kernel.org>
+
+RHEL5 i386 guests register non 32-byte aligned addresses:
+
+kvm-clock: cpu 1, msr 0:3018aa5, secondary cpu clock
+kvm-clock: cpu 2, msr 0:301f8e9, secondary cpu clock
+kvm-clock: cpu 3, msr 0:302672d, secondary cpu clock
+
+Check for an address+len that would cross page boundary
+instead.
+
+Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
+[dannf: backported to Debian's 2.6.32]
+
+---
+To unsubscribe from this list: send the line "unsubscribe kvm" in
+the body of a message to majordomo at vger.kernel.org
+More majordomo info at http://vger.kernel.org/majordomo-info.html
+
+diff -urpN a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+--- a/arch/x86/kvm/x86.c 2013-05-01 00:47:50.631379119 -0400
++++ b/arch/x86/kvm/x86.c 2013-05-01 01:17:49.994373990 -0400
+@@ -957,9 +957,10 @@ int kvm_set_msr_common(struct kvm_vcpu *
+ /* ...but clean it before doing the actual write */
+ vcpu->arch.time_offset = data & ~(PAGE_MASK | 1);
+
+- /* Check that the address is 32-byte aligned. */
+- if (vcpu->arch.time_offset &
+- (sizeof(struct pvclock_vcpu_time_info) - 1))
++ /* Check that address+len does not cross page boundary */
++ if ((vcpu->arch.time_offset +
++ sizeof(struct pvclock_vcpu_time_info) - 1)
++ & PAGE_MASK)
+ break;
+
+ vcpu->arch.time_page =
Modified: dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze2
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze2 Mon Apr 29 05:56:32 2013 (r19993)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze2 Wed May 1 06:13:24 2013 (r19994)
@@ -28,6 +28,7 @@
+ bugfix/all/NLS-improve-UTF8-UTF16-string-conversion-routine.patch
+ debian/nls-Avoid-ABI-change-for-CVE-2013-1773-fix.patch
+ bugfix/x86/KVM-x86-fix-for-buffer-overflow-in-handling-of-MSR_K.patch
++ bugfix/x86/KVM-x86-relax-MSR_KVM_SYSTEM_TIME-alignment-check.patch
+ bugfix/all/KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch
+ bugfix/all/xfrm_user-return-error-pointer-instead-of-NULL.patch
+ bugfix/all/xfrm_user-return-error-pointer-instead-of-NULL-2.patch
More information about the Kernel-svn-changes
mailing list