[kernel] r19994 - in dists/squeeze-security/linux-2.6/debian/patches: bugfix/x86 series

Dann Frazier dannf at alioth.debian.org
Wed May 1 06:13:25 UTC 2013 

Author: dannf
Date: Wed May  1 06:13:24 2013
New Revision: 19994

Log:
add follow-up fix for CVE-2013-1796

Added:
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/KVM-x86-relax-MSR_KVM_SYSTEM_TIME-alignment-check.patch
Modified:
   dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze2

Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/KVM-x86-relax-MSR_KVM_SYSTEM_TIME-alignment-check.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/KVM-x86-relax-MSR_KVM_SYSTEM_TIME-alignment-check.patch	Wed May  1 06:13:24 2013	(r19994)
@@ -0,0 +1,46 @@
+From patchwork Fri Mar 22 19:14:07 2013
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: KVM: x86: relax MSR_KVM_SYSTEM_TIME alignment check
+Date: Fri, 22 Mar 2013 19:14:07 -0000
+From: Marcelo Tosatti <mtosatti at redhat.com>
+X-Patchwork-Id: 2322271
+Message-Id: <20130322191407.GA23681 at amt.cnet>
+To: Andy Honig <ahonig at google.com>, Gleb Natapov <gleb at redhat.com>
+Cc: kvm <kvm at vger.kernel.org>
+
+RHEL5 i386 guests register non 32-byte aligned addresses:
+
+kvm-clock: cpu 1, msr 0:3018aa5, secondary cpu clock
+kvm-clock: cpu 2, msr 0:301f8e9, secondary cpu clock
+kvm-clock: cpu 3, msr 0:302672d, secondary cpu clock
+
+Check for an address+len that would cross page boundary
+instead.
+
+Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
+[dannf: backported to Debian's 2.6.32]
+
+---
+To unsubscribe from this list: send the line "unsubscribe kvm" in
+the body of a message to majordomo at vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
+
+diff -urpN a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+--- a/arch/x86/kvm/x86.c	2013-05-01 00:47:50.631379119 -0400
++++ b/arch/x86/kvm/x86.c	2013-05-01 01:17:49.994373990 -0400
+@@ -957,9 +957,10 @@ int kvm_set_msr_common(struct kvm_vcpu *
+ 		/* ...but clean it before doing the actual write */
+ 		vcpu->arch.time_offset = data & ~(PAGE_MASK | 1);
+ 
+-		/* Check that the address is 32-byte aligned. */
+-		if (vcpu->arch.time_offset &
+-				(sizeof(struct pvclock_vcpu_time_info) - 1))
++		/* Check that address+len does not cross page boundary */
++		if ((vcpu->arch.time_offset + 
++			sizeof(struct pvclock_vcpu_time_info) - 1)
++			& PAGE_MASK)
+ 			break;
+ 
+ 		vcpu->arch.time_page =

Modified: dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze2
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze2	Mon Apr 29 05:56:32 2013	(r19993)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze2	Wed May  1 06:13:24 2013	(r19994)
@@ -28,6 +28,7 @@
 + bugfix/all/NLS-improve-UTF8-UTF16-string-conversion-routine.patch
 + debian/nls-Avoid-ABI-change-for-CVE-2013-1773-fix.patch
 + bugfix/x86/KVM-x86-fix-for-buffer-overflow-in-handling-of-MSR_K.patch
++ bugfix/x86/KVM-x86-relax-MSR_KVM_SYSTEM_TIME-alignment-check.patch
 + bugfix/all/KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch
 + bugfix/all/xfrm_user-return-error-pointer-instead-of-NULL.patch
 + bugfix/all/xfrm_user-return-error-pointer-instead-of-NULL-2.patch

More information about the Kernel-svn-changes mailing list