[linux] 01/02: Update to 4.3.1

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Wed Dec 9 23:49:52 UTC 2015


This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch sid
in repository linux.

commit 26e03c2621f2fbefe6ce861c7e26fb8228bbcc3e
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Wed Dec 9 23:48:47 2015 +0000

    Update to 4.3.1
---
 debian/changelog                                   |  7 ++++
 ...-intercept-ac-to-avoid-guest-host-exploit.patch | 38 ----------------------
 ...x-avoid-guest-host-dos-by-intercepting-ac.patch | 34 -------------------
 debian/patches/series                              |  2 --
 4 files changed, 7 insertions(+), 74 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index bc7fb0a..1668944 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+linux (4.3.1-1~exp1) UNRELEASED; urgency=medium
+
+  * New upstream stable update:
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.1
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Wed, 09 Dec 2015 23:20:32 +0000
+
 linux (4.3-1~exp2) experimental; urgency=medium
 
   [ Ben Hutchings ]
diff --git a/debian/patches/bugfix/x86/kvm-x86-svm-intercept-ac-to-avoid-guest-host-exploit.patch b/debian/patches/bugfix/x86/kvm-x86-svm-intercept-ac-to-avoid-guest-host-exploit.patch
deleted file mode 100644
index b8ffd07..0000000
--- a/debian/patches/bugfix/x86/kvm-x86-svm-intercept-ac-to-avoid-guest-host-exploit.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Subject: KVM x86 SVM: intercept #AC to avoid guest->host exploit
-
----
-M arch/x86/kvm/svm.c
-1 file changed, 8 insertions(+), 0 deletions(-)
-
-
---- a/arch/x86/kvm/svm.c
-+++ b/arch/x86/kvm/svm.c
-@@ -1106,6 +1106,7 @@ static void init_vmcb(struct vcpu_svm *s
- 	set_exception_intercept(svm, PF_VECTOR);
- 	set_exception_intercept(svm, UD_VECTOR);
- 	set_exception_intercept(svm, MC_VECTOR);
-+	set_exception_intercept(svm, AC_VECTOR);
- 
- 	set_intercept(svm, INTERCEPT_INTR);
- 	set_intercept(svm, INTERCEPT_NMI);
-@@ -1795,6 +1796,12 @@ static int ud_interception(struct vcpu_s
- 	return 1;
- }
- 
-+static int ac_interception(struct vcpu_svm *svm)
-+{
-+	kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
-+	return 1;
-+}
-+
- static void svm_fpu_activate(struct kvm_vcpu *vcpu)
- {
- 	struct vcpu_svm *svm = to_svm(vcpu);
-@@ -3369,6 +3376,7 @@ static int (*const svm_exit_handlers[])(
- 	[SVM_EXIT_EXCP_BASE + PF_VECTOR]	= pf_interception,
- 	[SVM_EXIT_EXCP_BASE + NM_VECTOR]	= nm_interception,
- 	[SVM_EXIT_EXCP_BASE + MC_VECTOR]	= mc_interception,
-+	[SVM_EXIT_EXCP_BASE + AC_VECTOR]	= ac_interception,
- 	[SVM_EXIT_INTR]				= intr_interception,
- 	[SVM_EXIT_NMI]				= nmi_interception,
- 	[SVM_EXIT_SMI]				= nop_on_interception,
diff --git a/debian/patches/bugfix/x86/kvm-x86-vmx-avoid-guest-host-dos-by-intercepting-ac.patch b/debian/patches/bugfix/x86/kvm-x86-vmx-avoid-guest-host-dos-by-intercepting-ac.patch
deleted file mode 100644
index 79ed624..0000000
--- a/debian/patches/bugfix/x86/kvm-x86-vmx-avoid-guest-host-dos-by-intercepting-ac.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Eric Northup <digitaleric at google.com>
-Date: Thu Sep 10 11:36:28 2015 -0700
-Subject: KVM x86 vmx: avoid guest->host DOS by intercepting #AC
-
-A pathological (or malicious) guest can hang a host core by
-mis-configuring its GDT/IDT and enabling alignment checks.
-
-[bwh: Forward-ported to 4.2: AC_VECTOR is already defined so don't add it]
-
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -1567,7 +1567,7 @@ static void update_exception_bitmap(stru
- 	u32 eb;
- 
- 	eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
--	     (1u << NM_VECTOR) | (1u << DB_VECTOR);
-+	     (1u << NM_VECTOR) | (1u << DB_VECTOR) | (1u << AC_VECTOR);
- 	if ((vcpu->guest_debug &
- 	     (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) ==
- 	    (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP))
-@@ -5146,6 +5146,13 @@ static int handle_exception(struct kvm_v
- 		kvm_run->debug.arch.pc = vmcs_readl(GUEST_CS_BASE) + rip;
- 		kvm_run->debug.arch.exception = ex_no;
- 		break;
-+	case AC_VECTOR:
-+		/*
-+		 * We have already enabled interrupts and pre-emption, so
-+		 * it's OK to loop here if that is what will happen.
-+		 */
-+		kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
-+		return 1;
- 	default:
- 		kvm_run->exit_reason = KVM_EXIT_EXCEPTION;
- 		kvm_run->ex.exception = ex_no;
diff --git a/debian/patches/series b/debian/patches/series
index 8c10489..7c917d7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -87,8 +87,6 @@ bugfix/all/selftests-vm-try-harder-to-allocate-huge-pages.patch
 bugfix/all/selftests-breakpoints-actually-build-it.patch
 bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch
 bugfix/all/media-media-vivid-osd-fix-info-leak-in-ioctl.patch
-bugfix/x86/kvm-x86-vmx-avoid-guest-host-dos-by-intercepting-ac.patch
-bugfix/x86/kvm-x86-svm-intercept-ac-to-avoid-guest-host-exploit.patch
 bugfix/x86/kvm-svm-unconditionally-intercept-DB.patch
 bugfix/x86/kvm-x86-rename-update_db_bp_intercept-to-update_bp_i.patch
 bugfix/all/usbvision-fix-overflow-of-interfaces-array.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git



More information about the Kernel-svn-changes mailing list