From: Ben Hutchings <ben@decadent.org.uk>
To: Avi Kivity <avi@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>,
Greg Kroah-Hartman <gregkh@suse.de>,
stable-review@kernel.org, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [Stable-review] [22/45] KVM: Fix fs/gs reload oops with invalid ldt
Date: Fri, 26 Nov 2010 01:15:30 +0000 [thread overview]
Message-ID: <1290734130.2928.24.camel@localhost> (raw)
[-- Attachment #1: Type: text/plain, Size: 1376 bytes --]
Greg KH <gregkh@suse.de> wrote:
> 2.6.32-stable review patch. If anyone has any objections, please let us know.
Obviously it's a bit late now, but...
> ------------------
>
> From: Avi Kivity <avi@redhat.com>
>
> commit 9581d442b9058d3699b4be568b6e5eae38a41493 upstream
>
> kvm reloads the host's fs and gs blindly, however the underlying segment
> descriptors may be invalid due to the user modifying the ldt after loading
> them.
>
> Fix by using the safe accessors (loadsegment() and load_gs_index()) instead
> of home grown unsafe versions.
>
> This is CVE-2010-3698.
>
> Signed-off-by: Avi Kivity <avi@redhat.com>
> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[...]
Avi, you surely knew this commit was buggy (specifically for i386
userland on an amd64 kernel) since you also committed:
commit c8770e7ba63bb5dd8fe5f9d251275a8fa717fb78
Author: Avi Kivity <avi@redhat.com>
Date: Thu Nov 11 12:37:26 2010 +0200
KVM: VMX: Fix host userspace gsbase corruption
I realise it wasn't ready for stable as Linus only pulled it in
2.6.37-rc3, but surely that means this neither of the changes should
have gone into 2.6.32.26. Why didn't you respond to the review??
Ben.
--
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 828 bytes --]
next reply other threads:[~2010-11-26 1:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-26 1:15 Ben Hutchings [this message]
2010-11-26 8:32 ` [Stable-review] [22/45] KVM: Fix fs/gs reload oops with invalid ldt Avi Kivity
2010-11-27 0:40 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1290734130.2928.24.camel@localhost \
--to=ben@decadent.org.uk \
--cc=avi@redhat.com \
--cc=gregkh@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=stable-review@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.