From: Greg KH <gregkh@suse.de>
To: Avi Kivity <avi@redhat.com>
Cc: Ben Hutchings <ben@decadent.org.uk>,
Marcelo Tosatti <mtosatti@redhat.com>,
stable-review@kernel.org, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [Stable-review] [22/45] KVM: Fix fs/gs reload oops with invalid ldt
Date: Fri, 26 Nov 2010 16:40:09 -0800 [thread overview]
Message-ID: <20101127004009.GA12212@suse.de> (raw)
In-Reply-To: <4CEF7085.6080200@redhat.com>
On Fri, Nov 26, 2010 at 10:32:05AM +0200, Avi Kivity wrote:
> On 11/26/2010 03:15 AM, Ben Hutchings wrote:
>> Greg KH<gregkh@suse.de> wrote:
>> > 2.6.32-stable review patch. If anyone has any objections, please let us know.
>>
>> Obviously it's a bit late now, but...
>>
>> > ------------------
>> >
>> > From: Avi Kivity<avi@redhat.com>
>> >
>> > commit 9581d442b9058d3699b4be568b6e5eae38a41493 upstream
>> >
>> > kvm reloads the host's fs and gs blindly, however the underlying segment
>> > descriptors may be invalid due to the user modifying the ldt after loading
>> > them.
>> >
>> > Fix by using the safe accessors (loadsegment() and load_gs_index()) instead
>> > of home grown unsafe versions.
>> >
>> > This is CVE-2010-3698.
>> >
>> > Signed-off-by: Avi Kivity<avi@redhat.com>
>> > Signed-off-by: Marcelo Tosatti<mtosatti@redhat.com>
>> > Signed-off-by: Greg Kroah-Hartman<gregkh@suse.de>
>> [...]
>>
>> Avi, you surely knew this commit was buggy (specifically for i386
>> userland on an amd64 kernel) since you also committed:
>>
>> commit c8770e7ba63bb5dd8fe5f9d251275a8fa717fb78
>> Author: Avi Kivity<avi@redhat.com>
>> Date: Thu Nov 11 12:37:26 2010 +0200
>>
>> KVM: VMX: Fix host userspace gsbase corruption
>>
>> I realise it wasn't ready for stable as Linus only pulled it in
>> 2.6.37-rc3, but surely that means this neither of the changes should
>> have gone into 2.6.32.26. Why didn't you respond to the review??
>>
>
> I don't actually read those review emails, there are too many of them.
Please read the ones that are cc:ed to you, otherwise it's pretty
pointless for me to send them out :(
thanks,
greg k-h
prev parent reply other threads:[~2010-11-27 0:41 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-26 1:15 [Stable-review] [22/45] KVM: Fix fs/gs reload oops with invalid ldt Ben Hutchings
2010-11-26 8:32 ` Avi Kivity
2010-11-27 0:40 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101127004009.GA12212@suse.de \
--to=gregkh@suse.de \
--cc=avi@redhat.com \
--cc=ben@decadent.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=stable-review@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.