From: Ben Hutchings <ben@decadent.org.uk>
To: Greg KH <gregkh@suse.de>
Cc: linux-kernel@vger.kernel.org, stable@kernel.org,
Gleb Natapov <gleb@redhat.com>, Avi Kivity <avi@redhat.com>,
akpm@linux-foundation.org, torvalds@linux-foundation.org,
stable-review@kernel.org, alan@lxorguk.ukuu.org.uk
Subject: Re: [Stable-review] [141/145] KVM: x86 emulator: Check CPL level during privilege instruction emulation
Date: Sat, 13 Mar 2010 20:37:57 +0000 [thread overview]
Message-ID: <1268512677.2664.23.camel@localhost> (raw)
In-Reply-To: <20100313002717.508317046@kvm.kroah.org>
[-- Attachment #1: Type: text/plain, Size: 861 bytes --]
On Fri, 2010-03-12 at 16:27 -0800, Greg KH wrote:
> 2.6.32-stable review patch. If anyone has any objections, please let me know.
>
> ----------------
> From: Gleb Natapov <gleb@redhat.com>
>
> commit e92805ac1228626c59c865f2f4e9059b9fb8c97b upstream.
>
> Add CPL checking in case emulator is tricked into emulating
> privilege instruction from userspace.
There were more security fixes released along with this, which surely
belong in a stable update:
1871c6020d7308afb99127bba51f04548e7ca84e KVM: x86 emulator: fix memory access during x86 emulation
f850e2e603bf5a05b0aee7901857cf85715aa694 KVM: x86 emulator: Check IOPL level during io instruction emulation
d4c6a1549c056f1d817e8f6f2f97d8b44933472f KVM: x86 emulator: Fix popf emulation
Ben.
--
Ben Hutchings
It's easier to fight for one's principles than to live up to them.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 828 bytes --]
next prev parent reply other threads:[~2010-03-13 20:38 UTC|newest]
Thread overview: 156+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-13 0:28 [000/145] 2.6.32.10-stable review Greg KH
2010-03-13 0:25 ` [001/145] fix LOOKUP_FOLLOW on automount "symlinks" Greg KH
2010-03-13 0:25 ` [002/145] ARM: 5944/1: scsi: fix timer setup in fas216.c Greg KH
2010-03-13 0:25 ` [003/145] V4L/DVB: dvb: l64781.ko broken with gcc 4.5 Greg KH
2010-03-13 0:25 ` [004/145] [WATCHDOG] bfin: fix max timeout calculation Greg KH
2010-03-13 0:25 ` [005/145] V4L/DVB: Video : pwc : Fix regression in pwc_set_shutter_speed caused by bad constant => sizeof conversion Greg KH
2010-03-13 0:25 ` [006/145] V4L/DVB: bttv: Move I2C IR initialization Greg KH
2010-03-13 0:25 ` [007/145] V4L/DVB: cxusb: Select all required frontend and tuner modules Greg KH
2010-03-13 3:48 ` Ben Hutchings
2010-03-15 15:48 ` Greg KH
2010-03-13 0:25 ` [008/145] memcg: fix oom killing a child process in an other cgroup Greg KH
2010-03-13 0:25 ` [009/145] fs/exec.c: fix initial stack reservation Greg KH
2010-03-13 0:25 ` [010/145] iwlwifi: error checking for number of tfds in queue Greg KH
2010-03-13 0:25 ` [011/145] iwlwifi: set HT flags after channel in rxon Greg KH
2010-03-13 0:25 ` [012/145] iwlwifi: sanity check before counting number of tfds can be free Greg KH
2010-03-13 0:25 ` [013/145] netlabel: fix export of SELinux categories > 127 Greg KH
2010-03-13 0:25 ` [014/145] ahci: disable FPDMA auto-activate optimization on NVIDIA AHCI Greg KH
2010-03-13 0:25 ` [015/145] PCI hotplug: ibmphp: read the length of ebda and map entire ebda region Greg KH
2010-03-13 0:25 ` [016/145] PCI hotplug: check ioremap() return value in ibmphp_ebda.c Greg KH
2010-03-13 0:25 ` [017/145] ACPI: remove Asus P2B-DS from acpi=ht blacklist Greg KH
2010-03-13 0:25 ` [018/145] ACPI: fix "acpi=ht" boot option Greg KH
2010-03-13 0:25 ` [019/145] thinkpad-acpi: wrong thermal attribute_group removed in thermal_exit() Greg KH
2010-03-13 0:25 ` [020/145] ACPI, i915: blacklist Clevo M5x0N bad_lid state Greg KH
2010-03-13 0:25 ` [021/145] ACPI: Be in TS_POLLING state during mwait based C-state entry Greg KH
2010-03-13 0:25 ` [022/145] [SCSI] mpt2sas: Delete volume before HBA detach Greg KH
2010-03-13 0:25 ` [023/145] slab: initialize unused alien cache entry as NULL at alloc_alien_cache() Greg KH
2010-03-13 0:25 ` [024/145] mac80211: quit addba_resp_timer if Tx BA session is torn down Greg KH
2010-03-13 0:25 ` [025/145] V4L/DVB (13991): gspca_mr973010a: Fix cif type 1 cameras not streaming on UHCI controllers Greg KH
2010-03-13 0:25 ` [026/145] vfs: take f_lock on modifying f_mode after open time Greg KH
2010-03-13 0:26 ` [027/145] readahead: introduce FMODE_RANDOM for POSIX_FADV_RANDOM Greg KH
2010-03-13 0:26 ` [028/145] HID: remove TENX iBuddy from blacklist Greg KH
2010-03-13 0:26 ` [029/145] HID: add multi-input quirk for NextWindow Touchscreen Greg KH
2010-03-13 0:26 ` [030/145] HID: usbhid: introduce timeout for stuck ctrl/out URBs Greg KH
2010-03-13 0:26 ` [031/145] airo: fix setting zero length WEP key Greg KH
2010-03-13 0:26 ` [032/145] idr: fix a critical misallocation bug, take#2 Greg KH
2010-03-13 0:26 ` [033/145] Switch proc/self to nd_set_link() Greg KH
2010-03-13 0:26 ` [034/145] sparc: Align clone and signal stacks to 16 bytes Greg KH
2010-03-13 0:26 ` [035/145] sparc32: Fix page_to_phys() Greg KH
2010-03-13 0:26 ` [036/145] sparc32: Fix struct stat uid/gid types Greg KH
2010-03-13 0:26 ` [037/145] sparc: leds_resource.end assigned to itself in clock_board_probe() Greg KH
2010-03-13 0:26 ` [038/145] sparc64: Fix sun4u execute bit check in TSB I-TLB load Greg KH
2010-03-13 0:26 ` [039/145] net: Fix sysctl restarts Greg KH
2010-03-13 0:26 ` [040/145] net-sysfs: Use rtnl_trylock in wireless sysfs methods Greg KH
2010-03-13 0:26 ` [041/145] net: bug fix for vlan + gro issue Greg KH
2010-03-13 0:26 ` [042/145] inet: Remove bogus IGMPv3 report handling Greg KH
2010-03-13 0:26 ` [043/145] ipv6: conntrack: Add member of user to nf_ct_frag6_queue structure Greg KH
2010-03-13 0:26 ` [044/145] drivers/net: ks8851_mll ethernet network driver Greg KH
2010-03-13 0:26 ` [045/145] sky2: fix transmit DMA map leakage Greg KH
2010-03-13 0:26 ` [046/145] drm/radeon/kms: Forbid creation of framebuffer with no valid GEM object Greg KH
2010-03-13 0:26 ` [047/145] drm/radeon/kms: r600/r700 dont test ib if ib initialization fails Greg KH
2010-03-13 0:26 ` [048/145] drm/radeon: r6xx/r7xx possible security issue, system ram access Greg KH
2010-03-13 0:26 ` [049/145] SCSI: qla2xxx: Obtain proper host structure during response-queue processing Greg KH
2010-03-13 0:26 ` [050/145] rtc-core: fix memory leak Greg KH
2010-03-13 0:26 ` [051/145] drm/i915: fix get_core_clock_speed for G33 class desktop chips Greg KH
2010-03-13 0:26 ` [052/145] drm/i915: disable TV hotplug status check Greg KH
2010-03-13 0:26 ` [053/145] offb: Add support for framebuffer handoff to offb Greg KH
2010-03-13 0:26 ` [054/145] tpm_tis: TPM_STS_DATA_EXPECT workaround Greg KH
2010-03-13 0:26 ` [055/145] rndis_wlan: handle NL80211_AUTHTYPE_AUTOMATIC Greg KH
2010-03-13 0:26 ` [056/145] rndis_wlan: fix buffer overflow in rndis_query_oid Greg KH
2010-03-13 0:26 ` [057/145] rndis_wlan: disable stall workaround Greg KH
2010-03-13 0:26 ` [058/145] net/via-rhine: Fix scheduling while atomic bugs Greg KH
2010-03-13 0:26 ` [059/145] clocksource: Fix up a registration/IRQ race in the sh drivers Greg KH
2010-03-13 0:26 ` [060/145] SCSI: qla1280: Drop host_lock while requesting firmware Greg KH
2010-03-13 0:26 ` [061/145] Staging: hv: add a pci device table Greg KH
2010-03-13 0:26 ` [062/145] Staging: hv: match on DMI values to know if we should run Greg KH
2010-03-13 0:26 ` [063/145] Staging: mimio: remove the mimio driver Greg KH
2010-03-13 0:26 ` [064/145] dvb-core: Fix DoS bug in ULE decapsulation code that can be triggered by an invalid Payload Pointer Greg KH
2010-03-13 0:26 ` [065/145] V4L/DVB (13148): uvcvideo: Handle V4L2_CTRL_TYPE_BUTTON control type in VIDIOC_QUERYCTRL Greg KH
2010-03-13 0:26 ` [066/145] PM / Hibernate: Fix preallocating of memory Greg KH
2010-03-13 0:26 ` [067/145] macintosh/therm_adt746x: Fix sysfs attributes lifetime Greg KH
2010-03-13 0:26 ` [068/145] macintosh/hwmon/ams: Fix device removal sequence Greg KH
2010-03-13 0:26 ` [069/145] oprofile/x86: fix perfctr nmi reservation for mulitplexing Greg KH
2010-03-13 0:26 ` [070/145] oprofile: remove tracing build dependency Greg KH
2010-03-13 0:26 ` [071/145] oprofile/x86: remove node check in AMD IBS initialization Greg KH
2010-03-13 0:26 ` [072/145] oprofile/x86: use kzalloc() instead of kmalloc() Greg KH
2010-03-13 0:26 ` [073/145] oprofile/x86: fix msr access to reserved counters Greg KH
2010-03-13 0:26 ` [074/145] ALSA: hda: Use 3stack quirk for Toshiba Satellite L40-10Q Greg KH
2010-03-13 0:26 ` [075/145] ALSA: via82xx: add quirk for D1289 motherboard Greg KH
2010-03-13 0:26 ` [076/145] ALSA: pcm core - fix fifo_size channels interval check Greg KH
2010-03-13 0:26 ` [077/145] ALSA: USB MIDI support for Access Music VirusTI Greg KH
2010-03-13 0:26 ` [078/145] ALSA: hda: Use LPIB for Dell Latitude 131L Greg KH
2010-03-13 0:26 ` [079/145] ALSA: hda: Use LPIB for a Biostar Microtech board Greg KH
2010-03-13 0:26 ` [080/145] ALSA: hda - Add a position_fix quirk for MSI Wind U115 Greg KH
2010-03-13 0:26 ` [081/145] ALSA: hda - Add position_fix quirk for HP dv3 Greg KH
2010-03-13 0:26 ` [082/145] ALSA: hda-intel: Add position_fix quirk for ASUS M2V-MX SE Greg KH
2010-03-13 0:26 ` [083/145] ASoC: fix ak4104 register array access Greg KH
2010-03-13 0:26 ` [084/145] driver-core: fix race condition in get_device_parent() Greg KH
2010-03-13 0:26 ` [085/145] Driver-Core: devtmpfs - reset inode permissions before unlinking Greg KH
2010-03-13 0:26 ` [086/145] tty: Fix the ldisc hangup race Greg KH
2010-03-13 0:27 ` [087/145] serial: imx: fix NULL dereference Oops when pdata == NULL Greg KH
2010-03-13 0:27 ` [088/145] USB: serial: sierra driver indat_callback fix Greg KH
2010-03-13 0:27 ` [089/145] USB: SIS USB2VGA DRIVER: support KAIRENs USB VGA adaptor USB20SVGA-MB-PLUS Greg KH
2010-03-13 0:27 ` [090/145] USB: fix I2C API usage in ohci-pnx4008 Greg KH
2010-03-13 0:27 ` [091/145] p54usb: Add the USB ID for Belkin (Accton) FD7050E ver 1010ec Greg KH
2010-03-13 0:27 ` [092/145] p54pci: handle dma mapping errors Greg KH
2010-03-13 0:27 ` [093/145] gpiolib: Actually set output state in wm831x_gpio_direction_output() Greg KH
2010-03-13 0:27 ` [094/145] hwmon: (tmp421) Fix temperature conversions Greg KH
2010-03-13 0:27 ` [095/145] hwmon: (tmp421) Restore missing inputs Greg KH
2010-03-13 0:27 ` [096/145] pata_hpt3x2n: always stretch UltraDMA timing Greg KH
2010-03-13 0:27 ` [097/145] scm: Only support SCM_RIGHTS on unix domain sockets Greg KH
2010-03-13 0:27 ` [098/145] ath9k: fix beacon timer restart after a card reset Greg KH
2010-03-13 0:27 ` [099/145] ath9k: fix rate control fallback rate selection Greg KH
2010-03-13 0:27 ` [100/145] ath9k: disable RIFS search for AR91xx based chips Greg KH
2010-03-13 0:27 ` [101/145] ath5k: use correct packet type when transmitting Greg KH
2010-03-13 0:27 ` [102/145] b43/b43legacy: Wake queues in wireless_core_start Greg KH
2010-03-13 0:27 ` [103/145] netfilter: xt_recent: fix buffer overflow Greg KH
2010-03-13 0:27 ` [104/145] netfilter: xt_recent: fix false match Greg KH
2010-03-13 6:24 ` [Stable-review] " Willy Tarreau
2010-03-13 14:40 ` Tim Gardner
2010-03-13 17:01 ` Willy Tarreau
2010-03-13 0:27 ` [105/145] sunxvr500: Additional PCI id for sunxvr500 driver Greg KH
2010-03-13 0:27 ` [106/145] thinkpad-acpi: fix poll thread auto-start Greg KH
2010-03-13 0:27 ` [107/145] thinkpad-acpi: R52 brightness_mode has been confirmed Greg KH
2010-03-13 0:27 ` [108/145] thinkpad-acpi: document HKEY event 3006 Greg KH
2010-03-13 0:27 ` [109/145] thinkpad-acpi: make driver events work in NVRAM poll mode Greg KH
2010-03-13 0:27 ` [110/145] thinkpad-acpi: fix bluetooth/wwan resume Greg KH
2010-03-13 0:27 ` [111/145] ocfs2: Only bug out in direct io write for reflinked extent Greg KH
2010-03-13 0:27 ` [112/145] x86, ia32_aout: do not kill argument mapping Greg KH
2010-03-13 0:27 ` [113/145] x86: Add iMac9,1 to pci_reboot_dmi_table Greg KH
2010-03-13 0:27 ` [114/145] x86, xen: Disable highmem PTE allocation even when CONFIG_HIGHPTE=y Greg KH
2010-03-13 0:27 ` [115/145] x86: Avoid race condition in pci_enable_msix() Greg KH
2010-03-13 0:27 ` [116/145] x86: Fix SCI on IOAPIC != 0 Greg KH
2010-03-13 0:27 ` [117/145] USB: xhci: Fix finding extended capabilities registers Greg KH
2010-03-13 0:27 ` [118/145] USB: fix the idProduct value for USB-3.0 root hubs Greg KH
2010-03-13 0:27 ` [119/145] USB: fix crash in uhci_scan_schedule Greg KH
2010-03-13 0:27 ` [120/145] USB: remove debugging message for uevent constructions Greg KH
2010-03-13 0:27 ` [121/145] USB: Move hcd free_dev call into usb_disconnect to fix oops Greg KH
2010-03-13 0:27 ` [122/145] USB: ftdi_sio: isolate all device IDs to new ftdi_sio_ids.h header Greg KH
2010-03-13 0:27 ` [123/145] USB: ftdi_sio: sort PID/VID entries in " Greg KH
2010-03-13 0:27 ` [124/145] USB: ftdi_sio: new device id for papouch AD4USB Greg KH
2010-03-13 0:27 ` [125/145] USB: ftdi_sio: add device IDs (several ELV, one Mindstorms NXT) Greg KH
2010-03-13 0:27 ` [126/145] USB: add new ftdi_sio device ids Greg KH
2010-03-13 0:27 ` [127/145] USB: serial: ftdi: add CONTEC vendor and product id Greg KH
2010-03-13 0:27 ` [128/145] USB: cp210x: Add 81E8 (Zephyr Bioharness) Greg KH
2010-03-13 0:27 ` [129/145] USB: unusual_devs: Add support for multiple Option 3G sticks Greg KH
2010-03-13 0:27 ` [130/145] drm/i915: Use a dmi quirk to skip a broken SDVO TV output Greg KH
2010-03-13 0:27 ` [131/145] drm/ttm: handle OOM in ttm_tt_swapout Greg KH
2010-03-13 0:27 ` [132/145] sunrpc: remove unnecessary svc_xprt_put Greg KH
2010-03-13 0:27 ` [133/145] SUNRPC: Handle EINVAL error returns from the TCP connect operation Greg KH
2010-03-13 0:27 ` [134/145] s3cmci: s3cmci_card_present: Use no_detect to decide whether there is a card detect pin Greg KH
2010-03-13 0:27 ` [135/145] rtc-coh901331: fix braces in resume code Greg KH
2010-03-13 0:27 ` [136/145] NFS: Fix an allocation-under-spinlock bug Greg KH
2010-03-13 0:27 ` [137/145] dm: free dm_io before bio_endio not after Greg KH
2010-03-13 0:27 ` [138/145] KVM: x86 emulator: Add group8 instruction decoding Greg KH
2010-03-13 0:27 ` [139/145] KVM: x86 emulator: Forbid modifying CS segment register by mov instruction Greg KH
2010-03-13 0:27 ` [140/145] KVM: x86 emulator: Add group9 instruction decoding Greg KH
2010-03-13 0:27 ` [141/145] KVM: x86 emulator: Check CPL level during privilege instruction emulation Greg KH
2010-03-13 20:37 ` Ben Hutchings [this message]
2010-03-13 22:16 ` [Stable-review] " Greg KH
2010-03-14 18:22 ` Stefan Bader
2010-03-13 0:27 ` [142/145] sched: Fix sched_mv_power_savings for !SMT Greg KH
2010-03-13 0:27 ` [143/145] sched: Fix SMT scheduler regression in find_busiest_queue() Greg KH
2010-03-13 0:27 ` [144/145] sched: Dont use possibly stale sched_class Greg KH
2010-03-13 0:27 ` [145/145] x86, mm: Allow highmem user page tables to be disabled at boot time Greg KH
2010-03-13 2:58 ` [000/145] 2.6.32.10-stable review Grant Coady
2010-03-13 3:27 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1268512677.2664.23.camel@localhost \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=avi@redhat.com \
--cc=gleb@redhat.com \
--cc=gregkh@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox