Greg KH wrote: > 2.6.32-stable review patch. If anyone has any objections, please let us know. Obviously it's a bit late now, but... > ------------------ > > From: Avi Kivity > > commit 9581d442b9058d3699b4be568b6e5eae38a41493 upstream > > kvm reloads the host's fs and gs blindly, however the underlying segment > descriptors may be invalid due to the user modifying the ldt after loading > them. > > Fix by using the safe accessors (loadsegment() and load_gs_index()) instead > of home grown unsafe versions. > > This is CVE-2010-3698. > > Signed-off-by: Avi Kivity > Signed-off-by: Marcelo Tosatti > Signed-off-by: Greg Kroah-Hartman [...] Avi, you surely knew this commit was buggy (specifically for i386 userland on an amd64 kernel) since you also committed: commit c8770e7ba63bb5dd8fe5f9d251275a8fa717fb78 Author: Avi Kivity Date: Thu Nov 11 12:37:26 2010 +0200 KVM: VMX: Fix host userspace gsbase corruption I realise it wasn't ready for stable as Linus only pulled it in 2.6.37-rc3, but surely that means this neither of the changes should have gone into 2.6.32.26. Why didn't you respond to the review?? Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse.