From: Kamal Mostafa <kamal@canonical.com>
To: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org, kernel-team@lists.ubuntu.com,
Nadav Amit <namit@cs.technion.ac.il>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH 3.13.y-ckt 100/103] KVM: x86: Fix of previously incomplete fix for CVE-2014-8480
Date: Tue, 24 Feb 2015 07:59:49 -0800 [thread overview]
Message-ID: <1424793589.20843.1.camel@fourier> (raw)
In-Reply-To: <1424305990-17983-101-git-send-email-kamal@canonical.com>
On Wed, 2015-02-18 at 16:33 -0800, Kamal Mostafa wrote:
> 3.13.11-ckt16 -stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Nadav Amit <nadav.amit@gmail.com>
>
> commit 63ea0a49ae0b145b91ff2b070c01b66fc75854b9 upstream.
>
> STR and SLDT with rip-relative operand can cause a host kernel oops.
> Mark them as DstMem as well.
Dropping this one from 3.13-stable, per Nadav's advice to other pre-3.17
stables.
-Kamal
> Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
> ---
> arch/x86/kvm/emulate.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
> index 4919b95..569c8ed 100644
> --- a/arch/x86/kvm/emulate.c
> +++ b/arch/x86/kvm/emulate.c
> @@ -3733,8 +3733,8 @@ static const struct opcode group5[] = {
> };
>
> static const struct opcode group6[] = {
> - DI(Prot, sldt),
> - DI(Prot, str),
> + DI(Prot | DstMem, sldt),
> + DI(Prot | DstMem, str),
> II(Prot | Priv | SrcMem16, em_lldt, lldt),
> II(Prot | Priv | SrcMem16, em_ltr, ltr),
> N, N, N, N,
next prev parent reply other threads:[~2015-02-24 16:00 UTC|newest]
Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-19 0:31 [3.13.y-ckt stable] Linux 3.13.11-ckt16 stable review Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 001/103] crypto: prefix module autoloading with "crypto-" Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 002/103] crypto: add missing crypto module aliases Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 003/103] crypto: include crypto- module prefix in template Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 004/103] crypto: crc32c - add missing crypto module alias Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 005/103] drm/i915: Invalidate media caches on gen7 Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 006/103] drm/i915: Force the CS stall for invalidate flushes Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 007/103] audit: restore AUDIT_LOGINUID unset ABI Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 008/103] parisc: fix out-of-register compiler error in ldcw inline assembler function Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 009/103] kvm: x86: drop severity of "generation wraparound" message Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 010/103] udf: Verify i_size when loading inode Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 011/103] udf: Verify symlink size before loading it Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 012/103] udf: Check path length when reading symlink Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 013/103] udf: Check component length before reading it Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 014/103] crypto: af_alg - fix backlog handling Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 015/103] ASoC: dwc: Ensure FIFOs are flushed to prevent channel swap Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 016/103] video/logo: prevent use of logos after they have been freed Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 017/103] video/fbdev: fix defio's fsync Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 018/103] Add USB_EHCI_EXYNOS to multi_v7_defconfig Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 019/103] drm/i915: Swap primary planes on gen2 for FBC Kamal Mostafa
2015-02-19 9:31 ` Ville Syrjälä
2015-02-19 18:55 ` Kamal Mostafa
2015-02-19 20:31 ` Ville Syrjälä
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 020/103] drm/i915: Don't call intel_prepare_page_flip() multiple times on gen2-4 Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 021/103] x86, vdso: Use asm volatile in __getcpu Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 022/103] drivers: net: cpsw: enable interrupts after napi enable and clearing previous interrupts Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 023/103] net: ethernet: cpsw: fix hangs with interrupts Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 024/103] ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups for IDT/STAC codecs Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 025/103] drm/radeon: KV has three PPLLs (v2) Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 026/103] drm/radeon: properly filter DP1.2 4k modes on non-DP1.2 hw Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 027/103] virtio_pci: defer kfree until release callback Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 028/103] virtio_pci: document why we defer kfree Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 029/103] mm: propagate error from stack expansion even for guard page Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 030/103] ALSA: hda - Add new GPU codec ID to snd-hda Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 031/103] ALSA: hda - Add new GPU codec ID 0x10de0070 " Kamal Mostafa
2015-02-19 0:31 ` [PATCH 3.13.y-ckt 032/103] ALSA: hda - Add new GPU codec ID 0x10de0072 " Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 033/103] vfio-pci: Fix the check on pci device type in vfio_pci_probe() Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 034/103] mm: prevent endless growth of anon_vma hierarchy Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 035/103] mm: protect set_page_dirty() from ongoing truncation Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 036/103] mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 037/103] HID: roccat: potential out of bounds in pyra_sysfs_write_settings() Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 038/103] mm: Don't count the stack guard page towards RLIMIT_STACK Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 039/103] mm: fix corner case in anon_vma endless growing prevention Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 040/103] usb: musb: stuff leak of struct usb_hcd Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 041/103] usb: gadget: udc: atmel: change setting for DMA Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 042/103] usb: gadget: udc: atmel: fix possible IN hang issue Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 043/103] ARM: clk-imx6q: fix video divider for rev T0 1.0 Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 044/103] ARM: dts: imx25: Fix the SPI1 clocks Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 045/103] USB: cp210x: fix ID for production CEL MeshConnect USB Stick Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 046/103] USB: keyspan: fix null-deref at probe Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 047/103] ARM: omap5/dra7xx: Fix frequency typos Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 048/103] LOCKD: Fix a race when initialising nlmsvc_timeout Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 049/103] NFSv4.1: Fix client id trunking on Linux Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 050/103] USB: cp210x: add IDs for CEL USB sticks and MeshWorks devices Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 051/103] USB: qcserial/option: make AT URCs work for Sierra Wireless MC73xx Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 052/103] USB: EHCI: fix initialization bug in iso_stream_schedule() Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 053/103] OHCI: add a quirk for ULi M5237 blocking on reset Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 054/103] mei: clean reset bit before reset Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 055/103] target: Drop arbitrary maximum I/O size limit Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 056/103] usb: gadget: udc: atmel: fix possible oops when unloading module Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 057/103] USB: console: fix uninitialised ldisc semaphore Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 058/103] USB: console: fix potential use after free Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 059/103] mmc: sdhci: Fix sleep in atomic after inserting SD card Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 060/103] usb: dwc3: gadget: Fix TRB preparation during SG Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 061/103] usb: dwc3: gadget: Stop TRB preparation after limit is reached Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 062/103] ftrace/jprobes/x86: Fix conflict between jprobes and function graph tracing Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 063/103] clocksource: exynos_mct: Fix bitmask regression for exynos4_mct_write Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 064/103] time: settimeofday: Validate the values of tv from user Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 065/103] time: adjtimex: Validate the ADJ_FREQUENCY values Kamal Mostafa
2015-02-19 2:08 ` John Stultz
2015-02-19 18:31 ` Kamal Mostafa
2015-02-23 23:31 ` John Stultz
2015-02-24 17:41 ` Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 066/103] Input: i8042 - reset keyboard to fix Elantech touchpad detection Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 067/103] drm/radeon: fix VM flush on cayman/aruba (v3) Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 068/103] drm/radeon: fix VM flush on SI (v3) Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 069/103] drm/radeon: fix VM flush on CIK (v3) Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 070/103] drm/radeon: add a dpm quirk list Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 071/103] Input: elantech - support new ICs types for version 4 Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 072/103] Input: I8042 - add Acer Aspire 7738 to the nomux list Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 073/103] drm/i915: Fix mutex->owner inspection race under DEBUG_MUTEXES Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 074/103] drm/radeon: add si dpm quirk list Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 075/103] pinctrl: Fix two deadlocks Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 076/103] gpio / ACPI: register to ACPI events automatically Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 077/103] gpio: fix memory and reference leaks in gpiochip_add error path Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 078/103] gpio: fix sleep-while-atomic in gpiochip_remove Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 079/103] can: dev: fix crtlmode_supported check Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 080/103] can: kvaser_usb: Don't free packets when tight on URBs Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 081/103] can: kvaser_usb: Reset all URB tx contexts upon channel close Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 082/103] can: kvaser_usb: Don't send a RESET_CHIP for non-existing channels Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 083/103] gpio: sysfs: fix gpio-chip device-attribute leak Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 084/103] gpio: sysfs: fix gpio " Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 085/103] gpiolib: of: Correct error handling in of_get_named_gpiod_flags Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 086/103] ALSA: usb-audio: Add mic volume fix quirk for Logitech Webcam C210 Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 087/103] fix deadlock in cifs_ioctl_clone() Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 088/103] ipr: wait for aborted command responses Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 089/103] libata: allow sata_sil24 to opt-out of tag ordered submission Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 090/103] scripts/recordmcount.pl: There is no -m32 gcc option on Super-H anymore Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 091/103] libata: prevent HSM state change race between ISR and PIO Kamal Mostafa
2015-02-19 0:32 ` [PATCH 3.13.y-ckt 092/103] bus: mvebu-mbus: fix support of MBus window 13 Kamal Mostafa
2015-02-19 0:33 ` [PATCH 3.13.y-ckt 093/103] ARM: dts: imx25: Fix PWM "per" clocks Kamal Mostafa
2015-02-19 0:33 ` [PATCH 3.13.y-ckt 094/103] x86, boot: Skip relocs when load address unchanged Kamal Mostafa
2015-02-19 0:33 ` [PATCH 3.13.y-ckt 095/103] x86, hyperv: Mark the Hyper-V clocksource as being continuous Kamal Mostafa
2015-02-19 0:33 ` [PATCH 3.13.y-ckt 096/103] x86, tls, ldt: Stop checking lm in LDT_empty Kamal Mostafa
2015-02-19 0:33 ` [PATCH 3.13.y-ckt 097/103] x86, tls: Interpret an all-zero struct user_desc as "no segment" Kamal Mostafa
2015-02-19 0:33 ` [PATCH 3.13.y-ckt 098/103] x86/apic: Re-enable PCI_MSI support for non-SMP X86_32 Kamal Mostafa
2015-02-19 0:33 ` [PATCH 3.13.y-ckt 099/103] x86/tsc: Change Fast TSC calibration failed from error to info Kamal Mostafa
2015-02-19 0:33 ` [PATCH 3.13.y-ckt 100/103] KVM: x86: Fix of previously incomplete fix for CVE-2014-8480 Kamal Mostafa
2015-02-24 15:59 ` Kamal Mostafa [this message]
2015-02-19 0:33 ` [PATCH 3.13.y-ckt 101/103] KVM: x86: SYSENTER emulation is broken Kamal Mostafa
2015-02-19 0:33 ` [PATCH 3.13.y-ckt 102/103] dm cache: share cache-metadata object across inactive and active DM tables Kamal Mostafa
2015-02-19 0:33 ` [PATCH 3.13.y-ckt 103/103] dm cache: fix problematic dual use of a single migration count variable Kamal Mostafa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1424793589.20843.1.camel@fourier \
--to=kamal@canonical.com \
--cc=kernel-team@lists.ubuntu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=namit@cs.technion.ac.il \
--cc=pbonzini@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox