forked from rpms/kernel
		
	CVE-2014-8134 fix espfix for 32-bit KVM paravirt guests (rhbz 1172765 1172769)
This commit is contained in:
		
							parent
							
								
									371262f1b4
								
							
						
					
					
						commit
						49da9ad901
					
				| @ -612,6 +612,9 @@ Patch26064: Input-add-driver-for-the-Goodix-touchpanel.patch | ||||
| #rhbz 1135338 | ||||
| Patch26070: HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch | ||||
| 
 | ||||
| #CVE-2014-8134 rhbz 1172765 1172769 | ||||
| Patch26091: x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch | ||||
| 
 | ||||
| # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel | ||||
| Patch30000: kernel-arm64.patch | ||||
| 
 | ||||
| @ -1333,6 +1336,9 @@ ApplyPatch Input-add-driver-for-the-Goodix-touchpanel.patch | ||||
| #rhbz 1135338 | ||||
| ApplyPatch HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch | ||||
| 
 | ||||
| #CVE-2014-8134 rhbz 1172765 1172769 | ||||
| ApplyPatch x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch | ||||
| 
 | ||||
| %if 0%{?aarch64patches} | ||||
| ApplyPatch kernel-arm64.patch | ||||
| %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does. | ||||
| @ -2201,6 +2207,9 @@ fi | ||||
| #                                    ||----w | | ||||
| #                                    ||     || | ||||
| %changelog | ||||
| * Wed Dec 10 2014 Josh Boyer <jwboyer@fedoraproject.org> | ||||
| - CVE-2014-8134 fix espfix for 32-bit KVM paravirt guests (rhbz 1172765 1172769) | ||||
| 
 | ||||
| * Tue Dec 09 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.18.0-1 | ||||
| - Linux v3.18 | ||||
| 
 | ||||
|  | ||||
							
								
								
									
										73
									
								
								x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										73
									
								
								x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,73 @@ | ||||
| From 0fdb006a5af7f391a6de4ce810aba4af46c427e4 Mon Sep 17 00:00:00 2001 | ||||
| From: Andy Lutomirski <luto@amacapital.net> | ||||
| Date: Fri, 5 Dec 2014 19:03:28 -0800 | ||||
| Subject: [PATCH] x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's | ||||
|  benefit | ||||
| 
 | ||||
| paravirt_enabled has the following effects: | ||||
| 
 | ||||
|  - Disables the F00F bug workaround warning.  There is no F00F bug | ||||
|    workaround any more because Linux's standard IDT handling already | ||||
|    works around the F00F bug, but the warning still exists.  This | ||||
|    is only cosmetic, and, in any event, there is no such thing as | ||||
|    KVM on a CPU with the F00F bug. | ||||
| 
 | ||||
|  - Disables 32-bit APM BIOS detection.  On a KVM paravirt system, | ||||
|    there should be no APM BIOS anyway. | ||||
| 
 | ||||
|  - Disables tboot.  I think that the tboot code should check the | ||||
|    CPUID hypervisor bit directly if it matters. | ||||
| 
 | ||||
|  - paravirt_enabled disables espfix32.  espfix32 should *not* be | ||||
|    disabled under KVM paravirt. | ||||
| 
 | ||||
| The last point is the purpose of this patch.  It fixes a leak of the | ||||
| high 16 bits of the kernel stack address on 32-bit KVM paravirt | ||||
| guests. | ||||
| 
 | ||||
| While I'm at it, this removes pv_info setup from kvmclock.  That | ||||
| code seems to serve no purpose. | ||||
| 
 | ||||
| Cc: stable@vger.kernel.org | ||||
| Signed-off-by: Andy Lutomirski <luto@amacapital.net> | ||||
| ---
 | ||||
|  arch/x86/kernel/kvm.c      | 9 ++++++++- | ||||
|  arch/x86/kernel/kvmclock.c | 2 -- | ||||
|  2 files changed, 8 insertions(+), 3 deletions(-) | ||||
| 
 | ||||
| diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
 | ||||
| index 3dd8e2c4d74a..07de51f66deb 100644
 | ||||
| --- a/arch/x86/kernel/kvm.c
 | ||||
| +++ b/arch/x86/kernel/kvm.c
 | ||||
| @@ -282,7 +282,14 @@ NOKPROBE_SYMBOL(do_async_page_fault);
 | ||||
|  static void __init paravirt_ops_setup(void) | ||||
|  { | ||||
|  	pv_info.name = "KVM"; | ||||
| -	pv_info.paravirt_enabled = 1;
 | ||||
| +
 | ||||
| +	/*
 | ||||
| +	 * KVM isn't paravirt in the sense of paravirt_enabled.  A KVM
 | ||||
| +	 * guest kernel works like a bare metal kernel with additional
 | ||||
| +	 * features, and paravirt_enabled is about features that are
 | ||||
| +	 * missing.
 | ||||
| +	 */
 | ||||
| +	pv_info.paravirt_enabled = 0;
 | ||||
|   | ||||
|  	if (kvm_para_has_feature(KVM_FEATURE_NOP_IO_DELAY)) | ||||
|  		pv_cpu_ops.io_delay = kvm_io_delay; | ||||
| diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
 | ||||
| index d9156ceecdff..d4d9a8ad7893 100644
 | ||||
| --- a/arch/x86/kernel/kvmclock.c
 | ||||
| +++ b/arch/x86/kernel/kvmclock.c
 | ||||
| @@ -263,8 +263,6 @@ void __init kvmclock_init(void)
 | ||||
|  #endif | ||||
|  	kvm_get_preset_lpj(); | ||||
|  	clocksource_register_hz(&kvm_clock, NSEC_PER_SEC); | ||||
| -	pv_info.paravirt_enabled = 1;
 | ||||
| -	pv_info.name = "KVM";
 | ||||
|   | ||||
|  	if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE_STABLE_BIT)) | ||||
|  		pvclock_set_flags(PVCLOCK_TSC_STABLE_BIT); | ||||
| -- 
 | ||||
| 2.1.0 | ||||
| 
 | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user