Greg KH <[email protected]> wrote:
> 2.6.32-stable review patch. If anyone has any objections, please let us know.
Obviously it's a bit late now, but...
> ------------------
>
> From: Avi Kivity <[email protected]>
>
> commit 9581d442b9058d3699b4be568b6e5eae38a41493 upstream
>
> kvm reloads the host's fs and gs blindly, however the underlying segment
> descriptors may be invalid due to the user modifying the ldt after loading
> them.
>
> Fix by using the safe accessors (loadsegment() and load_gs_index()) instead
> of home grown unsafe versions.
>
> This is CVE-2010-3698.
>
> Signed-off-by: Avi Kivity <[email protected]>
> Signed-off-by: Marcelo Tosatti <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
[...]
Avi, you surely knew this commit was buggy (specifically for i386
userland on an amd64 kernel) since you also committed:
commit c8770e7ba63bb5dd8fe5f9d251275a8fa717fb78
Author: Avi Kivity <[email protected]>
Date: Thu Nov 11 12:37:26 2010 +0200
KVM: VMX: Fix host userspace gsbase corruption
I realise it wasn't ready for stable as Linus only pulled it in
2.6.37-rc3, but surely that means this neither of the changes should
have gone into 2.6.32.26. Why didn't you respond to the review??
Ben.
--
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
On 11/26/2010 03:15 AM, Ben Hutchings wrote:
> Greg KH<[email protected]> wrote:
> > 2.6.32-stable review patch. If anyone has any objections, please let us know.
>
> Obviously it's a bit late now, but...
>
> > ------------------
> >
> > From: Avi Kivity<[email protected]>
> >
> > commit 9581d442b9058d3699b4be568b6e5eae38a41493 upstream
> >
> > kvm reloads the host's fs and gs blindly, however the underlying segment
> > descriptors may be invalid due to the user modifying the ldt after loading
> > them.
> >
> > Fix by using the safe accessors (loadsegment() and load_gs_index()) instead
> > of home grown unsafe versions.
> >
> > This is CVE-2010-3698.
> >
> > Signed-off-by: Avi Kivity<[email protected]>
> > Signed-off-by: Marcelo Tosatti<[email protected]>
> > Signed-off-by: Greg Kroah-Hartman<[email protected]>
> [...]
>
> Avi, you surely knew this commit was buggy (specifically for i386
> userland on an amd64 kernel) since you also committed:
>
> commit c8770e7ba63bb5dd8fe5f9d251275a8fa717fb78
> Author: Avi Kivity<[email protected]>
> Date: Thu Nov 11 12:37:26 2010 +0200
>
> KVM: VMX: Fix host userspace gsbase corruption
>
> I realise it wasn't ready for stable as Linus only pulled it in
> 2.6.37-rc3, but surely that means this neither of the changes should
> have gone into 2.6.32.26. Why didn't you respond to the review??
>
I don't actually read those review emails, there are too many of them.
The fix will go into 2.6.32.stable in time. Fixing the vulnerability
was more important than i386-on-x86_64 anyway.
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
On Fri, Nov 26, 2010 at 10:32:05AM +0200, Avi Kivity wrote:
> On 11/26/2010 03:15 AM, Ben Hutchings wrote:
>> Greg KH<[email protected]> wrote:
>> > 2.6.32-stable review patch. If anyone has any objections, please let us know.
>>
>> Obviously it's a bit late now, but...
>>
>> > ------------------
>> >
>> > From: Avi Kivity<[email protected]>
>> >
>> > commit 9581d442b9058d3699b4be568b6e5eae38a41493 upstream
>> >
>> > kvm reloads the host's fs and gs blindly, however the underlying segment
>> > descriptors may be invalid due to the user modifying the ldt after loading
>> > them.
>> >
>> > Fix by using the safe accessors (loadsegment() and load_gs_index()) instead
>> > of home grown unsafe versions.
>> >
>> > This is CVE-2010-3698.
>> >
>> > Signed-off-by: Avi Kivity<[email protected]>
>> > Signed-off-by: Marcelo Tosatti<[email protected]>
>> > Signed-off-by: Greg Kroah-Hartman<[email protected]>
>> [...]
>>
>> Avi, you surely knew this commit was buggy (specifically for i386
>> userland on an amd64 kernel) since you also committed:
>>
>> commit c8770e7ba63bb5dd8fe5f9d251275a8fa717fb78
>> Author: Avi Kivity<[email protected]>
>> Date: Thu Nov 11 12:37:26 2010 +0200
>>
>> KVM: VMX: Fix host userspace gsbase corruption
>>
>> I realise it wasn't ready for stable as Linus only pulled it in
>> 2.6.37-rc3, but surely that means this neither of the changes should
>> have gone into 2.6.32.26. Why didn't you respond to the review??
>>
>
> I don't actually read those review emails, there are too many of them.
Please read the ones that are cc:ed to you, otherwise it's pretty
pointless for me to send them out :(
thanks,
greg k-h