diff options
| author | Josh Boyer <jwboyer@fedoraproject.org> | 2014-12-10 13:48:47 -0500 |
|---|---|---|
| committer | Josh Boyer <jwboyer@fedoraproject.org> | 2014-12-10 13:48:47 -0500 |
| commit | 1dfa3b196c74bc686d682ad9b663f72394f550d7 (patch) | |
| tree | 5383293dfd5187a415aebf0f00ead16caaae4e85 | |
| parent | 1726616e3c47f95ac966bbe71c1890c024e5e8ef (diff) | |
| download | kernel-1dfa3b196c74bc686d682ad9b663f72394f550d7.tar.gz kernel-1dfa3b196c74bc686d682ad9b663f72394f550d7.tar.xz kernel-1dfa3b196c74bc686d682ad9b663f72394f550d7.zip | |
CVE-2014-8134 fix espfix for 32-bit KVM paravirt guests (rhbz 1172765 1172769)
| -rw-r--r-- | kernel.spec | 9 | ||||
| -rw-r--r-- | x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch | 73 |
2 files changed, 82 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec index 6895dcaa..417f5091 100644 --- a/kernel.spec +++ b/kernel.spec @@ -621,6 +621,9 @@ Patch26058: asus-nb-wmi-Add-wapf4-quirk-for-the-X550VB.patch #rhbz 1135338 Patch26090: HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch +#CVE-2014-8134 rhbz 1172765 1172769 +Patch26091: x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch + # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel Patch30000: kernel-arm64.patch @@ -1352,6 +1355,9 @@ ApplyPatch asus-nb-wmi-Add-wapf4-quirk-for-the-X550VB.patch #rhbz 1135338 ApplyPatch HID-add-support-for-MS-Surface-Pro-3-Type-Cover.patch +#CVE-2014-8134 rhbz 1172765 1172769 +ApplyPatch x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch + %if 0%{?aarch64patches} ApplyPatch kernel-arm64.patch %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does. @@ -2226,6 +2232,9 @@ fi # ||----w | # || || %changelog +* Wed Dec 10 2014 Josh Boyer <jwboyer@fedoraproject.org> +- CVE-2014-8134 fix espfix for 32-bit KVM paravirt guests (rhbz 1172765 1172769) + * Mon Dec 08 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.17.6-300 - Linux v3.17.6 diff --git a/x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch b/x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch new file mode 100644 index 00000000..ba6928d8 --- /dev/null +++ b/x86-kvm-Clear-paravirt_enabled-on-KVM-guests-for-esp.patch @@ -0,0 +1,73 @@ +From 0fdb006a5af7f391a6de4ce810aba4af46c427e4 Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski <luto@amacapital.net> +Date: Fri, 5 Dec 2014 19:03:28 -0800 +Subject: [PATCH] x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's + benefit + +paravirt_enabled has the following effects: + + - Disables the F00F bug workaround warning. There is no F00F bug + workaround any more because Linux's standard IDT handling already + works around the F00F bug, but the warning still exists. This + is only cosmetic, and, in any event, there is no such thing as + KVM on a CPU with the F00F bug. + + - Disables 32-bit APM BIOS detection. On a KVM paravirt system, + there should be no APM BIOS anyway. + + - Disables tboot. I think that the tboot code should check the + CPUID hypervisor bit directly if it matters. + + - paravirt_enabled disables espfix32. espfix32 should *not* be + disabled under KVM paravirt. + +The last point is the purpose of this patch. It fixes a leak of the +high 16 bits of the kernel stack address on 32-bit KVM paravirt +guests. + +While I'm at it, this removes pv_info setup from kvmclock. That +code seems to serve no purpose. + +Cc: stable@vger.kernel.org +Signed-off-by: Andy Lutomirski <luto@amacapital.net> +--- + arch/x86/kernel/kvm.c | 9 ++++++++- + arch/x86/kernel/kvmclock.c | 2 -- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c +index 3dd8e2c4d74a..07de51f66deb 100644 +--- a/arch/x86/kernel/kvm.c ++++ b/arch/x86/kernel/kvm.c +@@ -282,7 +282,14 @@ NOKPROBE_SYMBOL(do_async_page_fault); + static void __init paravirt_ops_setup(void) + { + pv_info.name = "KVM"; +- pv_info.paravirt_enabled = 1; ++ ++ /* ++ * KVM isn't paravirt in the sense of paravirt_enabled. A KVM ++ * guest kernel works like a bare metal kernel with additional ++ * features, and paravirt_enabled is about features that are ++ * missing. ++ */ ++ pv_info.paravirt_enabled = 0; + + if (kvm_para_has_feature(KVM_FEATURE_NOP_IO_DELAY)) + pv_cpu_ops.io_delay = kvm_io_delay; +diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c +index d9156ceecdff..d4d9a8ad7893 100644 +--- a/arch/x86/kernel/kvmclock.c ++++ b/arch/x86/kernel/kvmclock.c +@@ -263,8 +263,6 @@ void __init kvmclock_init(void) + #endif + kvm_get_preset_lpj(); + clocksource_register_hz(&kvm_clock, NSEC_PER_SEC); +- pv_info.paravirt_enabled = 1; +- pv_info.name = "KVM"; + + if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE_STABLE_BIT)) + pvclock_set_flags(PVCLOCK_TSC_STABLE_BIT); +-- +2.1.0 + |