Hi, Attached is a debdiff of the changes I made for 85+dfsg-4.1 2-day NMU
Cheers, Giuseppe.
reverted:
--- kvm-85+dfsg/.gitignore
+++ kvm-85+dfsg.orig/.gitignore
@@ -15,19 +15,6 @@
qemu/qemu-nbd
*.ko
*.mod.c
-kernel/kvm_main.c
-kernel/kvm.h
-kernel/kvm_svm.h
-kernel/vmx.[ch]
-kernel/svm.[ch]
-kernel/mmu.c
-kernel/paging_tmpl.h
-kernel/segment_descriptor.h
-kernel/x86_emulate.[ch]
-kernel/include/linux/kvm*.h
-kernel/Module.symvers
-kernel/Modules.symvers
-kernel/.tmp_versions
bios/*.bin
bios/*.sym
bios/*.txt
@@ -37,27 +24,43 @@
extboot/extboot.bin
extboot/extboot.img
extboot/signrom
+kernel/config.kbuild
+kernel/modules.order
+kernel/Module.symvers
+kernel/Modules.symvers
kernel/Module.markers
+kernel/.tmp_versions
-kernel/i825[49].[ch]
kernel/include-compat/asm
kernel/include-compat/asm-x86/asm-x86
kernel/include
+kernel/x86/modules.order
+kernel/x86/i825[49].[ch]
+kernel/x86/kvm_main.c
+kernel/x86/kvm_svm.h
+kernel/x86/vmx.[ch]
+kernel/x86/svm.[ch]
+kernel/x86/mmu.[ch]
+kernel/x86/paging_tmpl.h
+kernel/x86/x86_emulate.[ch]
+kernel/x86/ioapic.[ch]
+kernel/x86/iodev.h
+kernel/x86/irq.[ch]
+kernel/x86/kvm_trace.c
+kernel/x86/lapic.[ch]
+kernel/x86/tss.h
+kernel/x86/x86.[ch]
+kernel/x86/coalesced_mmio.[ch]
+kernel/x86/kvm_cache_regs.h
+kernel/x86/vtd.c
+kernel/x86/irq_comm.c
+kernel/x86/timer.c
+kernel/x86/kvm_timer.h
+kernel/x86/iommu.c
-kernel/ioapic.[ch]
-kernel/iodev.h
-kernel/irq.[ch]
-kernel/kvm_trace.c
-kernel/lapic.[ch]
-kernel/mmu.h
-kernel/modules.order
-kernel/tss.h
-kernel/x86.[ch]
-kernel/coalesced_mmio.c
-kernel/coalesced_mmio.h
-kernel/kvm_cache_regs.h
qemu/pc-bios/extboot.bin
qemu/qemu-doc.html
qemu/*.[18]
qemu/*.pod
qemu/qemu-tech.html
+qemu/qemu-options.texi
user/kvmtrace
user/test/x86/bootstrap
diff -u kvm-85+dfsg/debian/changelog kvm-85+dfsg/debian/changelog
--- kvm-85+dfsg/debian/changelog
+++ kvm-85+dfsg/debian/changelog
@@ -1,3 +1,11 @@
+kvm (85+dfsg-4.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing Security Team.
+ * Considers hypercalls valid only if issued from guest ring 0 (CVE-2009-3290)
+ Thanks to Dann Frazier (Closes: 548975)
+
+ -- Giuseppe Iuculano <iucul...@debian.org> Fri, 09 Oct 2009 19:07:06 +0200
+
kvm (85+dfsg-4) unstable; urgency=low
* upload to unstanble
diff -u kvm-85+dfsg/debian/patches/series kvm-85+dfsg/debian/patches/series
--- kvm-85+dfsg/debian/patches/series
+++ kvm-85+dfsg/debian/patches/series
@@ -10,0 +11 @@
+security/CVE-2009-3290.patch
only in patch2:
unchanged:
--- kvm-85+dfsg.orig/debian/patches/security/CVE-2009-3290.patch
+++ kvm-85+dfsg/debian/patches/security/CVE-2009-3290.patch
@@ -0,0 +1,32 @@
+--- a/kernel/include/linux/kvm_para.h
++++ b/kernel/include/linux/kvm_para.h
+@@ -53,6 +53,7 @@
+ #define KVM_ENOSYS 1000
+ #define KVM_EFAULT EFAULT
+ #define KVM_E2BIG E2BIG
++#define KVM_EPERM EPERM
+
+ #define KVM_HC_VAPIC_POLL_IRQ 1
+ #define KVM_HC_MMU_OP 2
+--- a/kernel/x86/x86.c
++++ b/kernel/x86/x86.c
+@@ -2873,6 +2873,11 @@ int kvm_emulate_hypercall(struct kvm_vcp
+ a3 &= 0xFFFFFFFF;
+ }
+
++ if (kvm_x86_ops->get_cpl(vcpu) != 0) {
++ ret = -KVM_EPERM;
++ goto out;
++ }
++
+ switch (nr) {
+ case KVM_HC_VAPIC_POLL_IRQ:
+ ret = 0;
+@@ -2884,6 +2889,7 @@ int kvm_emulate_hypercall(struct kvm_vcp
+ ret = -KVM_ENOSYS;
+ break;
+ }
++out:
+ kvm_register_write(vcpu, VCPU_REGS_RAX, ret);
+ ++vcpu->stat.hypercalls;
+ return r;
signature.asc
Description: OpenPGP digital signature
