On 2015/3/11 23:04, Greg KH wrote: > On Tue, Mar 10, 2015 at 08:29:01PM +0800, Zhiqiang Zhang wrote: >> From: Nadav Amit <[email protected]> >> >> commit f3747379accba8e95d70cec0eae0582c8c182050 upstream >> >> SYSENTER emulation is broken in several ways: >> 1. It misses the case of 16-bit code segments completely (CVE-2015-0239). >> 2. MSR_IA32_SYSENTER_CS is checked in 64-bit mode incorrectly (bits 0 and 1 >> can >> still be set without causing #GP). >> 3. MSR_IA32_SYSENTER_EIP and MSR_IA32_SYSENTER_ESP are not masked in >> legacy-mode. >> 4. There is some unneeded code. >> >> Fix it. >> >> Cc: [email protected] >> Signed-off-by: Nadav Amit <[email protected]> >> Signed-off-by: Paolo Bonzini <[email protected]> >> [zhangzhiqiang: backport to 3.10: >> - adjust context >> - in 3.10 context "ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF)" is >> replaced by >> "ctxt->eflags &= ~(EFLG_VM | EFLG_IF)" in upstream, which was changed by >> another commit. >> - After the above adjustments, becomes same to the original patch: >> >> https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050 >> ] >> Signed-off-by: Zhiqiang Zhang <[email protected]> >> --- >> arch/x86/kvm/emulate.c | 27 ++++++++------------------- >> 1 file changed, 8 insertions(+), 19 deletions(-) > > What about a backport to 3.14-stable as well? > > thanks, > > greg k-h > > . > hi greg k-h
It has been tested,this patch is also adapt to 3.14-stables. BTW,[PATCH] netfilter: conntrack: disable generic tracking for known protocols,which send at same time with this, fixes CVE-2014-8160, is also a backport form upstream. please know. thanks. zhangzhiqiang -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
