diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2015-12-31 14:30:23 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2015-12-31 15:16:33 +0000 |
| commit | 7dbea86ac6d1cc87bf497ecefa083787a5ee84c1 (patch) | |
| tree | 94ed508981b4683c0a61ace3609ed299c38ecdce /main/linux-grsec/kvm-svm-unconditionally-intercept-#db.patch | |
| parent | 1ea05c13c66c6cf58724e7a68474a0421fc26235 (diff) | |
| download | aports-7dbea86ac6d1cc87bf497ecefa083787a5ee84c1.tar.bz2 aports-7dbea86ac6d1cc87bf497ecefa083787a5ee84c1.tar.xz | |
main/linux-grsec: security fixes
Diffstat (limited to 'main/linux-grsec/kvm-svm-unconditionally-intercept-#db.patch')
| -rw-r--r-- | main/linux-grsec/kvm-svm-unconditionally-intercept-#db.patch | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/main/linux-grsec/kvm-svm-unconditionally-intercept-#db.patch b/main/linux-grsec/kvm-svm-unconditionally-intercept-#db.patch new file mode 100644 index 0000000000..938219ea1a --- /dev/null +++ b/main/linux-grsec/kvm-svm-unconditionally-intercept-#db.patch @@ -0,0 +1,80 @@ +From cbdb967af3d54993f5814f1cee0ed311a055377d Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini <pbonzini@redhat.com> +Date: Tue, 10 Nov 2015 09:14:39 +0100 +Subject: KVM: svm: unconditionally intercept #DB + +This is needed to avoid the possibility that the guest triggers +an infinite stream of #DB exceptions (CVE-2015-8104). + +VMX is not affected: because it does not save DR6 in the VMCS, +it already intercepts #DB unconditionally. + +Reported-by: Jan Beulich <jbeulich@suse.com> +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + arch/x86/kvm/svm.c | 14 +++----------- + 1 file changed, 3 insertions(+), 11 deletions(-) + +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c +index 1839264..1cc1ffc 100644 +--- a/arch/x86/kvm/svm.c ++++ b/arch/x86/kvm/svm.c +@@ -1020,6 +1020,7 @@ static void init_vmcb(struct vcpu_svm *svm) + set_exception_intercept(svm, UD_VECTOR); + set_exception_intercept(svm, MC_VECTOR); + set_exception_intercept(svm, AC_VECTOR); ++ set_exception_intercept(svm, DB_VECTOR); + + set_intercept(svm, INTERCEPT_INTR); + set_intercept(svm, INTERCEPT_NMI); +@@ -1554,20 +1555,13 @@ static void svm_set_segment(struct kvm_vcpu *vcpu, + mark_dirty(svm->vmcb, VMCB_SEG); + } + +-static void update_db_bp_intercept(struct kvm_vcpu *vcpu) ++static void update_bp_intercept(struct kvm_vcpu *vcpu) + { + struct vcpu_svm *svm = to_svm(vcpu); + +- clr_exception_intercept(svm, DB_VECTOR); + clr_exception_intercept(svm, BP_VECTOR); + +- if (svm->nmi_singlestep) +- set_exception_intercept(svm, DB_VECTOR); +- + if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) { +- if (vcpu->guest_debug & +- (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) +- set_exception_intercept(svm, DB_VECTOR); + if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP) + set_exception_intercept(svm, BP_VECTOR); + } else +@@ -1673,7 +1667,6 @@ static int db_interception(struct vcpu_svm *svm) + if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP)) + svm->vmcb->save.rflags &= + ~(X86_EFLAGS_TF | X86_EFLAGS_RF); +- update_db_bp_intercept(&svm->vcpu); + } + + if (svm->vcpu.guest_debug & +@@ -3661,7 +3654,6 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu) + */ + svm->nmi_singlestep = true; + svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF); +- update_db_bp_intercept(vcpu); + } + + static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr) +@@ -4287,7 +4279,7 @@ static struct kvm_x86_ops svm_x86_ops = { + .vcpu_load = svm_vcpu_load, + .vcpu_put = svm_vcpu_put, + +- .update_db_bp_intercept = update_db_bp_intercept, ++ .update_db_bp_intercept = update_bp_intercept, + .get_msr = svm_get_msr, + .set_msr = svm_set_msr, + .get_segment_base = svm_get_segment_base, +-- +cgit v0.11.2 + |