Home Home > GIT Browse > SLE11-SP4
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichal Hocko <mhocko@suse.com>2019-02-19 12:47:28 +0100
committerMichal Hocko <mhocko@suse.com>2019-02-19 13:16:50 +0100
commit3ac72bd494f0a3ec427add0e25a8fd9fd8b47321 (patch)
tree03823273d2e73cd4d8d9dcdfc1934b75fac9e233
parentc573e949b46956c398c9ac3a339e9f87f3ac8ed9 (diff)
parentcc2ecfe6ae74961f723f1caffcefacd7c6eb1479 (diff)
Merge remote-tracking branch 'origin/cve/linux-3.0' into users/mhocko/SLE11-SP4/for-nextSLE11-SP4
740785ed86533 in SLE11-SP4 already had patches.arch/x86-kvm-Remove-incorrect-redundant-assembly-constrai.patch which came in through cve/linux-3.0 via 3d08a511f3f53 again. Drop the duplicate.
-rw-r--r--patches.arch/kvm-x86-work-around-leak-of-uninitialized-stack-contents-cve-2019-722245
-rw-r--r--series.conf3
2 files changed, 48 insertions, 0 deletions
diff --git a/patches.arch/kvm-x86-work-around-leak-of-uninitialized-stack-contents-cve-2019-7222 b/patches.arch/kvm-x86-work-around-leak-of-uninitialized-stack-contents-cve-2019-7222
new file mode 100644
index 0000000000..607426d732
--- /dev/null
+++ b/patches.arch/kvm-x86-work-around-leak-of-uninitialized-stack-contents-cve-2019-7222
@@ -0,0 +1,45 @@
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 29 Jan 2019 18:41:16 +0100
+Subject: KVM: x86: work around leak of uninitialized stack contents
+ (CVE-2019-7222)
+Git-commit: 353c0956a618a07ba4bbe7ad00ff29fe70e8412a
+Patch-mainline: v5.0-rc6
+References: CVE-2019-7222 bsc#1124735
+
+Bugzilla: 1671930
+
+Emulation of certain instructions (VMXON, VMCLEAR, VMPTRLD, VMWRITE with
+memory operand, INVEPT, INVVPID) can incorrectly inject a page fault
+when passed an operand that points to an MMIO address. The page fault
+will use uninitialized kernel stack memory as the CR2 and error code.
+
+The right behavior would be to abort the VM with a KVM_EXIT_INTERNAL_ERROR
+exit to userspace; however, it is not an easy fix, so for now just
+ensure that the error code and CR2 are zero.
+
+Embargoed until Feb 7th 2019.
+
+Reported-by: Felix Wilhelm <fwilhelm@google.com>
+Cc: stable@kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Acked-by: Joerg Roedel <jroedel@suse.de>
+---
+ arch/x86/kvm/x86.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -3828,6 +3828,13 @@ static int kvm_read_guest_virt(struct x8
+ struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
+ u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
+
++ /*
++ * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED
++ * is returned, but our callers are not ready for that and they blindly
++ * call kvm_inject_page_fault. Ensure that they at least do not leak
++ * uninitialized kernel stack memory into cr2 and error code.
++ */
++ memset(exception, 0, sizeof(*exception));
+ return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, access,
+ exception);
+ }
diff --git a/series.conf b/series.conf
index 08448ff730..a99b46c2a5 100644
--- a/series.conf
+++ b/series.conf
@@ -23933,6 +23933,9 @@
patches.arch/0005-kvm-x86-emulator-return-to-user-mode-on-l1-cpl-0-emulation-failure
patches.arch/0007-kvm-vmx-remove-i-o-port-0x80-bypass-on-intel-hosts
+ # bsc#1124735 CVE-2019-7222
+ patches.arch/kvm-x86-work-around-leak-of-uninitialized-stack-contents-cve-2019-7222
+
########################################################
# Staging tree patches
# new drivers that are going upstream