Linux v4.10-rc6-24-gf1774f4
This commit is contained in:
parent
c99559a3cd
commit
dea8ff78db
2
gitrev
2
gitrev
@ -1 +1 @@
|
||||
566cf877a1fcb6d6dc0126b076aad062054c2637
|
||||
f1774f46d49f806614d81854321ee9e5138135e5
|
||||
|
11
kernel.spec
11
kernel.spec
@ -42,7 +42,7 @@ Summary: The Linux kernel
|
||||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 2
|
||||
%global baserelease 1
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
@ -69,7 +69,7 @@ Summary: The Linux kernel
|
||||
# The rc snapshot level
|
||||
%global rcrev 6
|
||||
# The git snapshot level
|
||||
%define gitrev 0
|
||||
%define gitrev 1
|
||||
# Set rpm version accordingly
|
||||
%define rpmversion 4.%{upstream_sublevel}.0
|
||||
%endif
|
||||
@ -596,7 +596,7 @@ Patch852: selinux-allow-context-mounts-on-tmpfs-etc.patch
|
||||
# See http://lists.infradead.org/pipermail/linux-arm-kernel/2016-October/461597.html
|
||||
Patch853: 0001-Work-around-for-gcc7-and-arm64.patch
|
||||
|
||||
# CVE-2017-2596 rhbz 1417812 1417813
|
||||
#CVE-2017-2596 rhbz 1417812 1417813
|
||||
Patch854: kvm-fix-page-struct-leak-in-handle_vmon.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
@ -2169,9 +2169,10 @@ fi
|
||||
#
|
||||
#
|
||||
%changelog
|
||||
* Tue Jan 31 2017 Justin M. Forbes <jforbes@fedoraproject.org> - 4.10.0-0.rc6.git0.2
|
||||
* Tue Jan 31 2017 Justin M. Forbes <jforbes@fedoraproject.org> - 4.10.0-0.rc6.git1.1
|
||||
- Linux v4.10-rc6-24-gf1774f4
|
||||
- Reenable debugging options.
|
||||
- Fix kvm nested virt CVE-2017-2596 rhbz (1417812 1417813)
|
||||
- Fix kvm nested virt CVE-2017-2596 (rhbz 1417812 1417813)
|
||||
|
||||
* Mon Jan 30 2017 Justin M. Forbes <jforbes@fedoraproject.org> - 4.10.0-0.rc6.git0.1
|
||||
- Linux v4.10-rc6
|
||||
|
49
kvm-fix-page-struct-leak-in-handle_vmon.patch
Normal file
49
kvm-fix-page-struct-leak-in-handle_vmon.patch
Normal file
@ -0,0 +1,49 @@
|
||||
From patchwork Tue Jan 24 10:56:21 2017
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Subject: kvm: fix page struct leak in handle_vmon
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
X-Patchwork-Id: 9534885
|
||||
Message-Id: <1485255381-18069-1-git-send-email-pbonzini@redhat.com>
|
||||
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
|
||||
Cc: dvyukov@google.com
|
||||
Date: Tue, 24 Jan 2017 11:56:21 +0100
|
||||
|
||||
handle_vmon gets a reference on VMXON region page,
|
||||
but does not release it. Release the reference.
|
||||
|
||||
Found by syzkaller; based on a patch by Dmitry.
|
||||
|
||||
Reported-by: Dmitry Vyukov <dvyukov@google.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Reviewed-by: David Hildenbrand <david@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/vmx.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
|
||||
index 42cc3d6f4d20..0f7345035210 100644
|
||||
--- a/arch/x86/kvm/vmx.c
|
||||
+++ b/arch/x86/kvm/vmx.c
|
||||
@@ -7085,13 +7085,18 @@ static int nested_vmx_check_vmptr(struct kvm_vcpu *vcpu, int exit_reason,
|
||||
}
|
||||
|
||||
page = nested_get_page(vcpu, vmptr);
|
||||
- if (page == NULL ||
|
||||
- *(u32 *)kmap(page) != VMCS12_REVISION) {
|
||||
+ if (page == NULL) {
|
||||
nested_vmx_failInvalid(vcpu);
|
||||
+ return kvm_skip_emulated_instruction(vcpu);
|
||||
+ }
|
||||
+ if (*(u32 *)kmap(page) != VMCS12_REVISION) {
|
||||
kunmap(page);
|
||||
+ nested_release_page_clean(page);
|
||||
+ nested_vmx_failInvalid(vcpu);
|
||||
return kvm_skip_emulated_instruction(vcpu);
|
||||
}
|
||||
kunmap(page);
|
||||
+ nested_release_page_clean(page);
|
||||
vmx->nested.vmxon_ptr = vmptr;
|
||||
break;
|
||||
case EXIT_REASON_VMCLEAR:
|
1
sources
1
sources
@ -1,3 +1,4 @@
|
||||
SHA512 (linux-4.9.tar.xz) = bf67ff812cc3cb7e5059e82cc5db0d9a7c5637f7ed9a42e4730c715bf7047c81ed3a571225f92a33ef0b6d65f35595bc32d773356646df2627da55e9bc7f1f1a
|
||||
SHA512 (perf-man-4.9.tar.gz) = d23bb3da1eadd6623fddbf4696948de7675f3dcf57c711a7427dd7ae111394f58d8f42752938bbea7cd219f1e7f6f116fc67a1c74f769711063940a065f37b99
|
||||
SHA512 (patch-4.10-rc6.xz) = eb6dfcdcb427d198d955b6c2146abd5c6a74d01ab10855d713f33b9c87df05f20f2688cb354d5881dfb82ebdcf4ecac37b36956ff3645977f967f021b52ad507
|
||||
SHA512 (patch-4.10-rc6-git1.xz) = 78244cdca47da41b35ddf6d8573e4ce4c6a42af9ec99a3bb9b725fe9934b4880de3d29500ba99a471d86eb78f8c1587a98013998140381c9885cc11016a294da
|
||||
|
Loading…
Reference in New Issue
Block a user