On Mon, Apr 15, 2013 at 03:12:24AM +0100, Ben Hutchings wrote: > Brad Spengler pointed out that some KVM security fixes are missing from > the 3.2 branches. Three recent commits were marked as such: > > c300aa64ddf5 KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) > 0b79459b482e KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) > a2c118bfab8b KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) > > The first and third of these can be cherry-picked cleanly onto 3.2.y, > while the second required backporting; I've attached my backported > version of that. The result passed the kvmclock unit tests, but the > apic unit tests failed on my test system (running Debian unstable): > > qemu: hardware error: isa irq 16 invalid > > However this is not a regression and is presumably a bug in QEMU, not > the kernel code. > > All these changes are already present in Debian's 3.2-based kernel > package and I don't think we've had any reports of regressions. > > These fixes are also needed for all other 3.x.y branches, but I haven't > tested on other branches. Thanks for letting me know, I've been relying on the KVM maintainers to let us know what patches need to be applied for stable branches, but that hasn't happened in a _long_ time. Can some KVM developer let me know if they have an objection to me taking these patches? Brad, thanks for letting us know about this, much appreciated. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html