As they are these patches will cause issues for some guests (particular RHEL5) which uses non 32-byte aligned addresses. The documentation specified the alignment requirement, but guests got away with ignoring that requirement and through random luck it never caused an issue before. https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=8f964525a121f2ff2df948dac908dcc65be21b5b Adds support for cross page reads and writes and allows for dropping alignment checks entirely, which will work with any guests regardless of alignment issues. I'd recommend picking up this patch as well, although it isn't as widely tested. https://patchwork.kernel.org/patch/2322271/ is also an option. Someone emailed me that they just used kvm_write_guest, which works just as well for this application. This is a good option for anyone that needs to backport to a really old kernel because the functions used by these patches are newer then the issue and kvm_write_guest has been around much longer. thanks -Andy On Sun, Apr 14, 2013 at 7:17 PM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > On Mon, Apr 15, 2013 at 03:12:24AM +0100, Ben Hutchings wrote: >> Brad Spengler pointed out that some KVM security fixes are missing from >> the 3.2 branches. Three recent commits were marked as such: >> >> c300aa64ddf5 KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) >> 0b79459b482e KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) >> a2c118bfab8b KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) >> >> The first and third of these can be cherry-picked cleanly onto 3.2.y, >> while the second required backporting; I've attached my backported >> version of that. The result passed the kvmclock unit tests, but the >> apic unit tests failed on my test system (running Debian unstable): >> >> qemu: hardware error: isa irq 16 invalid >> >> However this is not a regression and is presumably a bug in QEMU, not >> the kernel code. >> >> All these changes are already present in Debian's 3.2-based kernel >> package and I don't think we've had any reports of regressions. >> >> These fixes are also needed for all other 3.x.y branches, but I haven't >> tested on other branches. > > Thanks for letting me know, I've been relying on the KVM maintainers to > let us know what patches need to be applied for stable branches, but > that hasn't happened in a _long_ time. > > Can some KVM developer let me know if they have an objection to me > taking these patches? > > Brad, thanks for letting us know about this, much appreciated. > > thanks, > > greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html