Patch "x86/mm/xen: Suppress hugetlbfs in PV guests" (CVE-2016-3961) is missing in 3.4, 3.10 and 3.12 stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

the following patch is present in the following LTS kernels

>=linux-3.2.81
>=linux-3.16.36
>=linux-3.18.33
>=linux-4.1.24
>=linux-4.4.9


however it is missing from LTS kernels

- linux-3.4
- linux-3.10
- linux-3.12


> From 103f6112f253017d7062cd74d17f4a514ed4485c Mon Sep 17 00:00:00 2001
> From: Jan Beulich <JBeulich@xxxxxxxx>
> Date: Thu, 21 Apr 2016 00:27:04 -0600
> Subject: x86/mm/xen: Suppress hugetlbfs in PV guests
> 
> Huge pages are not normally available to PV guests. Not suppressing
> hugetlbfs use results in an endless loop of page faults when user mode
> code tries to access a hugetlbfs mapped area (since the hypervisor
> denies such PTEs to be created, but error indications can't be
> propagated out of xen_set_pte_at(), just like for various of its
> siblings), and - once killed in an oops like this:
> 
>   kernel BUG at .../fs/hugetlbfs/inode.c:428!
>   invalid opcode: 0000 [#1] SMP
>   ...
>   RIP: e030:[<ffffffff811c333b>]  [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
>   ...
>   Call Trace:
>    [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
>    [<ffffffff81167b3d>] evict+0xbd/0x1b0
>    [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
>    [<ffffffff81165b0e>] dput+0x1fe/0x220
>    [<ffffffff81150535>] __fput+0x155/0x200
>    [<ffffffff81079fc0>] task_work_run+0x60/0xa0
>    [<ffffffff81063510>] do_exit+0x160/0x400
>    [<ffffffff810637eb>] do_group_exit+0x3b/0xa0
>    [<ffffffff8106e8bd>] get_signal+0x1ed/0x470
>    [<ffffffff8100f854>] do_signal+0x14/0x110
>    [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
>    [<ffffffff814178a5>] retint_user+0x8/0x13
> 
> This is CVE-2016-3961 / XSA-174.
> 
> Reported-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
> Cc: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxxxx>
> Cc: Brian Gerst <brgerst@xxxxxxxxx>
> Cc: David Vrabel <david.vrabel@xxxxxxxxxx>
> Cc: Denys Vlasenko <dvlasenk@xxxxxxxxxx>
> Cc: H. Peter Anvin <hpa@xxxxxxxxx>
> Cc: Juergen Gross <JGross@xxxxxxxx>
> Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Cc: Luis R. Rodriguez <mcgrof@xxxxxxxx>
> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Toshi Kani <toshi.kani@xxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
> Link: http://lkml.kernel.org/r/57188ED802000078000E431C@xxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=103f6112f253017d7062cd74d17f4a514ed4485c


-- 
Regards,
Thomas

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]