On Tue, Mar 10, 2015 at 08:29:01PM +0800, Zhiqiang Zhang wrote: > From: Nadav Amit <namit@xxxxxxxxxxxxxxxxx> > > commit f3747379accba8e95d70cec0eae0582c8c182050 upstream > > SYSENTER emulation is broken in several ways: > 1. It misses the case of 16-bit code segments completely (CVE-2015-0239). > 2. MSR_IA32_SYSENTER_CS is checked in 64-bit mode incorrectly (bits 0 and 1 can > still be set without causing #GP). > 3. MSR_IA32_SYSENTER_EIP and MSR_IA32_SYSENTER_ESP are not masked in > legacy-mode. > 4. There is some unneeded code. > > Fix it. > > Cc: stable@xxxxxxxxxxxxxx > Signed-off-by: Nadav Amit <namit@xxxxxxxxxxxxxxxxx> > Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx> > [zhangzhiqiang: backport to 3.10: > - adjust context > - in 3.10 context "ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF)" is replaced by > "ctxt->eflags &= ~(EFLG_VM | EFLG_IF)" in upstream, which was changed by another commit. > - After the above adjustments, becomes same to the original patch: > https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050 > ] > Signed-off-by: Zhiqiang Zhang <zhangzhiqiang.zhang@xxxxxxxxxx> > --- > arch/x86/kvm/emulate.c | 27 ++++++++------------------- > 1 file changed, 8 insertions(+), 19 deletions(-) What about a backport to 3.14-stable as well? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html