On 2015/3/11 23:04, Greg KH wrote: > On Tue, Mar 10, 2015 at 08:29:01PM +0800, Zhiqiang Zhang wrote: >> From: Nadav Amit <namit@xxxxxxxxxxxxxxxxx> >> >> commit f3747379accba8e95d70cec0eae0582c8c182050 upstream >> >> SYSENTER emulation is broken in several ways: >> 1. It misses the case of 16-bit code segments completely (CVE-2015-0239). >> 2. MSR_IA32_SYSENTER_CS is checked in 64-bit mode incorrectly (bits 0 and 1 can >> still be set without causing #GP). >> 3. MSR_IA32_SYSENTER_EIP and MSR_IA32_SYSENTER_ESP are not masked in >> legacy-mode. >> 4. There is some unneeded code. >> >> Fix it. >> >> Cc: stable@xxxxxxxxxxxxxx >> Signed-off-by: Nadav Amit <namit@xxxxxxxxxxxxxxxxx> >> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx> >> [zhangzhiqiang: backport to 3.10: >> - adjust context >> - in 3.10 context "ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF)" is replaced by >> "ctxt->eflags &= ~(EFLG_VM | EFLG_IF)" in upstream, which was changed by another commit. >> - After the above adjustments, becomes same to the original patch: >> https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050 >> ] >> Signed-off-by: Zhiqiang Zhang <zhangzhiqiang.zhang@xxxxxxxxxx> >> --- >> arch/x86/kvm/emulate.c | 27 ++++++++------------------- >> 1 file changed, 8 insertions(+), 19 deletions(-) > > What about a backport to 3.14-stable as well? > > thanks, > > greg k-h > > . > hi greg k-h It has been tested,this patch is also adapt to 3.14-stables. BTW,[PATCH] netfilter: conntrack: disable generic tracking for known protocols,which send at same time with this, fixes CVE-2014-8160, is also a backport form upstream. please know. thanks. zhangzhiqiang -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html