rpms/kernel/F-13 kvm-mmu-fix-conflict-access-permissions-in-direct-sp.patch, NONE, 1.1.2.2 kernel.spec, 1.2084.2.1, 1.2084.2.2
Chuck Ebbert
cebbert at fedoraproject.org
Fri Jul 23 16:03:36 UTC 2010
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv2034
Modified Files:
Tag: private-f13-2_6_33
kernel.spec
Added Files:
Tag: private-f13-2_6_33
kvm-mmu-fix-conflict-access-permissions-in-direct-sp.patch
Log Message:
kvm-mmu-fix-conflict-access-permissions-in-direct-sp.patch:
Fix crash in guest Python programs (#610911)
kvm-mmu-fix-conflict-access-permissions-in-direct-sp.patch:
paging_tmpl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE kvm-mmu-fix-conflict-access-permissions-in-direct-sp.patch ---
>From 567b1bbf982637ce3f0ac8597af91ae8106648c8 Mon Sep 17 00:00:00 2001
From: Xiao Guangrong <xiaoguangrong at cn.fujitsu.com>
Date: Wed, 30 Jun 2010 16:02:45 +0800
Subject: [PATCH] KVM: MMU: fix conflict access permissions in direct sp
In no-direct mapping, we mark sp is 'direct' when we mapping the
guest's larger page, but its access is encoded form upper page-struct
entire not include the last mapping, it will cause access conflict.
For example, have this mapping:
[W]
/ PDE1 -> |---|
P[W] | | LPA
\ PDE2 -> |---|
[R]
P have two children, PDE1 and PDE2, both PDE1 and PDE2 mapping the
same lage page(LPA). The P's access is WR, PDE1's access is WR,
PDE2's access is RO(just consider read-write permissions here)
When guest access PDE1, we will create a direct sp for LPA, the sp's
access is from P, is W, then we will mark the ptes is W in this sp.
Then, guest access PDE2, we will find LPA's shadow page, is the same as
PDE's, and mark the ptes is RO.
So, if guest access PDE1, the incorrect #PF is occured.
Fixed by encode the last mapping access into direct shadow page
Signed-off-by: Xiao Guangrong <xiaoguangrong at cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
Signed-off-by: Avi Kivity <avi at redhat.com>
---
arch/x86/kvm/paging_tmpl.h | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index ede2131..b473c0f 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -336,6 +336,7 @@ static u64 *FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
/* advance table_gfn when emulating 1gb pages with 4k */
if (delta == 0)
table_gfn += PT_INDEX(addr, level);
+ access &= gw->pte_access;
} else {
direct = 0;
table_gfn = gw->table_gfn[level - 2];
--
1.7.1
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-13/kernel.spec,v
retrieving revision 1.2084.2.1
retrieving revision 1.2084.2.2
diff -u -p -r1.2084.2.1 -r1.2084.2.2
--- kernel.spec 23 Jul 2010 15:43:58 -0000 1.2084.2.1
+++ kernel.spec 23 Jul 2010 16:03:35 -0000 1.2084.2.2
@@ -866,6 +866,8 @@ Patch13060: x86-debug-send-sigtrap-for-u
Patch13070: cifs-fix-malicious-redirect-problem-in-the-dns-lookup-code.patch
+Patch13080: kvm-mmu-fix-conflict-access-permissions-in-direct-sp.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1584,6 +1586,9 @@ ApplyPatch x86-debug-send-sigtrap-for-us
# CVE-2010-2524
ApplyPatch cifs-fix-malicious-redirect-problem-in-the-dns-lookup-code.patch
+# 610911
+ApplyPatch kvm-mmu-fix-conflict-access-permissions-in-direct-sp.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2232,6 +2237,10 @@ fi
%changelog
+* Fri Jul 23 2010 Chuck Ebbert <cebbert at redhat.com> 2.6.33.6-147.2.2
+- kvm-mmu-fix-conflict-access-permissions-in-direct-sp.patch:
+ Fix crash in guest Python programs (#610911)
+
* Fri Jul 23 2010 Chuck Ebbert <cebbert at redhat.com> 2.6.33.6-147.2.1
- cifs-fix-malicious-redirect-problem-in-the-dns-lookup-code.patch:
Fix a malicious redirect problem in the DNS lookup code (CVE-2010-2524)
More information about the scm-commits
mailing list