From 5222653db62559e16e275e75f77572c7d857312c Mon Sep 17 00:00:00 2001 From: Romain Perier Date: Wed, 5 Dec 2018 19:59:32 +0100 Subject: [PATCH] Update to 4.19.7 --- debian/changelog | 3 +- ...ix-pv-ipis-use-before-initialization.patch | 65 ------------------- debian/patches/series | 1 - 3 files changed, 2 insertions(+), 67 deletions(-) delete mode 100644 debian/patches/bugfix/x86/KVM-LAPIC-Fix-pv-ipis-use-before-initialization.patch diff --git a/debian/changelog b/debian/changelog index ac788a328..8b96bab43 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,8 @@ -linux (4.19.6-1~exp1) UNRELEASED; urgency=medium +linux (4.19.7-1~exp1) UNRELEASED; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.6 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7 [ Marcin Juszkiewicz ] * [arm64] Enable ACPI IMPI diff --git a/debian/patches/bugfix/x86/KVM-LAPIC-Fix-pv-ipis-use-before-initialization.patch b/debian/patches/bugfix/x86/KVM-LAPIC-Fix-pv-ipis-use-before-initialization.patch deleted file mode 100644 index a461a1537..000000000 --- a/debian/patches/bugfix/x86/KVM-LAPIC-Fix-pv-ipis-use-before-initialization.patch +++ /dev/null @@ -1,65 +0,0 @@ -From: Wanpeng Li -Date: Tue, 20 Nov 2018 09:39:30 +0800 -Subject: KVM: LAPIC: Fix pv ipis use-before-initialization -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit -Origin: https://git.kernel.org/linus/38ab012f109caf10f471db1adf284e620dd8d701 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-19406 - -Reported by syzkaller: - - BUG: unable to handle kernel NULL pointer dereference at 0000000000000014 - PGD 800000040410c067 P4D 800000040410c067 PUD 40410d067 PMD 0 - Oops: 0000 [#1] PREEMPT SMP PTI - CPU: 3 PID: 2567 Comm: poc Tainted: G OE 4.19.0-rc5 #16 - RIP: 0010:kvm_pv_send_ipi+0x94/0x350 [kvm] - Call Trace: - kvm_emulate_hypercall+0x3cc/0x700 [kvm] - handle_vmcall+0xe/0x10 [kvm_intel] - vmx_handle_exit+0xc1/0x11b0 [kvm_intel] - vcpu_enter_guest+0x9fb/0x1910 [kvm] - kvm_arch_vcpu_ioctl_run+0x35c/0x610 [kvm] - kvm_vcpu_ioctl+0x3e9/0x6d0 [kvm] - do_vfs_ioctl+0xa5/0x690 - ksys_ioctl+0x6d/0x80 - __x64_sys_ioctl+0x1a/0x20 - do_syscall_64+0x83/0x6e0 - entry_SYSCALL_64_after_hwframe+0x49/0xbe - -The reason is that the apic map has not yet been initialized, the testcase -triggers pv_send_ipi interface by vmcall which results in kvm->arch.apic_map -is dereferenced. This patch fixes it by checking whether or not apic map is -NULL and bailing out immediately if that is the case. - -Fixes: 4180bf1b65 (KVM: X86: Implement "send IPI" hypercall) -Reported-by: Wei Wu -Cc: Paolo Bonzini -Cc: Radim Krčmář -Cc: Wei Wu -Signed-off-by: Wanpeng Li -Cc: stable@vger.kernel.org -Signed-off-by: Paolo Bonzini ---- - arch/x86/kvm/lapic.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 89db20f8cb70..02f2291dcf7e 100644 ---- a/arch/x86/kvm/lapic.c -+++ b/arch/x86/kvm/lapic.c -@@ -576,6 +576,11 @@ int kvm_pv_send_ipi(struct kvm *kvm, unsigned long ipi_bitmap_low, - rcu_read_lock(); - map = rcu_dereference(kvm->arch.apic_map); - -+ if (unlikely(!map)) { -+ count = -EOPNOTSUPP; -+ goto out; -+ } -+ - if (min > map->max_apic_id) - goto out; - /* Bits above cluster_size are masked in the caller. */ --- -2.11.0 - diff --git a/debian/patches/series b/debian/patches/series index e7437c770..b5191ac9b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -130,7 +130,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch -bugfix/x86/KVM-LAPIC-Fix-pv-ipis-use-before-initialization.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch