From a688ee48fbe75bff74c836eee5735a9fe0d521d6 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sun, 26 Apr 2020 20:31:39 +0200 Subject: [PATCH] KVM: nVMX: Don't emulate instructions in guest mode (CVE-2020-2732) --- debian/changelog | 6 ++++ ...t-emulate-instructions-in-guest-mode.patch | 35 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 42 insertions(+) create mode 100644 debian/patches/bugfix/x86/KVM-nVMX-Don-t-emulate-instructions-in-guest-mode.patch diff --git a/debian/changelog b/debian/changelog index 6a0635372..bd599b5e4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +linux (4.19.98-1+deb10u1) UNRELEASED; urgency=medium + + * [x86] KVM: nVMX: Don't emulate instructions in guest mode (CVE-2020-2732) + + -- Salvatore Bonaccorso Sun, 26 Apr 2020 20:32:58 +0200 + linux (4.19.98-1) buster; urgency=medium * New upstream stable update: diff --git a/debian/patches/bugfix/x86/KVM-nVMX-Don-t-emulate-instructions-in-guest-mode.patch b/debian/patches/bugfix/x86/KVM-nVMX-Don-t-emulate-instructions-in-guest-mode.patch new file mode 100644 index 000000000..13c8e0e0a --- /dev/null +++ b/debian/patches/bugfix/x86/KVM-nVMX-Don-t-emulate-instructions-in-guest-mode.patch @@ -0,0 +1,35 @@ +From: Paolo Bonzini +Date: Tue, 4 Feb 2020 15:26:29 -0800 +Subject: KVM: nVMX: Don't emulate instructions in guest mode +Origin: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-2732 + +vmx_check_intercept is not yet fully implemented. To avoid emulating +instructions disallowed by the L1 hypervisor, refuse to emulate +instructions by default. + +Cc: stable@vger.kernel.org +[Made commit, added commit msg - Oliver] +Signed-off-by: Oliver Upton +Signed-off-by: Paolo Bonzini +[Salvatore Bonaccorso: Backport to 4.19: Adjust filename to arch/x86/kvm/vmx.c] +--- + arch/x86/kvm/vmx/vmx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c +index dcca514ffd42..5801a86f9c24 100644 +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -7164,7 +7164,7 @@ static int vmx_check_intercept(struct kvm_vcpu *vcpu, + } + + /* TODO: check more intercepts... */ +- return X86EMUL_CONTINUE; ++ return X86EMUL_UNHANDLEABLE; + } + + #ifdef CONFIG_X86_64 +-- +2.26.2 + diff --git a/debian/patches/series b/debian/patches/series index b3d3a2b6b..2a903f935 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -304,6 +304,7 @@ debian/ntfs-mark-it-as-broken.patch bugfix/all/libertas-fix-two-buffer-overflows-at-parsing-bss-descriptor.patch bugfix/all/wimax-i2400-fix-memory-leak.patch bugfix/all/wimax-i2400-fix-memory-leak-in-i2400m_op_rfkill_sw_toggle.patch +bugfix/x86/KVM-nVMX-Don-t-emulate-instructions-in-guest-mode.patch # Backported change to provide boot-time entropy bugfix/all/random-try-to-actively-add-entropy-rather-than-passi.patch