From dbe11b4d3b467280f9014099b26b2c66cafa0508 Mon Sep 17 00:00:00 2001 From: Aurelien Jarno Date: Fri, 26 Feb 2016 09:29:02 +0100 Subject: [PATCH] [x86] KVM: fix conversion of addresses to linear in 32-bit protected mode. --- debian/changelog | 4 ++ ...s-to-linear-in-32-bit-protected-mode.patch | 58 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 63 insertions(+) create mode 100644 debian/patches/bugfix/x86/kvm-fix-conversion-of-addresses-to-linear-in-32-bit-protected-mode.patch diff --git a/debian/changelog b/debian/changelog index c07872917..e14590f93 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,6 +16,10 @@ linux (4.4.2-4) UNRELEASED; urgency=medium - mmc-modules: Depends on usb-modules - usb-modules: Include USB PHY drivers by default + [ Aurelien Jarno ] + * [x86] KVM: fix conversion of addresses to linear in 32-bit protected + mode. + -- Roger Shimizu Wed, 24 Feb 2016 01:30:38 +0900 linux (4.4.2-3) unstable; urgency=medium diff --git a/debian/patches/bugfix/x86/kvm-fix-conversion-of-addresses-to-linear-in-32-bit-protected-mode.patch b/debian/patches/bugfix/x86/kvm-fix-conversion-of-addresses-to-linear-in-32-bit-protected-mode.patch new file mode 100644 index 000000000..96bf2de67 --- /dev/null +++ b/debian/patches/bugfix/x86/kvm-fix-conversion-of-addresses-to-linear-in-32-bit-protected-mode.patch @@ -0,0 +1,58 @@ +From: Paolo Bonzini +Date: Fri, 19 Feb 2016 18:07:21 +0100 +Subject: KVM: x86: fix conversion of addresses to linear in 32-bit protected + mode +Origin: https://git.kernel.org/linus/0c1d77f4ba5cc9c05a29adca3d6466cdf4969b70 + +Commit e8dd2d2d641c ("Silence compiler warning in arch/x86/kvm/emulate.c", +2015-09-06) broke boot of the Hurd. The bug is that the "default:" +case actually could modify "la", but after the patch this change is +not reflected in *linear. + +The bug is visible whenever a non-zero segment base causes the linear +address to wrap around the 4GB mark. + +Fixes: e8dd2d2d641cb2724ee10e76c0ad02e04289c017 +Cc: stable@vger.kernel.org +Reported-by: Aurelien Jarno +Tested-by: Aurelien Jarno +Signed-off-by: Paolo Bonzini +--- + arch/x86/kvm/emulate.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c +index 1505587..b9b09fe 100644 +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -650,10 +650,10 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, + u16 sel; + + la = seg_base(ctxt, addr.seg) + addr.ea; +- *linear = la; + *max_size = 0; + switch (mode) { + case X86EMUL_MODE_PROT64: ++ *linear = la; + if (is_noncanonical_address(la)) + goto bad; + +@@ -662,6 +662,7 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, + goto bad; + break; + default: ++ *linear = la = (u32)la; + usable = ctxt->ops->get_segment(ctxt, &sel, &desc, NULL, + addr.seg); + if (!usable) +@@ -689,7 +690,6 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, + if (size > *max_size) + goto bad; + } +- la &= (u32)-1; + break; + } + if (insn_aligned(ctxt, size) && ((la & (size - 1)) != 0)) +-- +2.7.0 + diff --git a/debian/patches/series b/debian/patches/series index d40378ed9..17a746de9 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -44,6 +44,7 @@ bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch # Arch bug fixes bugfix/x86/drm-i915-shut-up-gen8-sde-irq-dmesg-noise.patch bugfix/x86/drm-vmwgfx-fix-a-width-pitch-mismatch-on-framebuffer.patch +bugfix/x86/kvm-fix-conversion-of-addresses-to-linear-in-32-bit-protected-mode.patch bugfix/mips/mips-math-emu-correctly-handle-nop-emulation.patch # Arch features