diff options
author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-07-03 22:27:40 -0400 |
---|---|---|
committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-07-03 22:27:40 -0400 |
commit | 9559758c7862b74bd81f7ec754c7be896f251772 (patch) | |
tree | 068ca3b06d5e392315cbf7c60444a050debd443a | |
parent | 50f3702b91778c6d11e435462a805073e01a6d07 (diff) | |
download | longterm-queue-4.12-9559758c7862b74bd81f7ec754c7be896f251772.tar.gz |
x86: drop 0x80 KVM patch already applied
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
-rw-r--r-- | queue/KVM-VMX-remove-I-O-port-0x80-bypass-on-Intel-hosts.patch | 49 | ||||
-rw-r--r-- | queue/series | 1 |
2 files changed, 0 insertions, 50 deletions
diff --git a/queue/KVM-VMX-remove-I-O-port-0x80-bypass-on-Intel-hosts.patch b/queue/KVM-VMX-remove-I-O-port-0x80-bypass-on-Intel-hosts.patch deleted file mode 100644 index 7799942..0000000 --- a/queue/KVM-VMX-remove-I-O-port-0x80-bypass-on-Intel-hosts.patch +++ /dev/null @@ -1,49 +0,0 @@ -From d59d51f088014f25c2562de59b9abff4f42a7468 Mon Sep 17 00:00:00 2001 -From: Andrew Honig <ahonig@google.com> -Date: Fri, 1 Dec 2017 10:21:09 -0800 -Subject: [PATCH] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -commit d59d51f088014f25c2562de59b9abff4f42a7468 upstream. - -This fixes CVE-2017-1000407. - -KVM allows guests to directly access I/O port 0x80 on Intel hosts. If -the guest floods this port with writes it generates exceptions and -instability in the host kernel, leading to a crash. With this change -guest writes to port 0x80 on Intel will behave the same as they -currently behave on AMD systems. - -Prevent the flooding by removing the code that sets port 0x80 as a -passthrough port. This is essentially the same as upstream patch -99f85a28a78e96d28907fe036e1671a218fee597, except that patch was -for AMD chipsets and this patch is for Intel. - -Signed-off-by: Andrew Honig <ahonig@google.com> -Signed-off-by: Jim Mattson <jmattson@google.com> -Fixes: fdef3ad1b386 ("KVM: VMX: Enable io bitmaps to avoid IO port 0x80 VMEXITs") -Cc: <stable@vger.kernel.org> -Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> - -diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 4704aaf6d19e..2fd9a8cec29a 100644 ---- a/arch/x86/kvm/vmx.c -+++ b/arch/x86/kvm/vmx.c -@@ -6755,12 +6755,7 @@ static __init int hardware_setup(void) - memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE); - memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE); - -- /* -- * Allow direct access to the PC debug port (it is often used for I/O -- * delays, but the vmexits simply slow things down). -- */ - memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE); -- clear_bit(0x80, vmx_io_bitmap_a); - - memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE); - --- -2.15.0 - diff --git a/queue/series b/queue/series index 4269f5b..deb7840 100644 --- a/queue/series +++ b/queue/series @@ -51,7 +51,6 @@ kdb-Fix-handling-of-kallsyms_symbol_next-return-valu.patch drm-bridge-analogix-dp-Fix-runtime-PM-state-in-get_m.patch drm-exynos-gem-Drop-NONCONTIG-flag-for-buffers-alloc.patch media-dvb-i2c-transfers-over-usb-cannot-be-done-from.patch -KVM-VMX-remove-I-O-port-0x80-bypass-on-Intel-hosts.patch KVM-arm-arm64-Fix-broken-GICH_ELRSR-big-endian-conve.patch KVM-arm-arm64-vgic-Preserve-the-revious-read-from-th.patch KVM-arm-arm64-vgic-its-Check-result-of-allocation-be.patch |