[kernel] r19893 - in dists/sid/linux/debian: . patches patches/bugfix/all
Ben Hutchings
benh at alioth.debian.org
Sun Mar 3 02:19:44 UTC 2013
Author: benh
Date: Sun Mar 3 02:19:43 2013
New Revision: 19893
Log:
vhost: fix length for cross region descriptor (CVE-2013-0311)
Added:
dists/sid/linux/debian/patches/bugfix/all/vhost-fix-length-for-cross-region-descriptor.patch
Modified:
dists/sid/linux/debian/changelog
dists/sid/linux/debian/patches/series
Modified: dists/sid/linux/debian/changelog
==============================================================================
--- dists/sid/linux/debian/changelog Sun Mar 3 01:41:04 2013 (r19892)
+++ dists/sid/linux/debian/changelog Sun Mar 3 02:19:43 2013 (r19893)
@@ -11,6 +11,7 @@
[ Ben Hutchings ]
* [x86] ata_piix: reenable MS Virtual PC guests (fixes regression in
3.2.19-1)
+ * vhost: fix length for cross region descriptor (CVE-2013-0311)
-- Ben Hutchings <ben at decadent.org.uk> Wed, 27 Feb 2013 03:48:30 +0000
Added: dists/sid/linux/debian/patches/bugfix/all/vhost-fix-length-for-cross-region-descriptor.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux/debian/patches/bugfix/all/vhost-fix-length-for-cross-region-descriptor.patch Sun Mar 3 02:19:43 2013 (r19893)
@@ -0,0 +1,31 @@
+From: "Michael S. Tsirkin" <mst at redhat.com>
+Date: Mon, 26 Nov 2012 05:57:27 +0000
+Subject: vhost: fix length for cross region descriptor
+
+commit bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 upstream.
+
+If a single descriptor crosses a region, the
+second chunk length should be decremented
+by size translated so far, instead it includes
+the full descriptor length.
+
+Signed-off-by: Michael S. Tsirkin <mst at redhat.com>
+Acked-by: Jason Wang <jasowang at redhat.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ drivers/vhost/vhost.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
+index 99ac2cb..dedaf81 100644
+--- a/drivers/vhost/vhost.c
++++ b/drivers/vhost/vhost.c
+@@ -1076,7 +1076,7 @@ static int translate_desc(struct vhost_dev *dev, u64 addr, u32 len,
+ }
+ _iov = iov + ret;
+ size = reg->memory_size - addr + reg->guest_phys_addr;
+- _iov->iov_len = min((u64)len, size);
++ _iov->iov_len = min((u64)len - s, size);
+ _iov->iov_base = (void __user *)(unsigned long)
+ (reg->userspace_addr + addr - reg->guest_phys_addr);
+ s += size;
Modified: dists/sid/linux/debian/patches/series
==============================================================================
--- dists/sid/linux/debian/patches/series Sun Mar 3 01:41:04 2013 (r19892)
+++ dists/sid/linux/debian/patches/series Sun Mar 3 02:19:43 2013 (r19893)
@@ -630,3 +630,4 @@
bugfix/all/mm-fix-pageblock-bitmap-allocation.patch
bugfix/all/USB-usb-storage-unusual_devs-update-for-Super-TOP-SA.patch
debian/x86-efi-avoid-abi-change-in-3.2.38.patch
+bugfix/all/vhost-fix-length-for-cross-region-descriptor.patch
More information about the Kernel-svn-changes
mailing list