From patchwork Tue Aug 17 13:00:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thadeu Lima de Souza Cascardo X-Patchwork-Id: 1517720 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=o4hQ51K0; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Gprmk0xsYz9sVq; Tue, 17 Aug 2021 23:03:02 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1mFyk4-0001Mb-9u; Tue, 17 Aug 2021 13:02:56 +0000 Received: from smtp-relay-canonical-1.internal ([10.131.114.174] helo=smtp-relay-canonical-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1mFyjz-0001MF-4x for kernel-team@lists.ubuntu.com; Tue, 17 Aug 2021 13:02:51 +0000 Received: from localhost.localdomain (1.general.cascardo.us.vpn [10.172.70.58]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 30D1A3F07E for ; Tue, 17 Aug 2021 13:02:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1629205370; bh=WmNfrkMRdcu776q1OW297G8ZQm4/laISVxW6r2vD9sE=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=o4hQ51K0L/FAmIDgyuX9Lcsk+d1xHLXHQacW4t3gctXGbZmODcol3TMaVjwLHpHNP 8PgSLF+FE+c8mOw3gzioGtTrvg0u29lRQ6RzKu8Il8ypULSVsueFWCWGILb9WYhIHg J1o5br4SLAmaFdqAG0Ob+KLOZEJuWskj04Jpk5sPmyou61PK3jFEEveeoprsQHXxpm wXlfh7d46/J8RYuLwxapkABuQGVJgxd4h4OQ2pG9R+UWzBWnDE5sFYe5rYs4Ultlk8 wxJ8GnEHO9jewM3jSkdoxo28OM5F7cYGj7RKThkD0HeKKWIVveWjBtlZaV8gdNfpx2 0K7UyCywyVceg== From: Thadeu Lima de Souza Cascardo To: kernel-team@lists.ubuntu.com Subject: [SRU OEM-5.10/OEM-5.13 0/2] CVE-2021-3653/CVE-2021-3656 Date: Tue, 17 Aug 2021 10:00:19 -0300 Message-Id: <20210817130023.32029-1-cascardo@canonical.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" There are two commits here as landed upstream. For 5.13, I backported from mainline, just fixing context (removing lines that were not present on 5.13), which ended up the same as the backports for upstream 5.13.y. For 5.10, I picked the fix for CVE-2021-3653 from upstream 5.10.y, as there were some struct member changes, besides the absent lines. For CVE-2021-3656, it was only the absent lines so I picked the mainline version and backported it. The end result is the same as picking only from 5.10.y. The reason I preferred backporting the mainline ones is that it makes it easier for the autotriage process, though I ended up with one extra commit ID that I will have to work with. As for testing, I tested that one can still launch L2 linux guests after the fixes, so LP: #1940134 does not affect these backports. Also, one PoC was used for testing that CVE-2021-3656 is fixed. Maxim Levitsky (2): KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) arch/x86/include/asm/svm.h | 2 ++ arch/x86/kvm/svm/nested.c | 12 +++++++++--- arch/x86/kvm/svm/svm.c | 9 +++++---- 3 files changed, 16 insertions(+), 7 deletions(-) Acked-By: AceLan Kao