[3.13.y.z extended stable] Patch "KVM: x86: Emulator does not decode clflush well" has been added to staging queue
Luis Henriques
luis.henriques at canonical.com
Tue Nov 4 11:15:42 UTC 2014
On Mon, Nov 03, 2014 at 10:22:58PM +0200, Nadav Amit wrote:
>
> > On Nov 3, 2014, at 19:36, Luis Henriques <luis.henriques at canonical.com> wrote:
> >
> > On Fri, Oct 31, 2014 at 01:53:45PM -0700, Kamal Mostafa wrote:
> >> This is a note to let you know that I have just added a patch titled
> >>
> >> KVM: x86: Emulator does not decode clflush well
> >>
> >> to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree
> >> which can be found at:
> >>
> >> http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.13.y-queue
> >>
> >> This patch is scheduled to be released in version 3.13.11.11.
> >>
> >> If you, or anyone else, feels it should not be added to this tree, please
> >> reply to this email.
> >>
> >> For more information about the 3.13.y.z tree, see
> >> https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
> >>
> >> Thanks.
> >> -Kamal
> >>
> >> ------
> >>
> >> From 3cf1cc997f89242c852dca2469ca4303348d29a5 Mon Sep 17 00:00:00 2001
> >> From: Nadav Amit <namit at cs.technion.ac.il>
> >> Date: Mon, 13 Oct 2014 13:04:13 +0300
> >> Subject: KVM: x86: Emulator does not decode clflush well
> >>
> >> commit 13e457e0eebf0a0c82c38ceb890d93eb826d62a6 upstream.
> >>
> >> Currently, all group15 instructions are decoded as clflush (e.g., mfence,
> >> xsave). In addition, the clflush instruction requires no prefix (66/f2/f3)
> >> would exist. If prefix exists it may encode a different instruction (e.g.,
> >> clflushopt).
> >>
> >> Creating a group for clflush, and different group for each prefix.
> >>
> >> This has been the case forever, but the next patch needs the cflush group
> >> in order to fix a bug introduced in 3.17.
> >
> > Given the above ^^^
> >
> >> Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5
> >
> > And the fact that this commit isn't present in 3.13, I'm not sure this
> > patch is relevant for this stable kernel. Could someone confirm this
> > please?
>
> Yes. IMO this patch should not be required for 3.13 as a security patch.
> Note that it still improves the emulation of guest code, but we did
> not see a real-life scenario that should be affected.
>
> Nadav
>
Thanks a lot for looking. I had the same question regarding the 3.16
kernel :-)
Cheers,
--
Luís
More information about the kernel-team
mailing list