rpms/VirtualBox-OSE/F-10 VirtualBox-OSE-2.1.4-sysenter.patch, NONE, 1.1 VirtualBox-OSE.spec, 1.3, 1.4

Wed Oct 7 13:00:34 CEST 2009

Author: lkundrak

Update of /cvs/free/rpms/VirtualBox-OSE/F-10
In directory se02.es.rpmfusion.net:/tmp/cvs-serv22188

Modified Files:
	VirtualBox-OSE.spec 
Added Files:
	VirtualBox-OSE-2.1.4-sysenter.patch 
Log Message:
* Wed Oct 07 2009 Lubomir Rintel <lkundrak at v3.sk> - 2.1.4-5
- Security update: Fix CVE-2009-2715


VirtualBox-OSE-2.1.4-sysenter.patch:

--- NEW FILE VirtualBox-OSE-2.1.4-sysenter.patch ---
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2715
http://www.milw0rm.com/exploits/9323

------------------------------------------------------------------------
r21937 | vboxsync | 2009-08-03 10:50:47 +0200 (Mon, 03 Aug 2009) | 3 lines

Fixed wrong check for sysenter.


------------------------------------------------------------------------
Index: src/VBox/VMM/VMMSwitcher/AMD64andLegacy.mac
===================================================================
--- src/VBox/VMM/VMMSwitcher/AMD64andLegacy.mac	(revision 21936)
+++ src/VBox/VMM/VMMSwitcher/AMD64andLegacy.mac	(revision 21937)
@@ -255,13 +255,13 @@
 
     FIXUP FIX_NO_SYSENTER_JMP, 0, htg_no_sysenter - NAME(Start) ; this will insert a jmp htg_no_sysenter if host doesn't use sysenter.
     ; save MSR_IA32_SYSENTER_CS register.
+    mov     rbx, rdx                    ; save edx
     mov     ecx, MSR_IA32_SYSENTER_CS
-    mov     rbx, rdx                    ; save edx
     rdmsr                               ; edx:eax <- MSR[ecx]
-    mov     [rbx + r8 + CPUMCPU.Host.SysEnter.cs], rax
-    mov     [rbx + r8 + CPUMCPU.Host.SysEnter.cs + 4], rdx
-    xor     rax, rax                    ; load 0:0 to cause #GP upon sysenter
-    xor     rdx, rdx
+    mov     [rbx + r8 + CPUMCPU.Host.SysEnter.cs], eax
+    mov     [rbx + r8 + CPUMCPU.Host.SysEnter.cs + 4], edx
+    xor     eax, eax                    ; load 0:0 to cause #GP upon sysenter
+    xor     edx, edx
     wrmsr
     mov     rdx, rbx                    ; restore edx
     jmp short htg_no_sysenter
Index: src/VBox/VMM/VMMR0/CPUMR0.cpp
===================================================================
--- src/VBox/VMM/VMMR0/CPUMR0.cpp	(revision 21936)
+++ src/VBox/VMM/VMMR0/CPUMR0.cpp	(revision 21937)
@@ -85,9 +85,7 @@
             uint32_t u32 = ASMRdMsr_Low(MSR_IA32_SYSENTER_CS);
             if (u32)
             {
-                for (unsigned i=0;i<pVM->cCPUs;i++)
-                    pVM->aCpus[i].cpum.s.fUseFlags |= CPUM_USE_SYSENTER;
-
+                pVM->cpum.s.fHostUseFlags |= CPUM_USE_SYSENTER;
                 Log(("CPUMR0Init: host uses sysenter cs=%08x%08x\n", ASMRdMsr_High(MSR_IA32_SYSENTER_CS), u32));
             }
         }


Index: VirtualBox-OSE.spec
===================================================================
RCS file: /cvs/free/rpms/VirtualBox-OSE/F-10/VirtualBox-OSE.spec,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- VirtualBox-OSE.spec	24 Apr 2009 20:42:04 -0000	1.3
+++ VirtualBox-OSE.spec	7 Oct 2009 11:00:33 -0000	1.4
@@ -8,7 +8,7 @@
 
 Name:           VirtualBox-OSE
 Version:        2.1.4
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        A general-purpose full virtualizer for PC hardware
 
 Group:          Development/Tools
@@ -27,6 +27,7 @@
 Patch11:        %{name}-2.1.2-gcc44.patch
 Patch12:        %{name}-2.1.4-swab.patch
 Patch13:        %{name}-2.1.4-libcap.patch
+Patch14:        %{name}-2.1.4-sysenter.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -114,6 +115,7 @@
 %patch11 -p1 -b .gcc44
 %patch12 -p1 -b .swab
 %patch13 -p1 -b .libcap
+%patch14 -p0 -b .sysenter
 
 # Copy icons forgotten from distribution, see patch9
 cp src/VBox/Frontends/VirtualBox4/images/os_*.png src/VBox/Frontends/VirtualBox/images
@@ -351,6 +353,9 @@
 
 
 %changelog
+* Wed Oct 07 2009 Lubomir Rintel <lkundrak at v3.sk> - 2.1.4-5
+- Security update: Fix CVE-2009-2715
+
 * Fri Apr 24 2009 Lubomir Rintel <lkundrak at v3.sk> - 2.1.4-4
 - Adjust architecture list for plague
 

