]>
Commit | Line | Data |
---|---|---|
035dbe67 FG |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
2 | From: Andrew Honig <ahonig@google.com> | |
3 | Date: Wed, 10 Jan 2018 10:12:03 -0800 | |
4 | Subject: [PATCH] KVM: x86: Add memory barrier on vmcs field lookup | |
5 | MIME-Version: 1.0 | |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | commit 75f139aaf896d6fdeec2e468ddfa4b2fe469bf40 upstream. | |
10 | ||
11 | This adds a memory barrier when performing a lookup into | |
12 | the vmcs_field_to_offset_table. This is related to | |
13 | CVE-2017-5753. | |
14 | ||
15 | Signed-off-by: Andrew Honig <ahonig@google.com> | |
16 | Reviewed-by: Jim Mattson <jmattson@google.com> | |
17 | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | |
18 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
19 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
20 | --- | |
21 | arch/x86/kvm/vmx.c | 12 ++++++++++-- | |
22 | 1 file changed, 10 insertions(+), 2 deletions(-) | |
23 | ||
24 | diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c | |
25 | index d2168203bddc..e6fa3df81fd8 100644 | |
26 | --- a/arch/x86/kvm/vmx.c | |
27 | +++ b/arch/x86/kvm/vmx.c | |
28 | @@ -882,8 +882,16 @@ static inline short vmcs_field_to_offset(unsigned long field) | |
29 | { | |
30 | BUILD_BUG_ON(ARRAY_SIZE(vmcs_field_to_offset_table) > SHRT_MAX); | |
31 | ||
32 | - if (field >= ARRAY_SIZE(vmcs_field_to_offset_table) || | |
33 | - vmcs_field_to_offset_table[field] == 0) | |
34 | + if (field >= ARRAY_SIZE(vmcs_field_to_offset_table)) | |
35 | + return -ENOENT; | |
36 | + | |
37 | + /* | |
38 | + * FIXME: Mitigation for CVE-2017-5753. To be replaced with a | |
39 | + * generic mechanism. | |
40 | + */ | |
41 | + asm("lfence"); | |
42 | + | |
43 | + if (vmcs_field_to_offset_table[field] == 0) | |
44 | return -ENOENT; | |
45 | ||
46 | return vmcs_field_to_offset_table[field]; | |
47 | -- | |
48 | 2.14.2 | |
49 |