[PATCH 3.16 202/254] KVM: x86: Add memory barrier on vmcs field lookup

Ben Hutchings Wed, 28 Feb 2018 08:55:07 -0800

3.16.55-rc1 review patch.  If anyone has any objections, please let me know.


------------------

From: Andrew Honig <[email protected]>

commit 75f139aaf896d6fdeec2e468ddfa4b2fe469bf40 upstream.

This adds a memory barrier when performing a lookup into
the vmcs_field_to_offset_table.  This is related to
CVE-2017-5753.

Signed-off-by: Andrew Honig <[email protected]>
Reviewed-by: Jim Mattson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <[email protected]>
---
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -698,8 +698,18 @@ static const int max_vmcs_field = ARRAY_
 
 static inline short vmcs_field_to_offset(unsigned long field)
 {
-       if (field >= max_vmcs_field || vmcs_field_to_offset_table[field] == 0)
+       if (field >= max_vmcs_field)
                return -1;
+
+       /*
+        * FIXME: Mitigation for CVE-2017-5753.  To be replaced with a
+        * generic mechanism.
+        */
+       asm("lfence");
+
+       if (vmcs_field_to_offset_table[field] == 0)
+               return -1;
+
        return vmcs_field_to_offset_table[field];
 }

[PATCH 3.16 202/254] KVM: x86: Add memory barrier on vmcs field lookup

Reply via email to