* Patch "KVM: x86: Add memory barrier on vmcs field lookup" has been added to the 4.14-stable tree
@ 2018-01-13 14:52 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2018-01-13 14:52 UTC (permalink / raw)
To: ahonig, gregkh, jmattson, pbonzini; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
KVM: x86: Add memory barrier on vmcs field lookup
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kvm-x86-add-memory-barrier-on-vmcs-field-lookup.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 75f139aaf896d6fdeec2e468ddfa4b2fe469bf40 Mon Sep 17 00:00:00 2001
From: Andrew Honig <ahonig@google.com>
Date: Wed, 10 Jan 2018 10:12:03 -0800
Subject: KVM: x86: Add memory barrier on vmcs field lookup
From: Andrew Honig <ahonig@google.com>
commit 75f139aaf896d6fdeec2e468ddfa4b2fe469bf40 upstream.
This adds a memory barrier when performing a lookup into
the vmcs_field_to_offset_table. This is related to
CVE-2017-5753.
Signed-off-by: Andrew Honig <ahonig@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -888,8 +888,16 @@ static inline short vmcs_field_to_offset
{
BUILD_BUG_ON(ARRAY_SIZE(vmcs_field_to_offset_table) > SHRT_MAX);
- if (field >= ARRAY_SIZE(vmcs_field_to_offset_table) ||
- vmcs_field_to_offset_table[field] == 0)
+ if (field >= ARRAY_SIZE(vmcs_field_to_offset_table))
+ return -ENOENT;
+
+ /*
+ * FIXME: Mitigation for CVE-2017-5753. To be replaced with a
+ * generic mechanism.
+ */
+ asm("lfence");
+
+ if (vmcs_field_to_offset_table[field] == 0)
return -ENOENT;
return vmcs_field_to_offset_table[field];
Patches currently in stable-queue which might be from ahonig@google.com are
queue-4.14/kvm-vmx-scrub-hardware-gprs-at-vm-exit.patch
queue-4.14/kvm-x86-add-memory-barrier-on-vmcs-field-lookup.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-01-13 14:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-13 14:52 Patch "KVM: x86: Add memory barrier on vmcs field lookup" has been added to the 4.14-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).