Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 75f139aa authored by Andrew Honig's avatar Andrew Honig Committed by Paolo Bonzini
Browse files

KVM: x86: Add memory barrier on vmcs field lookup 



This adds a memory barrier when performing a lookup into
the vmcs_field_to_offset_table.  This is related to
CVE-2017-5753.

Signed-off-by: default avatarAndrew Honig <ahonig@google.com>
Reviewed-by: default avatarJim Mattson <jmattson@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent bebc6082

arch/x86/kvm/vmx.c

+10 −2
Original line number Diff line number Diff line
@@ -884,8 +884,16 @@ static inline short vmcs_field_to_offset(unsigned long field) 
{

	BUILD_BUG_ON(ARRAY_SIZE(vmcs_field_to_offset_table) > SHRT_MAX);



	if (field >= ARRAY_SIZE(vmcs_field_to_offset_table) ||

	    vmcs_field_to_offset_table[field] == 0)

	if (field >= ARRAY_SIZE(vmcs_field_to_offset_table))

		return -ENOENT;



	/*

	 * FIXME: Mitigation for CVE-2017-5753.  To be replaced with a

	 * generic mechanism.

	 */

	asm("lfence");



	if (vmcs_field_to_offset_table[field] == 0)

		return -ENOENT;



	return vmcs_field_to_offset_table[field];