Merge branch 'kvm-insert-lfence' into kvm-master
authorPaolo Bonzini <pbonzini@redhat.com>
Thu, 11 Jan 2018 17:20:48 +0000 (18:20 +0100)
committerPaolo Bonzini <pbonzini@redhat.com>
Thu, 11 Jan 2018 17:20:48 +0000 (18:20 +0100)
Topic branch for CVE-2017-5753, avoiding conflicts in the next merge window.

arch/x86/kvm/vmx.c

index 427fd3200dd8c51ff12e18422282a855d5b22a9f..3f89f6783aa57d1d20f5f45b025a61bc9cb8465a 100644 (file)
@@ -899,8 +899,16 @@ static inline short vmcs_field_to_offset(unsigned long field)
 {
        BUILD_BUG_ON(ARRAY_SIZE(vmcs_field_to_offset_table) > SHRT_MAX);
 
-       if (field >= ARRAY_SIZE(vmcs_field_to_offset_table) ||
-           vmcs_field_to_offset_table[field] == 0)
+       if (field >= ARRAY_SIZE(vmcs_field_to_offset_table))
+               return -ENOENT;
+
+       /*
+        * FIXME: Mitigation for CVE-2017-5753.  To be replaced with a
+        * generic mechanism.
+        */
+       asm("lfence");
+
+       if (vmcs_field_to_offset_table[field] == 0)
                return -ENOENT;
 
        return vmcs_field_to_offset_table[field];