KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
authorMarios Pomonis <pomonis@google.com>
Wed, 11 Dec 2019 20:47:44 +0000 (12:47 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 11 Feb 2020 12:34:10 +0000 (04:34 -0800)
commit13725c06f841fc7d2b761aa812bbcf6f36273fc9
tree528358c015fe17991b4643b26f97208207a10d7f
parenteb08d0fe31e958e95db9c9c03dcd357dbb57e3d0
KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks

commit 8c86405f606ca8508b8d9280680166ca26723695 upstream.

This fixes a Spectre-v1/L1TF vulnerability in ioapic_read_indirect().
This function contains index computations based on the
(attacker-controlled) IOREGSEL register.

Fixes: a2c118bfab8b ("KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798)")

Signed-off-by: Nick Finco <nifi@google.com>
Signed-off-by: Marios Pomonis <pomonis@google.com>
Reviewed-by: Andrew Honig <ahonig@google.com>
Cc: stable@vger.kernel.org
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/x86/kvm/ioapic.c