diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0003-KVM-x86-Add-memory-barrier-on-vmcs-field-lookup.patch')
-rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0003-KVM-x86-Add-memory-barrier-on-vmcs-field-lookup.patch | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0003-KVM-x86-Add-memory-barrier-on-vmcs-field-lookup.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0003-KVM-x86-Add-memory-barrier-on-vmcs-field-lookup.patch deleted file mode 100644 index b53db2f4..00000000 --- a/common/recipes-kernel/linux/linux-yocto-4.9.21/0003-KVM-x86-Add-memory-barrier-on-vmcs-field-lookup.patch +++ /dev/null @@ -1,45 +0,0 @@ -From ab442dfc820b6ebdbb1c135e6fad66130d44e5a8 Mon Sep 17 00:00:00 2001 -From: Andrew Honig <ahonig@google.com> -Date: Wed, 10 Jan 2018 10:12:03 -0800 -Subject: [PATCH 03/33] KVM: x86: Add memory barrier on vmcs field lookup - -commit 75f139aaf896d6fdeec2e468ddfa4b2fe469bf40 upstream. - -This adds a memory barrier when performing a lookup into -the vmcs_field_to_offset_table. This is related to -CVE-2017-5753. - -Signed-off-by: Andrew Honig <ahonig@google.com> -Reviewed-by: Jim Mattson <jmattson@google.com> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - arch/x86/kvm/vmx.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 91ae4e2..ee766c2 100644 ---- a/arch/x86/kvm/vmx.c -+++ b/arch/x86/kvm/vmx.c -@@ -858,8 +858,16 @@ static inline short vmcs_field_to_offset(unsigned long field) - { - BUILD_BUG_ON(ARRAY_SIZE(vmcs_field_to_offset_table) > SHRT_MAX); - -- if (field >= ARRAY_SIZE(vmcs_field_to_offset_table) || -- vmcs_field_to_offset_table[field] == 0) -+ if (field >= ARRAY_SIZE(vmcs_field_to_offset_table)) -+ return -ENOENT; -+ -+ /* -+ * FIXME: Mitigation for CVE-2017-5753. To be replaced with a -+ * generic mechanism. -+ */ -+ asm("lfence"); -+ -+ if (vmcs_field_to_offset_table[field] == 0) - return -ENOENT; - - return vmcs_field_to_offset_table[field]; --- -2.7.4 - |