On Sun, Feb 09, 2020 at 12:58:06PM +0100, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
The patch below does not apply to the 4.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@xxxxxxxxxxxxxxx>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 4bf79cb089f6b1c6c632492c0271054ce52ad766 Mon Sep 17 00:00:00 2001
From: Marios Pomonis <pomonis@xxxxxxxxxx>
Date: Wed, 11 Dec 2019 12:47:46 -0800
Subject: [PATCH] KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF
attacks
This fixes a Spectre-v1/L1TF vulnerability in kvm_lapic_reg_write().
This function contains index computations based on the
(attacker-controlled) MSR number.
Fixes: 0105d1a52640 ("KVM: x2apic interface to lapic")
Signed-off-by: Nick Finco <nifi@xxxxxxxxxx>
Signed-off-by: Marios Pomonis <pomonis@xxxxxxxxxx>
Reviewed-by: Andrew Honig <ahonig@xxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Jim Mattson <jmattson@xxxxxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
We didn't have 1e6e2755b635 ("KVM: x86: Misc LAPIC changes to expose
helper functions") in 4.4. I've fixed it and queued this patch for 4.4.
--
Thanks,
Sasha
