KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
commit 4bf79cb0 upstream. This fixes a Spectre-v1/L1TF vulnerability in kvm_lapic_reg_write(). This function contains index computations based on the (attacker-controlled) MSR number. Fixes: 0105d1a5 ("KVM: x2apic interface to lapic") Signed-off-by: Nick Finco <nifi@google.com> Signed-off-by: Marios Pomonis <pomonis@google.com> Reviewed-by: Andrew Honig <ahonig@google.com> Reviewed-by: Jim Mattson <jmattson@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> [bwh: Backported to 3.16: - Add #include <linux/nospec.h> - Adjust context] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
parent
56b51e25
Please register or sign in to comment