|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen staging] common/domain: block speculative out-of-bound accesses
commit f8303458ae80062dfc60d0efd36198cc17a12ecf
Author: Norbert Manthey <nmanthey@xxxxxxxxx>
AuthorDate: Thu Mar 14 13:57:00 2019 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Apr 5 12:19:03 2019 +0200
common/domain: block speculative out-of-bound accesses
When issuing a vcpu_op hypercall, guests have control over the
vcpuid variable. In the old code, this allowed to perform
speculative out-of-bound accesses. To block this, we make use
of the domain_vcpu function.
This is part of the speculative hardening effort.
Signed-off-by: Norbert Manthey <nmanthey@xxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
xen/common/domain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/common/domain.c b/xen/common/domain.c
index a1f8bb4f2f..88bbe984bc 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -1364,7 +1364,7 @@ long do_vcpu_op(int cmd, unsigned int vcpuid,
XEN_GUEST_HANDLE_PARAM(void) arg)
struct vcpu *v;
long rc = 0;
- if ( vcpuid >= d->max_vcpus || (v = d->vcpu[vcpuid]) == NULL )
+ if ( (v = domain_vcpu(d, vcpuid)) == NULL )
return -ENOENT;
switch ( cmd )
--
generated by git-patchbot for /home/xen/git/xen.git#staging
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |