From: Norbert Manthey <nmanthey@amazon.de>
Date: Thu, 14 Mar 2019 12:57:00 +0000 (+0100)
Subject: common/domain: block speculative out-of-bound accesses
X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~2363
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f8303458;p=xen.git

common/domain: block speculative out-of-bound accesses

When issuing a vcpu_op hypercall, guests have control over the
vcpuid variable. In the old code, this allowed to perform
speculative out-of-bound accesses. To block this, we make use
of the domain_vcpu function.

This is part of the speculative hardening effort.

Signed-off-by: Norbert Manthey <nmanthey@amazon.de>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/common/domain.c b/xen/common/domain.c
index a1f8bb4f2f..88bbe984bc 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -1364,7 +1364,7 @@ long do_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg)
     struct vcpu *v;
     long rc = 0;
 
-    if ( vcpuid >= d->max_vcpus || (v = d->vcpu[vcpuid]) == NULL )
+    if ( (v = domain_vcpu(d, vcpuid)) == NULL )
         return -ENOENT;
 
     switch ( cmd )