projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 93dfd72) | patch
common/domain: block speculative out-of-bound accesses
authorNorbert Manthey <nmanthey@amazon.de>
Thu, 14 Mar 2019 12:57:00 +0000 (13:57 +0100)
committerJan Beulich <jbeulich@suse.com>
Fri, 5 Apr 2019 10:19:03 +0000 (12:19 +0200)
commitf8303458ae80062dfc60d0efd36198cc17a12ecf
tree4483fc7a33b73abefca70364dd00bfe31ff78ae2tree | snapshot
parent93dfd72bdb43b35dbb1424c476d17aac67e82837commit | diff
common/domain: block speculative out-of-bound accesses

When issuing a vcpu_op hypercall, guests have control over the
vcpuid variable. In the old code, this allowed to perform
speculative out-of-bound accesses. To block this, we make use
of the domain_vcpu function.

This is part of the speculative hardening effort.

Signed-off-by: Norbert Manthey <nmanthey@amazon.de>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
xen/common/domain.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.