releases/4.19.103/kvm-x86-refactor-picdev_write-to-prevent-spectre-v1-l1tf-attacks.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 14e32321f3606e4b0970200b6e5e47ee6f1e6410 Mon Sep 17 00:00:00 2001
 From: Marios Pomonis <pomonis@google.com>
 Date: Wed, 11 Dec 2019 12:47:43 -0800
 Subject: KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks

 From: Marios Pomonis <pomonis@google.com>

 commit 14e32321f3606e4b0970200b6e5e47ee6f1e6410 upstream.

 This fixes a Spectre-v1/L1TF vulnerability in picdev_write().
 It replaces index computations based on the (attacked-controlled) port
 number with constants through a minor refactoring.

 Fixes: 85f455f7ddbe ("KVM: Add support for in-kernel PIC emulation")

 Signed-off-by: Nick Finco <nifi@google.com>
 Signed-off-by: Marios Pomonis <pomonis@google.com>
 Reviewed-by: Andrew Honig <ahonig@google.com>
 Cc: stable@vger.kernel.org
 Reviewed-by: Jim Mattson <jmattson@google.com>
 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  arch/x86/kvm/i8259.c |    6 +++++-
  1 file changed, 5 insertions(+), 1 deletion(-)

 --- a/arch/x86/kvm/i8259.c
 +++ b/arch/x86/kvm/i8259.c
 @@ -460,10 +460,14 @@ static int picdev_write(struct kvm_pic *
  	switch (addr) {
  	case 0x20:
  	case 0x21:
 +		pic_lock(s);
 +		pic_ioport_write(&s->pics[0], addr, data);
 +		pic_unlock(s);
 +		break;
  	case 0xa0:
  	case 0xa1:
  		pic_lock(s);
 -		pic_ioport_write(&s->pics[addr >> 7], addr, data);
 +		pic_ioport_write(&s->pics[1], addr, data);
  		pic_unlock(s);
  		break;
  	case 0x4d0:
	From 14e32321f3606e4b0970200b6e5e47ee6f1e6410 Mon Sep 17 00:00:00 2001
	From: Marios Pomonis <pomonis@google.com>
	Date: Wed, 11 Dec 2019 12:47:43 -0800
	Subject: KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks

	From: Marios Pomonis <pomonis@google.com>

	commit 14e32321f3606e4b0970200b6e5e47ee6f1e6410 upstream.

	This fixes a Spectre-v1/L1TF vulnerability in picdev_write().
	It replaces index computations based on the (attacked-controlled) port
	number with constants through a minor refactoring.

	Fixes: 85f455f7ddbe ("KVM: Add support for in-kernel PIC emulation")

	Signed-off-by: Nick Finco <nifi@google.com>
	Signed-off-by: Marios Pomonis <pomonis@google.com>
	Reviewed-by: Andrew Honig <ahonig@google.com>
	Cc: stable@vger.kernel.org
	Reviewed-by: Jim Mattson <jmattson@google.com>
	Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	arch/x86/kvm/i8259.c \| 6 +++++-
	1 file changed, 5 insertions(+), 1 deletion(-)

	--- a/arch/x86/kvm/i8259.c
	+++ b/arch/x86/kvm/i8259.c
	@@ -460,10 +460,14 @@ static int picdev_write(struct kvm_pic *
	switch (addr) {
	case 0x20:
	case 0x21:
	+ pic_lock(s);
	+ pic_ioport_write(&s->pics[0], addr, data);
	+ pic_unlock(s);
	+ break;
	case 0xa0:
	case 0xa1:
	pic_lock(s);
	- pic_ioport_write(&s->pics[addr >> 7], addr, data);
	+ pic_ioport_write(&s->pics[1], addr, data);
	pic_unlock(s);
	break;
	case 0x4d0: