Re: [PATCH v2 12/13] KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks

From: Jim Mattson
Date: Mon Jan 06 2020 - 15:19:43 EST

On Wed, Dec 11, 2019 at 12:49 PM Marios Pomonis <pomonis@xxxxxxxxxx> wrote:
> This fixes a Spectre-v1/L1TF vulnerability in __kvm_set_dr() and
> kvm_get_dr().
> Both kvm_get_dr() and kvm_set_dr() (a wrapper of __kvm_set_dr()) are
> exported symbols so KVM should tream them conservatively from a security
> perspective.
> Fixes: commit 020df0794f57 ("KVM: move DR register access handling into generic code")
> Signed-off-by: Nick Finco <nifi@xxxxxxxxxx>
> Signed-off-by: Marios Pomonis <pomonis@xxxxxxxxxx>
> Reviewed-by: Andrew Honig <ahonig@xxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx

Reviewed-by: Jim Mattson <jmattson@xxxxxxxxxx>