From: Paolo Bonzini pbonzini@redhat.com
stable inclusion from stable-v4.19.195 commit 270dadd7ea31c1bc43a0b1de118a30c2238171a8 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9R4K5 CVE: CVE-2021-47277
--------------------------------
commit 4422829e8053068e0225e4d0ef42dc41ea7c9ef5 upstream.
array_index_nospec does not work for uint64_t on 32-bit builds. However, the size of a memory slot must be less than 20 bits wide on those system, since the memory slot must fit in the user address space. So just store it in an unsigned long.
Signed-off-by: Paolo Bonzini pbonzini@redhat.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Yongqiang Liu liuyongqiang13@huawei.com --- include/linux/kvm_host.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 43ea5585452e..f34f0989e453 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -1050,8 +1050,8 @@ __gfn_to_hva_memslot(struct kvm_memory_slot *slot, gfn_t gfn) * table walks, do not let the processor speculate loads outside * the guest's registered memslots. */ - unsigned long offset = array_index_nospec(gfn - slot->base_gfn, - slot->npages); + unsigned long offset = gfn - slot->base_gfn; + offset = array_index_nospec(offset, slot->npages); return slot->userspace_addr + offset * PAGE_SIZE; }