kvm: vmx: Scrub hardware GPRs at VM-exit (0cb5b306) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_torvalds_linux

Commit 0cb5b306 authored Jan 03, 2018 by

Jim Mattson Committed by Paolo Bonzini Jan 05, 2018

kvm: vmx: Scrub hardware GPRs at VM-exit



Guest GPR values are live in the hardware GPRs at VM-exit.  Do not
leave any guest values in hardware GPRs after the guest GPR values are
saved to the vcpu_vmx structure.

This is a partial mitigation for CVE 2017-5715 and CVE 2017-5753.
Specifically, it defeats the Project Zero PoC for CVE 2017-5715.

Suggested-by: Eric Northup <digitaleric@google.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Eric Northup <digitaleric@google.com>
Reviewed-by: Benjamin Serebrin <serebrin@google.com>
Reviewed-by: Andrew Honig <ahonig@google.com>
[Paolo: Add AMD bits, Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

parent aa12f594

Hide whitespace changes

Inline Side-by-side

Please register or to comment