kvm: vmx: Scrub hardware GPRs at VM-exit - linux

diff options

author	Jim Mattson <jmattson@google.com>	2018-01-03 23:31:38 +0100
committer	Paolo Bonzini <pbonzini@redhat.com>	2018-01-05 16:48:40 +0100
commit	0cb5b30698fdc8f6b4646012e3acb4ddce430788 (patch)
tree	5d4f85bedfcc2fcd851597303960de5cffaebd81 /arch/s390
parent	tools/kvm_stat: sort '-f help' output (diff)
download	linux-0cb5b30698fdc8f6b4646012e3acb4ddce430788.tar.xz linux-0cb5b30698fdc8f6b4646012e3acb4ddce430788.zip

kvm: vmx: Scrub hardware GPRs at VM-exit

Guest GPR values are live in the hardware GPRs at VM-exit. Do not leave any guest values in hardware GPRs after the guest GPR values are saved to the vcpu_vmx structure. This is a partial mitigation for CVE 2017-5715 and CVE 2017-5753. Specifically, it defeats the Project Zero PoC for CVE 2017-5715. Suggested-by: Eric Northup <digitaleric@google.com> Signed-off-by: Jim Mattson <jmattson@google.com> Reviewed-by: Eric Northup <digitaleric@google.com> Reviewed-by: Benjamin Serebrin <serebrin@google.com> Reviewed-by: Andrew Honig <ahonig@google.com> [Paolo: Add AMD bits, Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'arch/s390')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: