On Tue, Jan 09, 2018 at 09:46:20AM +0100, Paolo Bonzini wrote:
From: Jim Mattson jmattson@google.com
[ upstream commit 0cb5b30698fdc8f6b4646012e3acb4ddce430788 ]
Guest GPR values are live in the hardware GPRs at VM-exit. Do not leave any guest values in hardware GPRs after the guest GPR values are saved to the vcpu_vmx structure.
This is a partial mitigation for CVE 2017-5715 and CVE 2017-5753. Specifically, it defeats the Project Zero PoC for CVE 2017-5715.
Suggested-by: Eric Northup digitaleric@google.com Signed-off-by: Jim Mattson jmattson@google.com Reviewed-by: Eric Northup digitaleric@google.com Reviewed-by: Benjamin Serebrin serebrin@google.com Reviewed-by: Andrew Honig ahonig@google.com [Paolo: Add AMD bits, Signed-off-by: Tom Lendacky thomas.lendacky@amd.com] Signed-off-by: Paolo Bonzini pbonzini@redhat.com
Now applied, thanks.
greg k-h