git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Jim Mattson <jmattson@google.com>
	Wed, 3 Jan 2018 22:31:38 +0000 (14:31 -0800)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Mon, 5 Feb 2018 15:53:01 +0000 (16:53 +0100)
commit	65671e7a019530b53e29686c48002d184dd6635d
tree	a74f8faa3fb6a551069208abefd9827037877c04	tree
parent	0d3109a12dd17fed346abd5431c465831177d429	commit \| diff

kvm: vmx: Scrub hardware GPRs at VM-exit

CVE-2017-5715 (Spectre v2 retpoline)

Guest GPR values are live in the hardware GPRs at VM-exit. Do not
leave any guest values in hardware GPRs after the guest GPR values are
saved to the vcpu_vmx structure.

This is a partial mitigation for CVE 2017-5715 and CVE 2017-5753.
Specifically, it defeats the Project Zero PoC for CVE 2017-5715.

Suggested-by: Eric Northup <digitaleric@google.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Eric Northup <digitaleric@google.com>
Reviewed-by: Benjamin Serebrin <serebrin@google.com>
Reviewed-by: Andrew Honig <ahonig@google.com>
[Paolo: Add AMD bits, Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 0cb5b30698fdc8f6b4646012e3acb4ddce430788)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

arch/x86/kvm/svm.c		diff \| blob \| blame \| history
arch/x86/kvm/vmx.c		diff \| blob \| blame \| history