On Tue, Jan 09, 2018 at 09:46:20AM +0100, Paolo Bonzini wrote: > From: Jim Mattson <jmattson@xxxxxxxxxx> > > [ upstream commit 0cb5b30698fdc8f6b4646012e3acb4ddce430788 ] > > Guest GPR values are live in the hardware GPRs at VM-exit. Do not > leave any guest values in hardware GPRs after the guest GPR values are > saved to the vcpu_vmx structure. > > This is a partial mitigation for CVE 2017-5715 and CVE 2017-5753. > Specifically, it defeats the Project Zero PoC for CVE 2017-5715. > > Suggested-by: Eric Northup <digitaleric@xxxxxxxxxx> > Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx> > Reviewed-by: Eric Northup <digitaleric@xxxxxxxxxx> > Reviewed-by: Benjamin Serebrin <serebrin@xxxxxxxxxx> > Reviewed-by: Andrew Honig <ahonig@xxxxxxxxxx> > [Paolo: Add AMD bits, Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>] > Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx> Now applied, thanks. greg k-h