Hello stable list:
This was just posted to 4.15-rc7 since it "defeats the Project Zero PoC for CVE 2017-5715."
Should it be marked stable? It cherry-picks cleanly into 4.14.12, not sure about other branches. Full text below.
-- Eric Wheeler
kvm: vmx: Scrub hardware GPRs at VM-exit Guest GPR values are live in the hardware GPRs at VM-exit. Do not leave any guest values in hardware GPRs after the guest GPR values are saved to the vcpu_vmx structure.
This is a partial mitigation for CVE 2017-5715 and CVE 2017-5753. Specifically, it defeats the Project Zero PoC for CVE 2017-5715.
Suggested-by: Eric Northup digitaleric@google.com Signed-off-by: Jim Mattson jmattson@google.com Reviewed-by: Eric Northup digitaleric@google.com Reviewed-by: Benjamin Serebrin serebrin@google.com Reviewed-by: Andrew Honig ahonig@google.com [Paolo: Add AMD bits, Signed-off-by: Tom Lendacky thomas.lendacky@amd.com] Signed-off-by: Paolo Bonzini pbonzini@redhat.com
On Sat, Jan 13, 2018 at 01:21:09AM +0000, Eric Wheeler wrote:
Hello stable list:
This was just posted to 4.15-rc7 since it "defeats the Project Zero PoC for CVE 2017-5715."
Should it be marked stable? It cherry-picks cleanly into 4.14.12, not sure about other branches. Full text below.
It's already queued up for the next round of stable kernel updates, you are like the 4th person to ask for this, so you are in good company :)
But I do appreciate the notice, thanks for caring about the stable kernels.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Eric Wheeler -
Greg KH