mitigate against CVE-2017-5715 by clearing registers upon returning from the guest
ClosedPublic
Actions

Authored by tychon on Jan 15 2018, 5:15 PM.

Details

Reviewers

grehan
rgrimes

Group Reviewers

bhyve

Summary

Provide some mitigation against CVE-2017-5715 by clearing registers
upon returning from the guest which aren't immediately clobbered by
the host. This eradicates any remaining guest contents limitings
their usefulness in an exploit gadget.

This was inspired by this linux commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5b6c02f38315b720c593c6079364855d276886aa

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 14387

Event Timeline

tychon created this revision.Jan 15 2018, 5:15 PM

Herald added a subscriber: imp. · View Herald TranscriptJan 15 2018, 5:15 PM

Add bhyve review group.

Tested the SVM codepath with a Win10 guest on an AMD Sempron APU.

grehan accepted this revision as: grehan.Jan 15 2018, 6:09 PM

This revision is now accepted and ready to land.Jan 15 2018, 6:09 PM

Looks good to me, but a future refactor would be nice, #define VMX_GUEST_CLOBBER_INTEL and VMX_GUEST_CLOBBER_AMD and invoke them at the right place. Makes the *_support.S files less different from each other.