1 files changed, 0 insertions, 41 deletions

diff --git a/kvm-nVMX-Don-t-allow-L2-to-access-the-hardware-CR8.patch b/kvm-nVMX-Don-t-allow-L2-to-access-the-hardware-CR8.patch
deleted file mode 100644
index 978401257..000000000
--- a/kvm-nVMX-Don-t-allow-L2-to-access-the-hardware-CR8.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From patchwork Tue Sep 12 20:02:54 2017
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: kvm: nVMX: Don't allow L2 to access the hardware CR8
-From: Jim Mattson <jmattson@google.com>
-X-Patchwork-Id: 9950035
-Message-Id: <20170912200254.111560-1-jmattson@google.com>
-To: kvm@vger.kernel.org, P J P <ppandit@redhat.com>,
- Paolo Bonzini <pbonzini@redhat.com>
-Cc: Jim Mattson <jmattson@google.com>
-Date: Tue, 12 Sep 2017 13:02:54 -0700
-
-If L1 does not specify the "use TPR shadow" VM-execution control in
-vmcs12, then L0 must specify the "CR8-load exiting" and "CR8-store
-exiting" VM-execution controls in vmcs02. Failure to do so will give
-the L2 VM unrestricted read/write access to the hardware CR8.
-
-This fixes CVE-2017-12154.
-
-Signed-off-by: Jim Mattson <jmattson@google.com>
----
- arch/x86/kvm/vmx.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index c6efc1f88b25..885b7eed4320 100644
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -10525,6 +10525,11 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
- 	if (exec_control & CPU_BASED_TPR_SHADOW) {
- 		vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, -1ull);
- 		vmcs_write32(TPR_THRESHOLD, vmcs12->tpr_threshold);
-+	} else {
-+#ifdef CONFIG_X86_64
-+		exec_control |= CPU_BASED_CR8_LOAD_EXITING |
-+				CPU_BASED_CR8_STORE_EXITING;
-+#endif
- 	}
- 
- 	/*