In recent years, many cross-VM covert channels have been discovered in cloud computing, causing serious security concerns. For such covert channels, some mitigation schemes have been proposed, but usually one mitigation scheme aims at a specific covert channel, which may be inefficient in defending against potential new attacks. In this paper, we propose a generic solution to mitigate the risk of a broad class of timing-based cross-VM covert channels. The design is motivated by our finding that the capacity of most timing-based cross-VM covert channels highly depends on the co-run probability among VMs, where the co-run probability depends not only on how VMs are assigned to servers, but also how VMs are scheduled on a single server, which is related to managing the vCPUs assigned to each VM. We find that the VM co-run probability can be reduced when the number of vCPUs increases, but it also causes extra system overhead in resource utilization. In this paper, we propose a generic VM provisioning and VM scheduling solution to jointly minimize the co-run probability among VMs, meanwhile, maintaining high resource utilization. We experimentally demonstrate that the proposed scheduling algorithm can mitigate the risk of timing-based cross-VM covert channel with lower system overhead. We also conduct simulation of VM provisioning which shows that the proposed solution can achieve the balance between high resource utilization and low risk of information leakage caused by cross-VM covert channels.