Accepting request 758259 from home:jfehlig:branches:Virtualization
- CVE-2019-11135: Add TSX_CTRL and TAA_NO bits for IA32_ARCH_CAPABILITIES MSR 07aaced4-Add-TAA-No.patch, f411b7ef6-Add-TSX-CTRL.patch bsc#1152505 OBS-URL: https://build.opensuse.org/request/show/758259 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=791
This commit is contained in:
parent
86c097006b
commit
b610ddd85a
27
07aaced4-Add-TAA-No.patch
Normal file
27
07aaced4-Add-TAA-No.patch
Normal file
@ -0,0 +1,27 @@
|
||||
commit 07aaced4e6ea6db8b27f44636f51cafa6f1847a8
|
||||
Author: Jiri Denemark <jdenemar@redhat.com>
|
||||
Date: Thu Dec 12 15:12:05 2019 +0100
|
||||
|
||||
cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR
|
||||
|
||||
CVE-2019-11135
|
||||
|
||||
CPUs with TAA_NO bit of IA32_ARCH_CAPABILITIES MSR set to 1 are not
|
||||
vulnerable to TSX Asynchronous Abort and passing this bit to a guest
|
||||
may avoid unnecessary mitigations.
|
||||
|
||||
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
||||
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||||
|
||||
Index: libvirt-5.10.0/src/cpu_map/x86_features.xml
|
||||
===================================================================
|
||||
--- libvirt-5.10.0.orig/src/cpu_map/x86_features.xml
|
||||
+++ libvirt-5.10.0/src/cpu_map/x86_features.xml
|
||||
@@ -502,4 +502,7 @@
|
||||
<feature name='mds-no'>
|
||||
<msr index='0x10a' edx='0x00000000' eax='0x00000020'/>
|
||||
</feature>
|
||||
+ <feature name='taa-no'>
|
||||
+ <msr index='0x10a' edx='0x00000000' eax='0x00000100'/>
|
||||
+ </feature>
|
||||
</cpus>
|
28
f411b7ef6-Add-TSX-CTRL.patch
Normal file
28
f411b7ef6-Add-TSX-CTRL.patch
Normal file
@ -0,0 +1,28 @@
|
||||
commit f411b7ef68221e82dec0129aaf2f2a26a8987504
|
||||
Author: Jiri Denemark <jdenemar@redhat.com>
|
||||
Date: Thu Dec 12 15:12:05 2019 +0100
|
||||
|
||||
cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR
|
||||
|
||||
CVE-2019-11135
|
||||
|
||||
When TSX_CTRL bit of IA32_ARCH_CAPABILITIES MSR is set to 1, the CPU
|
||||
supports IA32_TSX_CTRL MSR which can be used to disable and/or mask TSX.
|
||||
|
||||
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
||||
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||||
|
||||
Index: libvirt-5.10.0/src/cpu_map/x86_features.xml
|
||||
===================================================================
|
||||
--- libvirt-5.10.0.orig/src/cpu_map/x86_features.xml
|
||||
+++ libvirt-5.10.0/src/cpu_map/x86_features.xml
|
||||
@@ -502,6 +502,9 @@
|
||||
<feature name='mds-no'>
|
||||
<msr index='0x10a' edx='0x00000000' eax='0x00000020'/>
|
||||
</feature>
|
||||
+ <feature name='tsx-ctrl'>
|
||||
+ <msr index='0x10a' edx='0x00000000' eax='0x00000080'/>
|
||||
+ </feature>
|
||||
<feature name='taa-no'>
|
||||
<msr index='0x10a' edx='0x00000000' eax='0x00000100'/>
|
||||
</feature>
|
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 19 15:11:02 UTC 2019 - James Fehlig <jfehlig@suse.com>
|
||||
|
||||
- CVE-2019-11135: Add TSX_CTRL and TAA_NO bits for
|
||||
IA32_ARCH_CAPABILITIES MSR
|
||||
07aaced4-Add-TAA-No.patch, f411b7ef6-Add-TSX-CTRL.patch
|
||||
bsc#1152505
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 10 08:24:09 UTC 2019 - Cédric Bosdonnat <cbosdonnat@suse.com>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package libvirt
|
||||
#
|
||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2019 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -344,6 +344,8 @@ Source99: baselibs.conf
|
||||
Source100: %{name}-rpmlintrc
|
||||
# Upstream patches
|
||||
Patch0: 0a65cba4-news-fix.patch
|
||||
Patch1: 07aaced4-Add-TAA-No.patch
|
||||
Patch2: f411b7ef6-Add-TSX-CTRL.patch
|
||||
# Patches pending upstream review
|
||||
Patch100: libxl-dom-reset.patch
|
||||
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
|
||||
@ -878,6 +880,8 @@ libvirt plugin for NSS for translating domain names into IP addresses.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch150 -p1
|
||||
|
Loading…
Reference in New Issue
Block a user