Accepting request 758259 from home:jfehlig:branches:Virtualization

- CVE-2019-11135: Add TSX_CTRL and TAA_NO bits for
  IA32_ARCH_CAPABILITIES MSR
  07aaced4-Add-TAA-No.patch, f411b7ef6-Add-TSX-CTRL.patch
  bsc#1152505

OBS-URL: https://build.opensuse.org/request/show/758259
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=791
This commit is contained in:
James Fehlig 2019-12-19 15:41:31 +00:00 committed by Git OBS Bridge
parent 86c097006b
commit b610ddd85a
4 changed files with 68 additions and 1 deletions

27
07aaced4-Add-TAA-No.patch Normal file
View File

@ -0,0 +1,27 @@
commit 07aaced4e6ea6db8b27f44636f51cafa6f1847a8
Author: Jiri Denemark <jdenemar@redhat.com>
Date: Thu Dec 12 15:12:05 2019 +0100
cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR
CVE-2019-11135
CPUs with TAA_NO bit of IA32_ARCH_CAPABILITIES MSR set to 1 are not
vulnerable to TSX Asynchronous Abort and passing this bit to a guest
may avoid unnecessary mitigations.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Index: libvirt-5.10.0/src/cpu_map/x86_features.xml
===================================================================
--- libvirt-5.10.0.orig/src/cpu_map/x86_features.xml
+++ libvirt-5.10.0/src/cpu_map/x86_features.xml
@@ -502,4 +502,7 @@
<feature name='mds-no'>
<msr index='0x10a' edx='0x00000000' eax='0x00000020'/>
</feature>
+ <feature name='taa-no'>
+ <msr index='0x10a' edx='0x00000000' eax='0x00000100'/>
+ </feature>
</cpus>

View File

@ -0,0 +1,28 @@
commit f411b7ef68221e82dec0129aaf2f2a26a8987504
Author: Jiri Denemark <jdenemar@redhat.com>
Date: Thu Dec 12 15:12:05 2019 +0100
cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR
CVE-2019-11135
When TSX_CTRL bit of IA32_ARCH_CAPABILITIES MSR is set to 1, the CPU
supports IA32_TSX_CTRL MSR which can be used to disable and/or mask TSX.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Index: libvirt-5.10.0/src/cpu_map/x86_features.xml
===================================================================
--- libvirt-5.10.0.orig/src/cpu_map/x86_features.xml
+++ libvirt-5.10.0/src/cpu_map/x86_features.xml
@@ -502,6 +502,9 @@
<feature name='mds-no'>
<msr index='0x10a' edx='0x00000000' eax='0x00000020'/>
</feature>
+ <feature name='tsx-ctrl'>
+ <msr index='0x10a' edx='0x00000000' eax='0x00000080'/>
+ </feature>
<feature name='taa-no'>
<msr index='0x10a' edx='0x00000000' eax='0x00000100'/>
</feature>

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Dec 19 15:11:02 UTC 2019 - James Fehlig <jfehlig@suse.com>
- CVE-2019-11135: Add TSX_CTRL and TAA_NO bits for
IA32_ARCH_CAPABILITIES MSR
07aaced4-Add-TAA-No.patch, f411b7ef6-Add-TSX-CTRL.patch
bsc#1152505
-------------------------------------------------------------------
Tue Dec 10 08:24:09 UTC 2019 - Cédric Bosdonnat <cbosdonnat@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package libvirt
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -344,6 +344,8 @@ Source99: baselibs.conf
Source100: %{name}-rpmlintrc
# Upstream patches
Patch0: 0a65cba4-news-fix.patch
Patch1: 07aaced4-Add-TAA-No.patch
Patch2: f411b7ef6-Add-TSX-CTRL.patch
# Patches pending upstream review
Patch100: libxl-dom-reset.patch
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@ -878,6 +880,8 @@ libvirt plugin for NSS for translating domain names into IP addresses.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch100 -p1
%patch101 -p1
%patch150 -p1