20551e5e18
- cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits CVE-2018-3639 1dbca2ec-CVE-2018-3639.patch, 92673422-CVE-2018-3639.patch bsc#1092885 OBS-URL: https://build.opensuse.org/request/show/611362 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=689
28 lines
1022 B
Diff
28 lines
1022 B
Diff
commit 1dbca2eccad58d91a5fd33962854f1a653638182
|
|
Author: Daniel P. Berrangé <berrange@redhat.com>
|
|
Date: Mon May 21 23:05:07 2018 +0100
|
|
|
|
cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
|
|
|
|
New microcode introduces the "Speculative Store Bypass Disable"
|
|
CPUID feature bit. This needs to be exposed to guest OS to allow
|
|
them to protect against CVE-2018-3639.
|
|
|
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
|
Index: libvirt-4.3.0/src/cpu/cpu_map.xml
|
|
===================================================================
|
|
--- libvirt-4.3.0.orig/src/cpu/cpu_map.xml
|
|
+++ libvirt-4.3.0/src/cpu/cpu_map.xml
|
|
@@ -298,6 +298,9 @@
|
|
<feature name='spec-ctrl'>
|
|
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
|
|
</feature>
|
|
+ <feature name='ssbd'>
|
|
+ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x80000000'/>
|
|
+ </feature>
|
|
|
|
<!-- Processor Extended State Enumeration sub leaf 1 -->
|
|
<feature name='xsaveopt'>
|