pool/libvirt
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
30cdfb8cae
libvirt/538d8735-cpu_map-Define-md-clear-CPUID-bit.patch
James Fehlig 30cdfb8cae Accepting request 704322 from home:jfehlig:branches:Virtualization 
libvirt side of Intel Group 4 mitigations.

- cpu_map: add cpu feature md-clear. CVE-2018-12126,
  CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
  5cd9db3a-cputest-add-data-E3-1225-v5.patch,
  538d8735-cpu_map-Define-md-clear-CPUID-bit.patch
  bsc#1111331, bsc#1135273

OBS-URL: https://build.opensuse.org/request/show/704322
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=754
2019-05-20 22:23:44 +00:00

103 lines
5.0 KiB
Diff
Raw Blame History

commit 538d873571d7a682852dc1d70e5f4478f4d64e85
Author: Jiri Denemark <jdenemar@redhat.com>
Date: Fri Apr 5 15:11:20 2019 +0200
cpu_map: Define md-clear CPUID bit
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
The bit is set when microcode provides the mechanism to invoke a flush
of various exploitable CPU buffers by invoking the VERW instruction.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Index: libvirt-5.3.0/src/cpu_map/x86_features.xml
===================================================================
--- libvirt-5.3.0.orig/src/cpu_map/x86_features.xml
+++ libvirt-5.3.0/src/cpu_map/x86_features.xml
@@ -320,6 +320,9 @@
<feature name='avx512-4fmaps'>
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
</feature>
+ <feature name='md-clear'> <!-- md_clear -->
+ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
+ </feature>
<feature name='pconfig'>
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/>
</feature>
Index: libvirt-5.3.0/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
===================================================================
--- libvirt-5.3.0.orig/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+++ libvirt-5.3.0/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
@@ -2,7 +2,7 @@
<cpudata arch='x86'>
<cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
<cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
- <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
+ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>
<cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
<cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
</cpudata>
Index: libvirt-5.3.0/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
===================================================================
--- libvirt-5.3.0.orig/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+++ libvirt-5.3.0/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
@@ -20,6 +20,7 @@
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clflushopt'/>
<feature policy='require' name='intel-pt'/>
+ <feature policy='require' name='md-clear'/>
<feature policy='require' name='stibp'/>
<feature policy='require' name='ssbd'/>
<feature policy='require' name='xsaves'/>
Index: libvirt-5.3.0/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
===================================================================
--- libvirt-5.3.0.orig/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+++ libvirt-5.3.0/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
@@ -21,6 +21,7 @@
<feature name='tsc_adjust'/>
<feature name='clflushopt'/>
<feature name='intel-pt'/>
+ <feature name='md-clear'/>
<feature name='stibp'/>
<feature name='ssbd'/>
<feature name='xsaves'/>
Index: libvirt-5.3.0/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
===================================================================
--- libvirt-5.3.0.orig/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+++ libvirt-5.3.0/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
@@ -5,6 +5,7 @@
<feature policy='require' name='hypervisor'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clflushopt'/>
+ <feature policy='require' name='md-clear'/>
<feature policy='require' name='stibp'/>
<feature policy='require' name='ssbd'/>
<feature policy='require' name='pdpe1gb'/>
Index: libvirt-5.3.0/tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
===================================================================
--- libvirt-5.3.0.orig/tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
+++ libvirt-5.3.0/tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
@@ -23,6 +23,7 @@
<feature policy='require' name='intel-pt'/>
<feature policy='require' name='pku'/>
<feature policy='require' name='ospke'/>
+ <feature policy='require' name='md-clear'/>
<feature policy='require' name='stibp'/>
<feature policy='require' name='arch-capabilities'/>
<feature policy='require' name='xsaves'/>
Index: libvirt-5.3.0/tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
===================================================================
--- libvirt-5.3.0.orig/tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
+++ libvirt-5.3.0/tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
@@ -24,6 +24,7 @@
<feature name='intel-pt'/>
<feature name='pku'/>
<feature name='ospke'/>
+ <feature name='md-clear'/>
<feature name='stibp'/>
<feature name='arch-capabilities'/>
<feature name='xsaves'/>
Reference in New Issue View Git Blame Copy Permalink