qemu/0043-target-i386-define-md-clear-bit.patch

From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 1 Mar 2019 21:40:52 +0100
Subject: target/i386: define md-clear bit

md-clear is a new CPUID bit which is set when microcode provides the
mechanism to invoke a flush of various exploitable CPU buffers by invoking
the VERW instruction.  Add the new feature, and pass it down to
Hypervisor.framework guests.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[BR: BSC#1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130
CVE-2019-11091]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
 target/i386/cpu.c           | 2 +-
 target/i386/cpu.h           | 1 +
 target/i386/hvf/x86_cpuid.c | 3 ++-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index d6bb57d210..4ea78a4939 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1076,7 +1076,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
         .feat_names = {
             NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
             NULL, NULL, NULL, NULL,
-            NULL, NULL, NULL, NULL,
+            NULL, NULL, "md-clear", NULL,
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 572290c3d6..d3bd0943ec 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -694,6 +694,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
 
 #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */
 #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */
+#define CPUID_7_0_EDX_MD_CLEAR      (1U << 10) /* Microarchitectural Data Clear */
 #define CPUID_7_0_EDX_SPEC_CTRL     (1U << 26) /* Speculation Control */
 #define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29)  /*Arch Capabilities*/
 #define CPUID_7_0_EDX_SPEC_CTRL_SSBD  (1U << 31) /* Speculative Store Bypass Disable */
diff --git a/target/i386/hvf/x86_cpuid.c b/target/i386/hvf/x86_cpuid.c
index 4d957fe896..b453552fb4 100644
--- a/target/i386/hvf/x86_cpuid.c
+++ b/target/i386/hvf/x86_cpuid.c
@@ -90,7 +90,8 @@ uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx,
             }
 
             ecx &= CPUID_7_0_ECX_AVX512BMI | CPUID_7_0_ECX_AVX512_VPOPCNTDQ;
-            edx &= CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS;
+            edx &= CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS | \
+                   CPUID_7_0_EDX_MD_CLEAR;
         } else {
             ebx = 0;
             ecx = 0;
Accepting request 703018 from home:bfrogers:branches:Virtualization A few gcc9 related patches, and one to add the md-clear cpu feature. OBS-URL: https://build.opensuse.org/request/show/703018 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=470 2019-05-15 00:20:21 +02:00			`From: Paolo Bonzini <pbonzini@redhat.com>`
			`Date: Fri, 1 Mar 2019 21:40:52 +0100`
			`Subject: target/i386: define md-clear bit`

			`md-clear is a new CPUID bit which is set when microcode provides the`
			`mechanism to invoke a flush of various exploitable CPU buffers by invoking`
			`the VERW instruction. Add the new feature, and pass it down to`
			`Hypervisor.framework guests.`

			`Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>`
			`[BR: BSC#1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130`
			`CVE-2019-11091]`
			`Signed-off-by: Bruce Rogers <brogers@suse.com>`
			`---`
			`target/i386/cpu.c \| 2 +-`
			`target/i386/cpu.h \| 1 +`
			`target/i386/hvf/x86_cpuid.c \| 3 ++-`
			`3 files changed, 4 insertions(+), 2 deletions(-)`

			`diff --git a/target/i386/cpu.c b/target/i386/cpu.c`
			`index d6bb57d210..4ea78a4939 100644`
			`--- a/target/i386/cpu.c`
			`+++ b/target/i386/cpu.c`
			`@@ -1076,7 +1076,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {`
			`.feat_names = {`
			`NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",`
			`NULL, NULL, NULL, NULL,`
			`- NULL, NULL, NULL, NULL,`
			`+ NULL, NULL, "md-clear", NULL,`
			`NULL, NULL, NULL, NULL,`
			`NULL, NULL, NULL, NULL,`
			`NULL, NULL, NULL, NULL,`
			`diff --git a/target/i386/cpu.h b/target/i386/cpu.h`
			`index 572290c3d6..d3bd0943ec 100644`
			`--- a/target/i386/cpu.h`
			`+++ b/target/i386/cpu.h`
			`@@ -694,6 +694,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];`

			`#define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */`
			`#define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */`
			`+#define CPUID_7_0_EDX_MD_CLEAR (1U << 10) /* Microarchitectural Data Clear */`
			`#define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */`
			`#define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29) /Arch Capabilities/`
			`#define CPUID_7_0_EDX_SPEC_CTRL_SSBD (1U << 31) /* Speculative Store Bypass Disable */`
			`diff --git a/target/i386/hvf/x86_cpuid.c b/target/i386/hvf/x86_cpuid.c`
			`index 4d957fe896..b453552fb4 100644`
			`--- a/target/i386/hvf/x86_cpuid.c`
			`+++ b/target/i386/hvf/x86_cpuid.c`
			`@@ -90,7 +90,8 @@ uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx,`
			`}`

			`ecx &= CPUID_7_0_ECX_AVX512BMI \| CPUID_7_0_ECX_AVX512_VPOPCNTDQ;`
			`- edx &= CPUID_7_0_EDX_AVX512_4VNNIW \| CPUID_7_0_EDX_AVX512_4FMAPS;`
			`+ edx &= CPUID_7_0_EDX_AVX512_4VNNIW \| CPUID_7_0_EDX_AVX512_4FMAPS \| \`
			`+ CPUID_7_0_EDX_MD_CLEAR;`
			`} else {`
			`ebx = 0;`
			`ecx = 0;`