Accepting request 561712 from Virtualization

Address recent cpu vulnerability code named Spectre, as far as QEMU is concerned. (CVE-2017-5715 bsc#1068032)

OBS-URL: https://build.opensuse.org/request/show/561712
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/qemu?expand=0&rev=133

0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch

@@ -0,0 +1,160 @@
+From 5db61cfacabb4d9b385a2c7a4d7a7a9e25e0a91a Mon Sep 17 00:00:00 2001
+From: Wei Wang <wei.w.wang@intel.com>
+Date: Tue, 7 Nov 2017 16:39:49 +0800
+Subject: [PATCH] i386/kvm: MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
+
+CPUID(EAX=0X7,ECX=0).EDX[26]/[27] indicates the support of
+MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD. Expose the CPUID
+to the guest. Also add the support of transferring the MSRs during live
+migration.
+
+Signed-off-by: Wei Wang <wei.w.wang@intel.com>
+[BR: BSC#1068032 CVE-2017-5715]
+Signed-off-by: Bruce Rogers <brogers@suse.com>
+---
+ target/i386/cpu.c     |  3 ++-
+ target/i386/cpu.h     |  4 ++++
+ target/i386/kvm.c     | 14 +++++++++++++-
+ target/i386/machine.c | 20 ++++++++++++++++++++
+ 4 files changed, 39 insertions(+), 2 deletions(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 045d66191f..4a403b1e7b 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -2880,13 +2880,14 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+     case 7:
+         /* Structured Extended Feature Flags Enumeration Leaf */
+         if (count == 0) {
++            host_cpuid(index, 0, eax, ebx, ecx, edx);
+             *eax = 0; /* Maximum ECX value for sub-leaves */
+             *ebx = env->features[FEAT_7_0_EBX]; /* Feature flags */
+             *ecx = env->features[FEAT_7_0_ECX]; /* Feature flags */
+             if ((*ecx & CPUID_7_0_ECX_PKU) && env->cr[4] & CR4_PKE_MASK) {
+                 *ecx |= CPUID_7_0_ECX_OSPKE;
+             }
+-            *edx = env->features[FEAT_7_0_EDX]; /* Feature flags */
++            *edx = env->features[FEAT_7_0_EDX] | *edx;
+         } else {
+             *eax = 0;
+             *ebx = 0;
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index cbdd631e2e..d9ecf7a368 100644
+--- a/target/i386/cpu.h
++++ b/target/i386/cpu.h
+@@ -335,6 +335,7 @@
+ #define MSR_IA32_APICBASE_BASE          (0xfffffU<<12)
+ #define MSR_IA32_FEATURE_CONTROL        0x0000003a
+ #define MSR_TSC_ADJUST                  0x0000003b
++#define MSR_IA32_SPEC_CTRL              0x00000048
+ #define MSR_IA32_TSCDEADLINE            0x6e0
+ 
+ #define FEATURE_CONTROL_LOCKED                    (1<<0)
+@@ -641,6 +642,8 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
+ 
+ #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */
+ #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */
++#define CPUID_7_0_EDX_SPEC_CTRL     (1U << 26)
++#define CPUID_7_0_EDX_PRED_CMD      (1U << 27)
+ 
+ #define CPUID_XSAVE_XSAVEOPT   (1U << 0)
+ #define CPUID_XSAVE_XSAVEC     (1U << 1)
+@@ -1183,6 +1186,7 @@ typedef struct CPUX86State {
+ 
+     uint64_t xss;
+ 
++    uint64_t spec_ctrl;
+     TPRAccess tpr_access_type;
+ } CPUX86State;
+ 
+diff --git a/target/i386/kvm.c b/target/i386/kvm.c
+index b1e32e95d3..d0041e6285 100644
+--- a/target/i386/kvm.c
++++ b/target/i386/kvm.c
+@@ -76,6 +76,7 @@ static bool has_msr_star;
+ static bool has_msr_hsave_pa;
+ static bool has_msr_tsc_aux;
+ static bool has_msr_tsc_adjust;
++static bool has_msr_spec_ctrl;
+ static bool has_msr_tsc_deadline;
+ static bool has_msr_feature_control;
+ static bool has_msr_misc_enable;
+@@ -1108,6 +1109,9 @@ static int kvm_get_supported_msrs(KVMState *s)
+                 case MSR_TSC_ADJUST:
+                     has_msr_tsc_adjust = true;
+                     break;
++		case MSR_IA32_SPEC_CTRL:
++                    has_msr_spec_ctrl = true;
++                    break;
+                 case MSR_IA32_TSCDEADLINE:
+                     has_msr_tsc_deadline = true;
+                     break;
+@@ -1626,6 +1630,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
+     if (has_msr_xss) {
+         kvm_msr_entry_add(cpu, MSR_IA32_XSS, env->xss);
+     }
++    if (has_msr_spec_ctrl) {
++        kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, env->spec_ctrl);
++    }
+ #ifdef TARGET_X86_64
+     if (lm_capable_kernel) {
+         kvm_msr_entry_add(cpu, MSR_CSTAR, env->cstar);
+@@ -1998,7 +2005,9 @@ static int kvm_get_msrs(X86CPU *cpu)
+     if (has_msr_xss) {
+         kvm_msr_entry_add(cpu, MSR_IA32_XSS, 0);
+     }
+-
++    if (has_msr_spec_ctrl) {
++        kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, 0);
++    }
+ 
+     if (!env->tsc_valid) {
+         kvm_msr_entry_add(cpu, MSR_IA32_TSC, 0);
+@@ -2220,6 +2229,9 @@ static int kvm_get_msrs(X86CPU *cpu)
+         case MSR_IA32_XSS:
+             env->xss = msrs[i].data;
+             break;
++        case MSR_IA32_SPEC_CTRL:
++            env->spec_ctrl = msrs[i].data;
++            break;
+         default:
+             if (msrs[i].index >= MSR_MC0_CTL &&
+                 msrs[i].index < MSR_MC0_CTL + (env->mcg_cap & 0xff) * 4) {
+diff --git a/target/i386/machine.c b/target/i386/machine.c
+index df5ec359eb..d561a65153 100644
+--- a/target/i386/machine.c
++++ b/target/i386/machine.c
+@@ -759,6 +759,25 @@ static const VMStateDescription vmstate_xss = {
+     }
+ };
+ 
++static bool spec_ctrl_needed(void *opaque)
++{
++    X86CPU *cpu = opaque;
++    CPUX86State *env = &cpu->env;
++
++    return env->spec_ctrl != 0;
++}
++
++static const VMStateDescription vmstate_spec_ctrl = {
++    .name = "cpu/spec_ctrl",
++    .version_id = 1,
++    .minimum_version_id = 1,
++    .needed = spec_ctrl_needed,
++    .fields = (VMStateField[]) {
++        VMSTATE_UINT64(env.spec_ctrl, X86CPU),
++        VMSTATE_END_OF_LIST()
++    }
++};
++
+ #ifdef TARGET_X86_64
+ static bool pkru_needed(void *opaque)
+ {
+@@ -932,6 +951,7 @@ VMStateDescription vmstate_x86_cpu = {
+         &vmstate_msr_hyperv_stimer,
+         &vmstate_avx512,
+         &vmstate_xss,
++        &vmstate_spec_ctrl,
+         &vmstate_tsc_khz,
+ #ifdef TARGET_X86_64
+         &vmstate_pkru,

qemu-linux-user.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jan  4 16:19:30 UTC 2018 - brogers@suse.com
+
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
+* Patches added:
+  0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
+
 -------------------------------------------------------------------
 Wed Dec 13 20:57:00 UTC 2017 - brogers@suse.com
 

qemu-linux-user.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package qemu-linux-user
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -59,6 +59,7 @@ Patch0030:      0030-tests-Add-QOM-property-unit-tests.patch
 Patch0031:      0031-tests-Add-scsi-disk-test.patch
 Patch0032:      0032-scripts-avoid-usr-bin-python-refere.patch
 Patch0033:      0033-Switch-order-of-libraries-for-mpath.patch
+Patch0034:      0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 Source400:      update_git.sh
@@ -121,6 +122,7 @@ syscall layer occurs on the native hardware and operating system.
 %patch0031 -p1
 %patch0032 -p1
 %patch0033 -p1
+%patch0034 -p1
 
 %build
 ./configure \

qemu-linux-user.spec.in

@@ -1,7 +1,7 @@
 #
 # spec file for package qemu-linux-user
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed

qemu-testsuite.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Jan  4 16:19:27 UTC 2018 - brogers@suse.com
+
+- Pass through to guest info related to x86 security vulnerability
+  (CVE-2017-5715 bsc#1068032)
+  0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
+
 -------------------------------------------------------------------
 Wed Dec 13 20:56:09 UTC 2017 - brogers@suse.com
 

qemu-testsuite.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package qemu-testsuite
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -163,6 +163,7 @@ Patch0030:      0030-tests-Add-QOM-property-unit-tests.patch
 Patch0031:      0031-tests-Add-scsi-disk-test.patch
 Patch0032:      0032-scripts-avoid-usr-bin-python-refere.patch
 Patch0033:      0033-Switch-order-of-libraries-for-mpath.patch
+Patch0034:      0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 
@@ -776,6 +777,7 @@ This package provides a service file for starting and stopping KSM.
 %patch0031 -p1
 %patch0032 -p1
 %patch0033 -p1
+%patch0034 -p1
 
 pushd roms/ipxe
 %patch1100 -p1

qemu.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Jan  4 16:19:27 UTC 2018 - brogers@suse.com
+
+- Pass through to guest info related to x86 security vulnerability
+  (CVE-2017-5715 bsc#1068032)
+  0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
+
 -------------------------------------------------------------------
 Wed Dec 13 20:56:09 UTC 2017 - brogers@suse.com
 

qemu.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package qemu
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -163,6 +163,7 @@ Patch0030:      0030-tests-Add-QOM-property-unit-tests.patch
 Patch0031:      0031-tests-Add-scsi-disk-test.patch
 Patch0032:      0032-scripts-avoid-usr-bin-python-refere.patch
 Patch0033:      0033-Switch-order-of-libraries-for-mpath.patch
+Patch0034:      0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 
@@ -776,6 +777,7 @@ This package provides a service file for starting and stopping KSM.
 %patch0031 -p1
 %patch0032 -p1
 %patch0033 -p1
+%patch0034 -p1
 
 pushd roms/ipxe
 %patch1100 -p1

qemu.spec.in

@@ -1,7 +1,7 @@
 #
 # spec file for package qemu
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed