c77a5bbe45
- Expose pschange-mc-no "feature", indicating CPU does not have the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812) target-i386-add-PSCHANGE_NO-bit-for-the-.patch - Expose taa-no "feature", indicating CPU does not have the TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506) target-i386-Export-TAA_NO-bit-to-guests.patch Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1 OBS-URL: https://build.opensuse.org/request/show/749743 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=512
35 lines
1.4 KiB
Diff
35 lines
1.4 KiB
Diff
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
|
Date: Mon, 18 Nov 2019 23:23:27 -0800
|
|
Subject: target/i386: Export TAA_NO bit to guests
|
|
|
|
Git-commit: 7fac38635e1cc5ebae34eb6530da1009bd5808e4
|
|
Reference: bsc#1152506 CVE-2019-11135
|
|
|
|
TSX Async Abort (TAA) is a side channel attack on internal buffers in
|
|
some Intel processors similar to Microachitectural Data Sampling (MDS).
|
|
|
|
Some future Intel processors will use the ARCH_CAP_TAA_NO bit in the
|
|
IA32_ARCH_CAPABILITIES MSR to report that they are not vulnerable to
|
|
TAA. Make this bit available to guests.
|
|
|
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
---
|
|
target/i386/cpu.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
|
|
index 5191367f89ee4d1131c4309633de..530942baed87c5ff76beaf36df14 100644
|
|
--- a/target/i386/cpu.c
|
|
+++ b/target/i386/cpu.c
|
|
@@ -1189,7 +1189,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
|
|
.feat_names = {
|
|
"rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
|
|
"ssb-no", "mds-no", "pschange-mc-no", NULL,
|
|
- NULL, NULL, NULL, NULL,
|
|
+ "taa-no", NULL, NULL, NULL,
|
|
NULL, NULL, NULL, NULL,
|
|
NULL, NULL, NULL, NULL,
|
|
NULL, NULL, NULL, NULL,
|