From b610ddd85aa7ea392c8b8e37c4f760fa79db2094ebe86b0f628583112e354b22 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Thu, 19 Dec 2019 15:41:31 +0000 Subject: [PATCH] Accepting request 758259 from home:jfehlig:branches:Virtualization - CVE-2019-11135: Add TSX_CTRL and TAA_NO bits for IA32_ARCH_CAPABILITIES MSR 07aaced4-Add-TAA-No.patch, f411b7ef6-Add-TSX-CTRL.patch bsc#1152505 OBS-URL: https://build.opensuse.org/request/show/758259 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=791 --- 07aaced4-Add-TAA-No.patch | 27 +++++++++++++++++++++++++++ f411b7ef6-Add-TSX-CTRL.patch | 28 ++++++++++++++++++++++++++++ libvirt.changes | 8 ++++++++ libvirt.spec | 6 +++++- 4 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 07aaced4-Add-TAA-No.patch create mode 100644 f411b7ef6-Add-TSX-CTRL.patch diff --git a/07aaced4-Add-TAA-No.patch b/07aaced4-Add-TAA-No.patch new file mode 100644 index 0000000..1da197c --- /dev/null +++ b/07aaced4-Add-TAA-No.patch @@ -0,0 +1,27 @@ +commit 07aaced4e6ea6db8b27f44636f51cafa6f1847a8 +Author: Jiri Denemark +Date: Thu Dec 12 15:12:05 2019 +0100 + + cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR + + CVE-2019-11135 + + CPUs with TAA_NO bit of IA32_ARCH_CAPABILITIES MSR set to 1 are not + vulnerable to TSX Asynchronous Abort and passing this bit to a guest + may avoid unnecessary mitigations. + + Signed-off-by: Jiri Denemark + Reviewed-by: Ján Tomko + +Index: libvirt-5.10.0/src/cpu_map/x86_features.xml +=================================================================== +--- libvirt-5.10.0.orig/src/cpu_map/x86_features.xml ++++ libvirt-5.10.0/src/cpu_map/x86_features.xml +@@ -502,4 +502,7 @@ + + + ++ ++ ++ + diff --git a/f411b7ef6-Add-TSX-CTRL.patch b/f411b7ef6-Add-TSX-CTRL.patch new file mode 100644 index 0000000..3662ac0 --- /dev/null +++ b/f411b7ef6-Add-TSX-CTRL.patch @@ -0,0 +1,28 @@ +commit f411b7ef68221e82dec0129aaf2f2a26a8987504 +Author: Jiri Denemark +Date: Thu Dec 12 15:12:05 2019 +0100 + + cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR + + CVE-2019-11135 + + When TSX_CTRL bit of IA32_ARCH_CAPABILITIES MSR is set to 1, the CPU + supports IA32_TSX_CTRL MSR which can be used to disable and/or mask TSX. + + Signed-off-by: Jiri Denemark + Reviewed-by: Ján Tomko + +Index: libvirt-5.10.0/src/cpu_map/x86_features.xml +=================================================================== +--- libvirt-5.10.0.orig/src/cpu_map/x86_features.xml ++++ libvirt-5.10.0/src/cpu_map/x86_features.xml +@@ -502,6 +502,9 @@ + + + ++ ++ ++ + + + diff --git a/libvirt.changes b/libvirt.changes index 109ae1b..3eae7b8 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Dec 19 15:11:02 UTC 2019 - James Fehlig + +- CVE-2019-11135: Add TSX_CTRL and TAA_NO bits for + IA32_ARCH_CAPABILITIES MSR + 07aaced4-Add-TAA-No.patch, f411b7ef6-Add-TSX-CTRL.patch + bsc#1152505 + ------------------------------------------------------------------- Tue Dec 10 08:24:09 UTC 2019 - Cédric Bosdonnat diff --git a/libvirt.spec b/libvirt.spec index 89e0e20..ffa491d 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -1,7 +1,7 @@ # # spec file for package libvirt # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -344,6 +344,8 @@ Source99: baselibs.conf Source100: %{name}-rpmlintrc # Upstream patches Patch0: 0a65cba4-news-fix.patch +Patch1: 07aaced4-Add-TAA-No.patch +Patch2: f411b7ef6-Add-TSX-CTRL.patch # Patches pending upstream review Patch100: libxl-dom-reset.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch @@ -878,6 +880,8 @@ libvirt plugin for NSS for translating domain names into IP addresses. %prep %setup -q %patch0 -p1 +%patch1 -p1 +%patch2 -p1 %patch100 -p1 %patch101 -p1 %patch150 -p1