SHA256
1
0
forked from pool/qemu

Accepting request 561702 from home:bfrogers:branches:Virtualization

Address recent cpu vulnerability code named Spectre, as far as QEMU is concerned. (CVE-2017-5715 bsc#1068032)

OBS-URL: https://build.opensuse.org/request/show/561702
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=381
This commit is contained in:
Bruce Rogers 2018-01-04 17:05:29 +00:00 committed by Git OBS Bridge
parent f9c661e610
commit e5bf87c674
9 changed files with 194 additions and 5 deletions

View File

@ -0,0 +1,160 @@
From 5db61cfacabb4d9b385a2c7a4d7a7a9e25e0a91a Mon Sep 17 00:00:00 2001
From: Wei Wang <wei.w.wang@intel.com>
Date: Tue, 7 Nov 2017 16:39:49 +0800
Subject: [PATCH] i386/kvm: MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
CPUID(EAX=0X7,ECX=0).EDX[26]/[27] indicates the support of
MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD. Expose the CPUID
to the guest. Also add the support of transferring the MSRs during live
migration.
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
[BR: BSC#1068032 CVE-2017-5715]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/i386/cpu.c | 3 ++-
target/i386/cpu.h | 4 ++++
target/i386/kvm.c | 14 +++++++++++++-
target/i386/machine.c | 20 ++++++++++++++++++++
4 files changed, 39 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 045d66191f..4a403b1e7b 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2880,13 +2880,14 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
case 7:
/* Structured Extended Feature Flags Enumeration Leaf */
if (count == 0) {
+ host_cpuid(index, 0, eax, ebx, ecx, edx);
*eax = 0; /* Maximum ECX value for sub-leaves */
*ebx = env->features[FEAT_7_0_EBX]; /* Feature flags */
*ecx = env->features[FEAT_7_0_ECX]; /* Feature flags */
if ((*ecx & CPUID_7_0_ECX_PKU) && env->cr[4] & CR4_PKE_MASK) {
*ecx |= CPUID_7_0_ECX_OSPKE;
}
- *edx = env->features[FEAT_7_0_EDX]; /* Feature flags */
+ *edx = env->features[FEAT_7_0_EDX] | *edx;
} else {
*eax = 0;
*ebx = 0;
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index cbdd631e2e..d9ecf7a368 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -335,6 +335,7 @@
#define MSR_IA32_APICBASE_BASE (0xfffffU<<12)
#define MSR_IA32_FEATURE_CONTROL 0x0000003a
#define MSR_TSC_ADJUST 0x0000003b
+#define MSR_IA32_SPEC_CTRL 0x00000048
#define MSR_IA32_TSCDEADLINE 0x6e0
#define FEATURE_CONTROL_LOCKED (1<<0)
@@ -641,6 +642,8 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
#define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */
#define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */
+#define CPUID_7_0_EDX_SPEC_CTRL (1U << 26)
+#define CPUID_7_0_EDX_PRED_CMD (1U << 27)
#define CPUID_XSAVE_XSAVEOPT (1U << 0)
#define CPUID_XSAVE_XSAVEC (1U << 1)
@@ -1183,6 +1186,7 @@ typedef struct CPUX86State {
uint64_t xss;
+ uint64_t spec_ctrl;
TPRAccess tpr_access_type;
} CPUX86State;
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index b1e32e95d3..d0041e6285 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -76,6 +76,7 @@ static bool has_msr_star;
static bool has_msr_hsave_pa;
static bool has_msr_tsc_aux;
static bool has_msr_tsc_adjust;
+static bool has_msr_spec_ctrl;
static bool has_msr_tsc_deadline;
static bool has_msr_feature_control;
static bool has_msr_misc_enable;
@@ -1108,6 +1109,9 @@ static int kvm_get_supported_msrs(KVMState *s)
case MSR_TSC_ADJUST:
has_msr_tsc_adjust = true;
break;
+ case MSR_IA32_SPEC_CTRL:
+ has_msr_spec_ctrl = true;
+ break;
case MSR_IA32_TSCDEADLINE:
has_msr_tsc_deadline = true;
break;
@@ -1626,6 +1630,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
if (has_msr_xss) {
kvm_msr_entry_add(cpu, MSR_IA32_XSS, env->xss);
}
+ if (has_msr_spec_ctrl) {
+ kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, env->spec_ctrl);
+ }
#ifdef TARGET_X86_64
if (lm_capable_kernel) {
kvm_msr_entry_add(cpu, MSR_CSTAR, env->cstar);
@@ -1998,7 +2005,9 @@ static int kvm_get_msrs(X86CPU *cpu)
if (has_msr_xss) {
kvm_msr_entry_add(cpu, MSR_IA32_XSS, 0);
}
-
+ if (has_msr_spec_ctrl) {
+ kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, 0);
+ }
if (!env->tsc_valid) {
kvm_msr_entry_add(cpu, MSR_IA32_TSC, 0);
@@ -2220,6 +2229,9 @@ static int kvm_get_msrs(X86CPU *cpu)
case MSR_IA32_XSS:
env->xss = msrs[i].data;
break;
+ case MSR_IA32_SPEC_CTRL:
+ env->spec_ctrl = msrs[i].data;
+ break;
default:
if (msrs[i].index >= MSR_MC0_CTL &&
msrs[i].index < MSR_MC0_CTL + (env->mcg_cap & 0xff) * 4) {
diff --git a/target/i386/machine.c b/target/i386/machine.c
index df5ec359eb..d561a65153 100644
--- a/target/i386/machine.c
+++ b/target/i386/machine.c
@@ -759,6 +759,25 @@ static const VMStateDescription vmstate_xss = {
}
};
+static bool spec_ctrl_needed(void *opaque)
+{
+ X86CPU *cpu = opaque;
+ CPUX86State *env = &cpu->env;
+
+ return env->spec_ctrl != 0;
+}
+
+static const VMStateDescription vmstate_spec_ctrl = {
+ .name = "cpu/spec_ctrl",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = spec_ctrl_needed,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(env.spec_ctrl, X86CPU),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
#ifdef TARGET_X86_64
static bool pkru_needed(void *opaque)
{
@@ -932,6 +951,7 @@ VMStateDescription vmstate_x86_cpu = {
&vmstate_msr_hyperv_stimer,
&vmstate_avx512,
&vmstate_xss,
+ &vmstate_spec_ctrl,
&vmstate_tsc_khz,
#ifdef TARGET_X86_64
&vmstate_pkru,

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Jan 4 16:19:30 UTC 2018 - brogers@suse.com
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
* Patches added:
0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
-------------------------------------------------------------------
Wed Dec 13 20:57:00 UTC 2017 - brogers@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package qemu-linux-user
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -59,6 +59,7 @@ Patch0030: 0030-tests-Add-QOM-property-unit-tests.patch
Patch0031: 0031-tests-Add-scsi-disk-test.patch
Patch0032: 0032-scripts-avoid-usr-bin-python-refere.patch
Patch0033: 0033-Switch-order-of-libraries-for-mpath.patch
Patch0034: 0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
# Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue.
Source400: update_git.sh
@ -121,6 +122,7 @@ syscall layer occurs on the native hardware and operating system.
%patch0031 -p1
%patch0032 -p1
%patch0033 -p1
%patch0034 -p1
%build
./configure \

View File

@ -1,7 +1,7 @@
#
# spec file for package qemu-linux-user
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Jan 4 16:19:27 UTC 2018 - brogers@suse.com
- Pass through to guest info related to x86 security vulnerability
(CVE-2017-5715 bsc#1068032)
0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
-------------------------------------------------------------------
Wed Dec 13 20:56:09 UTC 2017 - brogers@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package qemu-testsuite
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -163,6 +163,7 @@ Patch0030: 0030-tests-Add-QOM-property-unit-tests.patch
Patch0031: 0031-tests-Add-scsi-disk-test.patch
Patch0032: 0032-scripts-avoid-usr-bin-python-refere.patch
Patch0033: 0033-Switch-order-of-libraries-for-mpath.patch
Patch0034: 0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
# Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue.
@ -776,6 +777,7 @@ This package provides a service file for starting and stopping KSM.
%patch0031 -p1
%patch0032 -p1
%patch0033 -p1
%patch0034 -p1
pushd roms/ipxe
%patch1100 -p1

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Jan 4 16:19:27 UTC 2018 - brogers@suse.com
- Pass through to guest info related to x86 security vulnerability
(CVE-2017-5715 bsc#1068032)
0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
-------------------------------------------------------------------
Wed Dec 13 20:56:09 UTC 2017 - brogers@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package qemu
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -163,6 +163,7 @@ Patch0030: 0030-tests-Add-QOM-property-unit-tests.patch
Patch0031: 0031-tests-Add-scsi-disk-test.patch
Patch0032: 0032-scripts-avoid-usr-bin-python-refere.patch
Patch0033: 0033-Switch-order-of-libraries-for-mpath.patch
Patch0034: 0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
# Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue.
@ -776,6 +777,7 @@ This package provides a service file for starting and stopping KSM.
%patch0031 -p1
%patch0032 -p1
%patch0033 -p1
%patch0034 -p1
pushd roms/ipxe
%patch1100 -p1

View File

@ -1,7 +1,7 @@
#
# spec file for package qemu
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed