Tree - rpms/libvirt - src.fedoraproject.org

rpms / libvirt

Blame 0007-cpu_map-Define-md-clear-CPUID-bit.patch

Blob History Raw

		96dfc35	`From: Jiri Denemark <jdenemar@redhat.com>`
		96dfc35	`Date: Tue, 9 Apr 2019 12:35:52 +0200`
		823c0cc	`Subject: [PATCH] cpu_map: Define md-clear CPUID bit`
		96dfc35	`MIME-Version: 1.0`
		96dfc35	`Content-Type: text/plain; charset=UTF-8`
		96dfc35	`Content-Transfer-Encoding: 8bit`
		96dfc35
		96dfc35	`CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091`
		96dfc35
		96dfc35	`The bit is set when microcode provides the mechanism to invoke a flush`
		96dfc35	`of various exploitable CPU buffers by invoking the VERW instruction.`
		96dfc35
		96dfc35	`Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>`
		96dfc35	`Signed-off-by: Jiri Denemark <jdenemar@redhat.com>`
		96dfc35	`Reviewed-by: Daniel P. BerrangĂ© <berrange@redhat.com>`
		96dfc35	`(cherry picked from commit 538d873571d7a682852dc1d70e5f4478f4d64e85)`
		96dfc35
		96dfc35	`Conflicts:`
		96dfc35	`src/cpu_map/x86_features.xml`
		96dfc35	`- missing pconfig feature`
		96dfc35
		96dfc35	`tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml`
		96dfc35	`tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml`
		96dfc35	`- test data missing downstream`
		96dfc35
		96dfc35	`tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml`
		96dfc35	`tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml`
		96dfc35	`- intel-pt feature is missing`
		96dfc35	`- stibp feature is missing`
		96dfc35
		96dfc35	`Signed-off-by: Daniel P. BerrangĂ© <berrange@redhat.com>`
		96dfc35	`---`
		96dfc35	`src/cpu_map/x86_features.xml \| 3 +++`
		96dfc35	`tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml \| 2 +-`
		96dfc35	`tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml \| 1 +`
		96dfc35	`tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml \| 1 +`
		96dfc35	`tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml \| 1 +`
		96dfc35	`5 files changed, 7 insertions(+), 1 deletion(-)`
		96dfc35
		96dfc35	`diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml`
		96dfc35	`index 109c653dbc..c8ae540ccc 100644`
		96dfc35	`--- a/src/cpu_map/x86_features.xml`
		96dfc35	`+++ b/src/cpu_map/x86_features.xml`
		96dfc35	`@@ -290,6 +290,9 @@`
		96dfc35	`<feature name='avx512-4fmaps'>`
		96dfc35	`<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>`
		96dfc35	`</feature>`
		96dfc35	`+ <feature name='md-clear'>`
		96dfc35	`+ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>`
		96dfc35	`+ </feature>`
		96dfc35	`<feature name='spec-ctrl'>`
		96dfc35	`<cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>`
		96dfc35	`</feature>`
		96dfc35	`diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml`
		96dfc35	`index 0deca9fba6..74763a462b 100644`
		96dfc35	`--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml`
		96dfc35	`+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml`
		96dfc35	`@@ -2,7 +2,7 @@`
		96dfc35	`<cpudata arch='x86'>`
		96dfc35	`<cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>`
		96dfc35	`<cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>`
		96dfc35	`- <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>`
		96dfc35	`+ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>`
		96dfc35	`<cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>`
		96dfc35	`<cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>`
		96dfc35	`</cpudata>`
		96dfc35	`diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml`
		96dfc35	`index 993db80cc9..29c1fdb80a 100644`
		96dfc35	`--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml`
		96dfc35	`+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml`
		96dfc35	`@@ -19,6 +19,7 @@`
		96dfc35	`<feature policy='require' name='osxsave'/>`
		96dfc35	`<feature policy='require' name='tsc_adjust'/>`
		96dfc35	`<feature policy='require' name='clflushopt'/>`
		96dfc35	`+ <feature policy='require' name='md-clear'/>`
		96dfc35	`<feature policy='require' name='ssbd'/>`
		96dfc35	`<feature policy='require' name='xsaves'/>`
		96dfc35	`<feature policy='require' name='pdpe1gb'/>`
		96dfc35	`diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml`
		96dfc35	`index 074a39ba1d..2003ca9ef6 100644`
		96dfc35	`--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml`
		96dfc35	`+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml`
		96dfc35	`@@ -20,6 +20,7 @@`
		96dfc35	`<feature name='osxsave'/>`
		96dfc35	`<feature name='tsc_adjust'/>`
		96dfc35	`<feature name='clflushopt'/>`
		96dfc35	`+ <feature name='md-clear'/>`
		96dfc35	`<feature name='ssbd'/>`
		96dfc35	`<feature name='xsaves'/>`
		96dfc35	`<feature name='pdpe1gb'/>`
		96dfc35	`diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml`
		96dfc35	`index 1984bd4cf2..d6529c59a3 100644`
		96dfc35	`--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml`
		96dfc35	`+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml`
		96dfc35	`@@ -5,6 +5,7 @@`
		96dfc35	`<feature policy='require' name='hypervisor'/>`
		96dfc35	`<feature policy='require' name='tsc_adjust'/>`
		96dfc35	`<feature policy='require' name='clflushopt'/>`
		96dfc35	`+ <feature policy='require' name='md-clear'/>`
		96dfc35	`<feature policy='require' name='ssbd'/>`
		96dfc35	`<feature policy='require' name='pdpe1gb'/>`
		96dfc35	`</cpu>`

rpms / libvirt

Source Code

Blame 0007-cpu_map-Define-md-clear-CPUID-bit.patch