]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
projects / thirdparty / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b15a3c9)
cpu_map: Define md-clear CPUID bit
authorJiri Denemark <jdenemar@redhat.com>
Tue, 9 Apr 2019 10:35:52 +0000 (12:35 +0200)
committerDaniel P. Berrangé <berrange@redhat.com>
Tue, 14 May 2019 18:42:27 +0000 (19:42 +0100)
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

The bit is set when microcode provides the mechanism to invoke a flush
of various exploitable CPU buffers by invoking the VERW instruction.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 538d873571d7a682852dc1d70e5f4478f4d64e85)

Conflicts:
        src/cpu_map/x86_features.xml
            - missing pconfig feature

        tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
        tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
            - test data missing downstream

        tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
        tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
            - intel-pt feature is missing
    - stibp feature is missing

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
src/cpu_map/x86_features.xml patch | blob | blame | history
tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml patch | blob | blame | history
tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml patch | blob | blame | history
tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml patch | blob | blame | history
tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml patch | blob | blame | history

diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 109c653dbc779bccd774ee5cf3db899f74711b4d..c8ae540cccfb9f02a217dfaa1d3dc6ab28e5ada6 100644 (file)
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x86_features.xml
@@ -290,6 +290,9 @@
   <feature name='avx512-4fmaps'>
     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
   </feature>
+  <feature name='md-clear'> <!-- md_clear -->
+    <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
+  </feature>
   <feature name='spec-ctrl'>
     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
   </feature>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
index 0deca9fba64fa05b726b4d5e3bc5a9ce1526404d..74763a462b592674e77ec41840c8207b5a8261e0 100644 (file)
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
@@ -2,7 +2,7 @@
 <cpudata arch='x86'>
   <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
   <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>
   <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
   <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
 </cpudata>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
index 993db80cc90acd56dc61640f478ddec3c9deb17b..29c1fdb80ab7e77f156104f29461569d1ce07d5d 100644 (file)
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
@@ -19,6 +19,7 @@
   <feature policy='require' name='osxsave'/>
   <feature policy='require' name='tsc_adjust'/>
   <feature policy='require' name='clflushopt'/>
+  <feature policy='require' name='md-clear'/>
   <feature policy='require' name='ssbd'/>
   <feature policy='require' name='xsaves'/>
   <feature policy='require' name='pdpe1gb'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
index 074a39ba1d78511d442d631e05ed2ed2e363ea67..2003ca9ef62bead58034bb89015fb9c66325f901 100644 (file)
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
@@ -20,6 +20,7 @@
   <feature name='osxsave'/>
   <feature name='tsc_adjust'/>
   <feature name='clflushopt'/>
+  <feature name='md-clear'/>
   <feature name='ssbd'/>
   <feature name='xsaves'/>
   <feature name='pdpe1gb'/>
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
index 1984bd4cf245ce50dbc3501b255250776908f626..d6529c59a3d3959f570332a7f663ea23fb7b63ce 100644 (file)
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
@@ -5,6 +5,7 @@
   <feature policy='require' name='hypervisor'/>
   <feature policy='require' name='tsc_adjust'/>
   <feature policy='require' name='clflushopt'/>
+  <feature policy='require' name='md-clear'/>
   <feature policy='require' name='ssbd'/>
   <feature policy='require' name='pdpe1gb'/>
 </cpu>
Mirror of https://github.com/libvirt/libvirt.git