From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 5 Nov 2025 14:11:56 +0000 (+0100)
Subject: cpu_map: Add features for Transient Scheduler Attacks mitigation
X-Git-Tag: CVE-2025-12748~58
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c80b283277071ed206a4d82364dc2f1b9981ed52;p=thirdparty%2Flibvirt.git

cpu_map: Add features for Transient Scheduler Attacks mitigation

QEMU commits d8ec0baf4a15082cdc4abe1de28face9a26f0dc9 and
c79a35acadee784610aed40134a12738381b4fba

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/src/cpu_map/sync_qemu_models_i386.py b/src/cpu_map/sync_qemu_models_i386.py
index 3ef34572c0..b9698366d4 100755
--- a/src/cpu_map/sync_qemu_models_i386.py
+++ b/src/cpu_map/sync_qemu_models_i386.py
@@ -110,6 +110,9 @@ def translate_feature(name):
         "CPUID_8000_0021_EAX_No_NESTED_DATA_BP": "no-nested-data-bp",
         "CPUID_8000_0021_EAX_FS_GS_BASE_NS": "fs-gs-base-ns",
         "CPUID_8000_0021_EAX_PREFETCHI": "prefetchi",
+        "CPUID_8000_0021_EAX_VERW_CLEAR": "verw-clear",
+        "CPUID_8000_0021_ECX_TSA_SQ_NO": "tsa-sq-no",
+        "CPUID_8000_0021_ECX_TSA_L1_NO": "tsa-l1-no",
         "CPUID_ACPI": "acpi",
         "CPUID_APIC": "apic",
         "CPUID_CLFLUSH": "clflush",
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 043f876c3e..c79cffab19 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x86_features.xml
@@ -809,6 +809,9 @@
   <feature name='lfence-always-serializing'>
     <cpuid eax_in='0x80000021' eax='0x00000004'/>
   </feature>
+  <feature name='verw-clear'>
+    <cpuid eax_in='0x80000021' eax='0x00000020'/>
+  </feature>
   <feature name='null-sel-clr-base'>
     <cpuid eax_in='0x80000021' eax='0x00000040'/>
   </feature>
@@ -834,6 +837,14 @@
     <cpuid eax_in='0x80000021' eax='0x40000000'/>
   </feature>
 
+  <!-- cpuid level 0x80000021 (ecx) -->
+  <feature name='tsa-sq-no'>
+    <cpuid eax_in='0x80000021' ecx='0x00000002'/>
+  </feature>
+  <feature name='tsa-l1-no'>
+    <cpuid eax_in='0x80000021' ecx='0x00000004'/>
+  </feature>
+
   <!-- cpuid level 0x80000022 (eax) -->
   <feature name='perfmon-v2'>
     <cpuid eax_in='0x80000022' eax='0x00000001'/>
diff --git a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
index 8f78fc1d2d..4c358dba4c 100644
--- a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
@@ -74,6 +74,8 @@
       <feature policy='require' name='sbpb'/>
       <feature policy='require' name='ibpb-brtype'/>
       <feature policy='require' name='srso-user-kernel-no'/>
+      <feature policy='require' name='tsa-sq-no'/>
+      <feature policy='require' name='tsa-l1-no'/>
       <feature policy='require' name='perfmon-v2'/>
       <feature policy='disable' name='pcid'/>
       <feature policy='disable' name='la57'/>
diff --git a/tests/domaincapsdata/qemu_10.2.0.x86_64.xml b/tests/domaincapsdata/qemu_10.2.0.x86_64.xml
index d12500658a..491ae36d63 100644
--- a/tests/domaincapsdata/qemu_10.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.2.0.x86_64.xml
@@ -73,6 +73,8 @@
       <feature policy='require' name='sbpb'/>
       <feature policy='require' name='ibpb-brtype'/>
       <feature policy='require' name='srso-user-kernel-no'/>
+      <feature policy='require' name='tsa-sq-no'/>
+      <feature policy='require' name='tsa-l1-no'/>
       <feature policy='require' name='perfmon-v2'/>
       <feature policy='disable' name='pcid'/>
       <feature policy='disable' name='la57'/>
diff --git a/tests/qemuxmlconfdata/cpu-host-model-fallback-kvm.x86_64-latest.args b/tests/qemuxmlconfdata/cpu-host-model-fallback-kvm.x86_64-latest.args
index 642dcd3035..b25f7ee787 100644
--- a/tests/qemuxmlconfdata/cpu-host-model-fallback-kvm.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/cpu-host-model-fallback-kvm.x86_64-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
 -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
 -machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=off \
 -accel kvm \
--cpu EPYC-Genoa,x2apic=on,tsc-deadline=on,hypervisor=on,tsc-adjust=on,movdiri=on,movdir64b=on,avx512-vp2intersect=on,spec-ctrl=on,stibp=on,flush-l1d=on,ssbd=on,avx-vnni=on,cmp-legacy=on,overflow-recov=on,succor=on,virt-ssbd=on,lbrv=on,tsc-scale=on,vmcb-clean=on,flushbyasid=on,pause-filter=on,pfthreshold=on,v-vmsave-vmload=on,vgif=on,fs-gs-base-ns=on,prefetchi=on,sbpb=on,ibpb-brtype=on,srso-user-kernel-no=on,perfmon-v2=on,pcid=off,la57=off \
+-cpu EPYC-Genoa,x2apic=on,tsc-deadline=on,hypervisor=on,tsc-adjust=on,movdiri=on,movdir64b=on,avx512-vp2intersect=on,spec-ctrl=on,stibp=on,flush-l1d=on,ssbd=on,avx-vnni=on,cmp-legacy=on,overflow-recov=on,succor=on,virt-ssbd=on,lbrv=on,tsc-scale=on,vmcb-clean=on,flushbyasid=on,pause-filter=on,pfthreshold=on,v-vmsave-vmload=on,vgif=on,fs-gs-base-ns=on,prefetchi=on,sbpb=on,ibpb-brtype=on,srso-user-kernel-no=on,tsa-sq-no=on,tsa-l1-no=on,perfmon-v2=on,pcid=off,la57=off \
 -m size=219136k \
 -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
 -overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/cpu-host-model-features.x86_64-latest.args b/tests/qemuxmlconfdata/cpu-host-model-features.x86_64-latest.args
index 8db71ce1fc..e9225ea0fa 100644
--- a/tests/qemuxmlconfdata/cpu-host-model-features.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/cpu-host-model-features.x86_64-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
 -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
 -machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=off \
 -accel kvm \
--cpu EPYC-Genoa,x2apic=on,tsc-deadline=on,hypervisor=on,tsc-adjust=on,movdiri=on,movdir64b=on,avx512-vp2intersect=on,spec-ctrl=on,stibp=on,flush-l1d=on,ssbd=on,avx-vnni=on,cmp-legacy=on,overflow-recov=on,succor=on,virt-ssbd=on,lbrv=on,tsc-scale=on,vmcb-clean=on,flushbyasid=on,pause-filter=on,pfthreshold=on,v-vmsave-vmload=on,vgif=on,fs-gs-base-ns=on,prefetchi=on,sbpb=on,ibpb-brtype=on,srso-user-kernel-no=on,perfmon-v2=on,pcid=off,la57=off,abm=on,ds=on,invtsc=off \
+-cpu EPYC-Genoa,x2apic=on,tsc-deadline=on,hypervisor=on,tsc-adjust=on,movdiri=on,movdir64b=on,avx512-vp2intersect=on,spec-ctrl=on,stibp=on,flush-l1d=on,ssbd=on,avx-vnni=on,cmp-legacy=on,overflow-recov=on,succor=on,virt-ssbd=on,lbrv=on,tsc-scale=on,vmcb-clean=on,flushbyasid=on,pause-filter=on,pfthreshold=on,v-vmsave-vmload=on,vgif=on,fs-gs-base-ns=on,prefetchi=on,sbpb=on,ibpb-brtype=on,srso-user-kernel-no=on,tsa-sq-no=on,tsa-l1-no=on,perfmon-v2=on,pcid=off,la57=off,abm=on,ds=on,invtsc=off \
 -m size=219136k \
 -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
 -overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/cpu-host-model-kvm.x86_64-latest.args b/tests/qemuxmlconfdata/cpu-host-model-kvm.x86_64-latest.args
index a2197d382e..345babd056 100644
--- a/tests/qemuxmlconfdata/cpu-host-model-kvm.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/cpu-host-model-kvm.x86_64-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
 -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
 -machine q35,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=off \
 -accel kvm \
--cpu EPYC-Genoa,x2apic=on,tsc-deadline=on,hypervisor=on,tsc-adjust=on,movdiri=on,movdir64b=on,avx512-vp2intersect=on,spec-ctrl=on,stibp=on,flush-l1d=on,ssbd=on,avx-vnni=on,cmp-legacy=on,overflow-recov=on,succor=on,virt-ssbd=on,lbrv=on,tsc-scale=on,vmcb-clean=on,flushbyasid=on,pause-filter=on,pfthreshold=on,v-vmsave-vmload=on,vgif=on,fs-gs-base-ns=on,prefetchi=on,sbpb=on,ibpb-brtype=on,srso-user-kernel-no=on,perfmon-v2=on,pcid=off,la57=off \
+-cpu EPYC-Genoa,x2apic=on,tsc-deadline=on,hypervisor=on,tsc-adjust=on,movdiri=on,movdir64b=on,avx512-vp2intersect=on,spec-ctrl=on,stibp=on,flush-l1d=on,ssbd=on,avx-vnni=on,cmp-legacy=on,overflow-recov=on,succor=on,virt-ssbd=on,lbrv=on,tsc-scale=on,vmcb-clean=on,flushbyasid=on,pause-filter=on,pfthreshold=on,v-vmsave-vmload=on,vgif=on,fs-gs-base-ns=on,prefetchi=on,sbpb=on,ibpb-brtype=on,srso-user-kernel-no=on,tsa-sq-no=on,tsa-l1-no=on,perfmon-v2=on,pcid=off,la57=off \
 -m size=219136k \
 -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
 -overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/cpu-host-model-nofallback-kvm.x86_64-latest.args b/tests/qemuxmlconfdata/cpu-host-model-nofallback-kvm.x86_64-latest.args
index 642dcd3035..b25f7ee787 100644
--- a/tests/qemuxmlconfdata/cpu-host-model-nofallback-kvm.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/cpu-host-model-nofallback-kvm.x86_64-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
 -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
 -machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=off \
 -accel kvm \
--cpu EPYC-Genoa,x2apic=on,tsc-deadline=on,hypervisor=on,tsc-adjust=on,movdiri=on,movdir64b=on,avx512-vp2intersect=on,spec-ctrl=on,stibp=on,flush-l1d=on,ssbd=on,avx-vnni=on,cmp-legacy=on,overflow-recov=on,succor=on,virt-ssbd=on,lbrv=on,tsc-scale=on,vmcb-clean=on,flushbyasid=on,pause-filter=on,pfthreshold=on,v-vmsave-vmload=on,vgif=on,fs-gs-base-ns=on,prefetchi=on,sbpb=on,ibpb-brtype=on,srso-user-kernel-no=on,perfmon-v2=on,pcid=off,la57=off \
+-cpu EPYC-Genoa,x2apic=on,tsc-deadline=on,hypervisor=on,tsc-adjust=on,movdiri=on,movdir64b=on,avx512-vp2intersect=on,spec-ctrl=on,stibp=on,flush-l1d=on,ssbd=on,avx-vnni=on,cmp-legacy=on,overflow-recov=on,succor=on,virt-ssbd=on,lbrv=on,tsc-scale=on,vmcb-clean=on,flushbyasid=on,pause-filter=on,pfthreshold=on,v-vmsave-vmload=on,vgif=on,fs-gs-base-ns=on,prefetchi=on,sbpb=on,ibpb-brtype=on,srso-user-kernel-no=on,tsa-sq-no=on,tsa-l1-no=on,perfmon-v2=on,pcid=off,la57=off \
 -m size=219136k \
 -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
 -overcommit mem-lock=off \