Add new bits to ARCH_CAPABILITIES MSR to enumerate the status of the
MMIO/GDS/RFDS mitigations on Cascade Lake, Ice Lake, Sapphire Rapids,
and Granite Rapids processors.
These have been advertised in Intel microcode updates for a while now,
but require user space to opt in to advertise them to guests.
New models are:
- Cascadelake-Server-v6
- Icelake-Server-v8
- SapphireRapids-v7 (note, already got MMIO fixes on commit [1])
- GraniteRapids-v6
[1]
3baf7ae63505 ("target/i386: Add few security fix bits in
ARCH_CAPABILITIES into SapphireRapids CPU model")
Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Cc: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Jon Kohler <jon@nutanix.com>
Link: https://lore.kernel.org/r/20260330193428.1663253-3-jon@nutanix.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
{ /* end of list */ }
},
},
+ { .version = 6,
+ .note = "with MMIO/GDS/RFDS mitigation status",
+ .props = (PropValue[]) {
+ { "fb-clear", "on" },
+ { "gds-no", "on" },
+ { "psdp-no", "on" },
+ { "rfds-no", "on" },
+ { "sbdr-ssdp-no", "on" },
+ { /* end of list */ }
+ },
+ },
{ /* end of list */ }
}
},
{ /* end of list */ }
},
},
+ {
+ .version = 8,
+ .note = "with MMIO/GDS/RFDS mitigation status",
+ .props = (PropValue[]) {
+ { "fb-clear", "on" },
+ { "gds-no", "on" },
+ { "psdp-no", "on" },
+ { "rfds-no", "on" },
+ { "sbdr-ssdp-no", "on" },
+ { /* end of list */ }
+ },
+ },
{ /* end of list */ }
}
},
{ /* end of list */ },
}
},
+ {
+ .version = 7,
+ .note = "with GDS and RFDS mitigation status",
+ .props = (PropValue[]) {
+ { "gds-no", "on" },
+ { "rfds-no", "on" },
+ { /* end of list */ },
+ }
+ },
{ /* end of list */ }
}
},
{ /* end of list */ },
}
},
+ {
+ .version = 6,
+ .note = "with GDS and RFDS mitigation status",
+ .props = (PropValue[]) {
+ { "gds-no", "on" },
+ { "rfds-no", "on" },
+ { /* end of list */ },
+ }
+ },
{ /* end of list */ },
},
},
projects / thirdparty / qemu.git / commitdiff
