mirror of
https://git.proxmox.com/git/pve-qemu
synced 2025-08-27 15:23:20 +00:00
d2ced986db
cherry-picks mds mitigation related commits from upstream qemu, some commits are taken to ensure easy backport. fixes included for: * CVE-2018-12126 * CVE-2018-12127 * CVE-2018-12130 * CVE-2019-11091 adds the md-clear cpuflag. Not included by default in any Intel CPU model. Must be explicitly turned on for all Intel CPU models. Requires the host CPU microcode to support this feature before it can be used for guest CPUs. Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
57 lines
2.2 KiB
Diff
57 lines
2.2 KiB
Diff
From 09ab9eb795821898fcb9430fcb33581cd28d3400 Mon Sep 17 00:00:00 2001
|
|
From: Robert Hoo <robert.hu@linux.intel.com>
|
|
Date: Thu, 5 Jul 2018 17:09:55 +0800
|
|
Subject: [PATCH] i386: Add CPUID bit and feature words for
|
|
IA32_ARCH_CAPABILITIES MSR
|
|
|
|
Support of IA32_PRED_CMD MSR already be enumerated by same CPUID bit as
|
|
SPEC_CTRL.
|
|
|
|
At present, mark CPUID_7_0_EDX_ARCH_CAPABILITIES unmigratable, per Paolo's
|
|
comment.
|
|
|
|
Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
|
|
Message-Id: <1530781798-183214-3-git-send-email-robert.hu@linux.intel.com>
|
|
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
|
(cherry picked from commit 3fc7c73139d2d38ae80c3b0bc963b1ac1555924c)
|
|
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
|
|
---
|
|
target/i386/cpu.c | 3 ++-
|
|
target/i386/cpu.h | 1 +
|
|
2 files changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
|
|
index 3ac627978f..1d74be02ce 100644
|
|
--- a/target/i386/cpu.c
|
|
+++ b/target/i386/cpu.c
|
|
@@ -1006,12 +1006,13 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
|
|
NULL, NULL, NULL, NULL,
|
|
NULL, NULL, NULL, NULL,
|
|
NULL, NULL, "spec-ctrl", NULL,
|
|
- NULL, NULL, NULL, "ssbd",
|
|
+ NULL, "arch-capabilities", NULL, "ssbd",
|
|
},
|
|
.cpuid_eax = 7,
|
|
.cpuid_needs_ecx = true, .cpuid_ecx = 0,
|
|
.cpuid_reg = R_EDX,
|
|
.tcg_features = TCG_7_0_EDX_FEATURES,
|
|
+ .unmigratable_flags = CPUID_7_0_EDX_ARCH_CAPABILITIES,
|
|
},
|
|
[FEAT_8000_0007_EDX] = {
|
|
.feat_names = {
|
|
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
|
|
index 93ede116d1..58ae637edc 100644
|
|
--- a/target/i386/cpu.h
|
|
+++ b/target/i386/cpu.h
|
|
@@ -688,6 +688,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
|
|
#define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */
|
|
#define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */
|
|
#define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
|
|
+#define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29) /*Arch Capabilities*/
|
|
#define CPUID_7_0_EDX_SPEC_CTRL_SSBD (1U << 31) /* Speculative Store Bypass Disable */
|
|
|
|
#define CPUID_8000_0008_EBX_IBPB (1U << 12) /* Indirect Branch Prediction Barrier */
|
|
--
|
|
2.11.0
|
|
|