mirror of
https://git.proxmox.com/git/pve-qemu
synced 2025-08-26 23:48:06 +00:00
d2ced986db
cherry-picks mds mitigation related commits from upstream qemu, some commits are taken to ensure easy backport. fixes included for: * CVE-2018-12126 * CVE-2018-12127 * CVE-2018-12130 * CVE-2019-11091 adds the md-clear cpuflag. Not included by default in any Intel CPU model. Must be explicitly turned on for all Intel CPU models. Requires the host CPU microcode to support this feature before it can be used for guest CPUs. Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
From 23274f8f4209041c13440ac673f413f3dfe7b60f Mon Sep 17 00:00:00 2001
|
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
Date: Wed, 15 May 2019 15:10:10 +0100
|
|
Subject: [PATCH] target/i386: define md-clear bit
|
|
|
|
md-clear is a new CPUID bit which is set when microcode provides the
|
|
mechanism to invoke a flush of various exploitable CPU buffers by invoking
|
|
the VERW instruction.
|
|
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Message-Id: <20190515141011.5315-2-berrange@redhat.com>
|
|
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
|
(cherry picked from commit b2ae52101fca7f9547ac2f388085dbc58f8fe1c0)
|
|
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
|
|
---
|
|
target/i386/cpu.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
|
|
index 02b64f730c..5ddcd72c9c 100644
|
|
--- a/target/i386/cpu.c
|
|
+++ b/target/i386/cpu.c
|
|
@@ -1038,7 +1038,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
|
|
.feat_names = {
|
|
NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
|
|
NULL, NULL, NULL, NULL,
|
|
- NULL, NULL, NULL, NULL,
|
|
+ NULL, NULL, "md-clear", NULL,
|
|
NULL, NULL, NULL, NULL,
|
|
NULL, NULL, NULL, NULL,
|
|
NULL, NULL, NULL, NULL,
|
|
--
|
|
2.11.0
|
|
|