proxmox-mirrors/pve-qemu
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-qemu synced 2025-08-26 14:58:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
stable-5
pve-qemu/debian/patches/series
Oguz Bektas d2ced986db fix for intel MDS CVEs 
cherry-picks mds mitigation related commits from upstream qemu, some
commits are taken to ensure easy backport.

fixes included for:
* CVE-2018-12126
* CVE-2018-12127
* CVE-2018-12130
* CVE-2019-11091

adds the md-clear cpuflag.

Not included by default in any Intel CPU model.

Must be explicitly turned on for all Intel CPU models.

Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2019-06-06 15:18:32 +02:00

40 lines
2.2 KiB
Plaintext
Raw Permalink Blame History

pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
pve/0003-PVE-Config-use-kvm-by-default.patch
pve/0004-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
pve/0005-PVE-Config-ui-spice-default-to-pve-certificates.patch
pve/0006-PVE-Config-smm_available-false.patch
pve/0007-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch
pve/0008-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
pve/0009-PVE-Up-qmp-add-get_link_status.patch
pve/0010-PVE-Up-glusterfs-allow-partial-reads.patch
pve/0011-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
pve/0012-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
pve/0013-PVE-Up-qemu-img-dd-add-isize-parameter.patch
pve/0014-PVE-Up-qemu-img-dd-add-n-skip_create.patch
pve/0015-PVE-virtio-balloon-improve-query-balloon.patch
pve/0016-PVE-qapi-modify-query-machines.patch
pve/0017-PVE-qapi-modify-spice-query.patch
pve/0018-PVE-internal-snapshot-async.patch
pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch
pve/0020-PVE-backup-modify-job-api.patch
pve/0021-PVE-backup-introduce-vma-archive-format.patch
pve/0022-PVE-Deprecated-adding-old-vma-files.patch
pve/0023-PVE-vma-add-throttling-options-to-drive-mapping-fifo.patch
pve/0024-PVE-vma-add-cache-option-to-device-map.patch
pve/0025-PVE-vma-remove-forced-NO_FLUSH-option.patch
pve/0026-PVE-Add-dummy-id-command-line-parameter.patch
pve/0027-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch
pve/0028-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
extra/0001-monitor-guard-iothread-access-by-mon-use_io_thread.patch
extra/0002-monitor-delay-monitor-iothread-creation.patch
extra/0003-kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch
extra/0004-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch
extra/0005-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch
extra/0006-x86-Data-structure-changes-to-support-MSR-based-feat.patch
extra/0007-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch
extra/0008-target-i386-add-MDS-NO-feature.patch
extra/0009-target-i386-define-md-clear-bit.patch
extra/0010-docs-add-guidance-on-configuring-CPU-models-for-x86.patch
extra/0011-docs-recommend-use-of-md-clear-feature-on-all-Intel-.patch
Reference in New Issue View Git Blame Copy Permalink