From e4323bc8b2aacf3134d3689652e57da1d971d952 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Oct 03 2018 15:13:53 +0000 Subject: Remove unused patches --- diff --git a/0001-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch b/0001-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch deleted file mode 100644 index 00cad34..0000000 --- a/0001-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 7920d78dc80e7206e07f2a35f942e9f33174d251 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Mon, 21 May 2018 22:54:22 +0100 -Subject: [PATCH 1/3] i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -New microcode introduces the "Speculative Store Bypass Disable" -CPUID feature bit. This needs to be exposed to guest OS to allow -them to protect against CVE-2018-3639. - -Signed-off-by: Daniel P. Berrangé -Reviewed-by: Konrad Rzeszutek Wilk -Signed-off-by: Konrad Rzeszutek Wilk -Message-Id: <20180521215424.13520-2-berrange@redhat.com> -Signed-off-by: Eduardo Habkost -(cherry picked from commit d19d1f965904a533998739698020ff4ee8a103da) ---- - target/i386/cpu.c | 2 +- - target/i386/cpu.h | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/target/i386/cpu.c b/target/i386/cpu.c -index a20fe26573..2f5263e22f 100644 ---- a/target/i386/cpu.c -+++ b/target/i386/cpu.c -@@ -510,7 +510,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { - NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, - NULL, NULL, "spec-ctrl", NULL, -- NULL, NULL, NULL, NULL, -+ NULL, NULL, NULL, "ssbd", - }, - .cpuid_eax = 7, - .cpuid_needs_ecx = true, .cpuid_ecx = 0, -diff --git a/target/i386/cpu.h b/target/i386/cpu.h -index 1b219fafc4..970ab96e54 100644 ---- a/target/i386/cpu.h -+++ b/target/i386/cpu.h -@@ -684,6 +684,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; - #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */ - #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */ - #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */ -+#define CPUID_7_0_EDX_SPEC_CTRL_SSBD (1U << 31) /* Speculative Store Bypass Disable */ - - #define KVM_HINTS_DEDICATED (1U << 0) - --- -2.17.0 - diff --git a/0001-qxl-fix-local-renderer-crash.patch b/0001-qxl-fix-local-renderer-crash.patch deleted file mode 100644 index a839d38..0000000 --- a/0001-qxl-fix-local-renderer-crash.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 5bd5c27c7d284d01477c5cc022ce22438c46bf9f Mon Sep 17 00:00:00 2001 -Message-Id: <5bd5c27c7d284d01477c5cc022ce22438c46bf9f.1528219523.git.crobinso@redhat.com> -From: Gerd Hoffmann -Date: Fri, 27 Apr 2018 13:55:28 +0200 -Subject: [PATCH] qxl: fix local renderer crash -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Make sure we only ask the spice local renderer for display updates in -case we have a valid primary surface. Without that spice is confused -and throws errors in case a display update request (triggered by -screendump for example) happens in parallel to a mode switch and hits -the race window where the old primary surface is gone and the new isn't -establisted yet. - -Cc: qemu-stable@nongnu.org -Fixes: https://bugzilla.redhat.com//show_bug.cgi?id=1567733 -Signed-off-by: Gerd Hoffmann -Reviewed-by: Marc-André Lureau -Message-id: 20180427115528.345-1-kraxel@redhat.com -Signed-off-by: Cole Robinson ---- - hw/display/qxl-render.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c -index e7ac4f8789..c62b9a5e75 100644 ---- a/hw/display/qxl-render.c -+++ b/hw/display/qxl-render.c -@@ -169,7 +169,8 @@ void qxl_render_update(PCIQXLDevice *qxl) - - qemu_mutex_lock(&qxl->ssd.lock); - -- if (!runstate_is_running() || !qxl->guest_primary.commands) { -+ if (!runstate_is_running() || !qxl->guest_primary.commands || -+ qxl->mode == QXL_MODE_UNDEFINED) { - qxl_render_update_area_unlocked(qxl); - qemu_mutex_unlock(&qxl->ssd.lock); - return; --- -2.17.1 - diff --git a/0002-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch b/0002-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch deleted file mode 100644 index 4fc3e74..0000000 --- a/0002-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch +++ /dev/null @@ -1,148 +0,0 @@ -From 70913a1bded444b1d264c3723fca2f6a7966d667 Mon Sep 17 00:00:00 2001 -From: Konrad Rzeszutek Wilk -Date: Mon, 21 May 2018 22:54:24 +0100 -Subject: [PATCH 2/3] i386: Define the Virt SSBD MSR and handling of it - (CVE-2018-3639) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -"Some AMD processors only support a non-architectural means of enabling -speculative store bypass disable (SSBD). To allow a simplified view of -this to a guest, an architectural definition has been created through a new -CPUID bit, 0x80000008_EBX[25], and a new MSR, 0xc001011f. With this, a -hypervisor can virtualize the existence of this definition and provide an -architectural method for using SSBD to a guest. - -Add the new CPUID feature, the new MSR and update the existing SSBD -support to use this MSR when present." (from x86/speculation: Add virtualized -speculative store bypass disable support in Linux). - -Signed-off-by: Konrad Rzeszutek Wilk -Reviewed-by: Daniel P. Berrangé -Signed-off-by: Daniel P. Berrangé -Message-Id: <20180521215424.13520-4-berrange@redhat.com> -Signed-off-by: Eduardo Habkost -(cherry picked from commit cfeea0c021db6234c154dbc723730e81553924ff) ---- - target/i386/cpu.h | 2 ++ - target/i386/kvm.c | 16 ++++++++++++++-- - target/i386/machine.c | 20 ++++++++++++++++++++ - 3 files changed, 36 insertions(+), 2 deletions(-) - -diff --git a/target/i386/cpu.h b/target/i386/cpu.h -index 970ab96e54..75e821cefe 100644 ---- a/target/i386/cpu.h -+++ b/target/i386/cpu.h -@@ -351,6 +351,7 @@ typedef enum X86Seg { - #define MSR_IA32_FEATURE_CONTROL 0x0000003a - #define MSR_TSC_ADJUST 0x0000003b - #define MSR_IA32_SPEC_CTRL 0x48 -+#define MSR_VIRT_SSBD 0xc001011f - #define MSR_IA32_TSCDEADLINE 0x6e0 - - #define FEATURE_CONTROL_LOCKED (1<<0) -@@ -1150,6 +1151,7 @@ typedef struct CPUX86State { - uint32_t pkru; - - uint64_t spec_ctrl; -+ uint64_t virt_ssbd; - - /* End of state preserved by INIT (dummy marker). */ - struct {} end_init_save; -diff --git a/target/i386/kvm.c b/target/i386/kvm.c -index 6c49954e68..19e6aa320d 100644 ---- a/target/i386/kvm.c -+++ b/target/i386/kvm.c -@@ -92,6 +92,7 @@ static bool has_msr_hv_stimer; - static bool has_msr_hv_frequencies; - static bool has_msr_xss; - static bool has_msr_spec_ctrl; -+static bool has_msr_virt_ssbd; - static bool has_msr_smi_count; - - static uint32_t has_architectural_pmu_version; -@@ -1218,6 +1219,9 @@ static int kvm_get_supported_msrs(KVMState *s) - case MSR_IA32_SPEC_CTRL: - has_msr_spec_ctrl = true; - break; -+ case MSR_VIRT_SSBD: -+ has_msr_virt_ssbd = true; -+ break; - } - } - } -@@ -1706,6 +1710,10 @@ static int kvm_put_msrs(X86CPU *cpu, int level) - if (has_msr_spec_ctrl) { - kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, env->spec_ctrl); - } -+ if (has_msr_virt_ssbd) { -+ kvm_msr_entry_add(cpu, MSR_VIRT_SSBD, env->virt_ssbd); -+ } -+ - #ifdef TARGET_X86_64 - if (lm_capable_kernel) { - kvm_msr_entry_add(cpu, MSR_CSTAR, env->cstar); -@@ -2077,8 +2085,9 @@ static int kvm_get_msrs(X86CPU *cpu) - if (has_msr_spec_ctrl) { - kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, 0); - } -- -- -+ if (has_msr_virt_ssbd) { -+ kvm_msr_entry_add(cpu, MSR_VIRT_SSBD, 0); -+ } - if (!env->tsc_valid) { - kvm_msr_entry_add(cpu, MSR_IA32_TSC, 0); - env->tsc_valid = !runstate_is_running(); -@@ -2444,6 +2453,9 @@ static int kvm_get_msrs(X86CPU *cpu) - case MSR_IA32_SPEC_CTRL: - env->spec_ctrl = msrs[i].data; - break; -+ case MSR_VIRT_SSBD: -+ env->virt_ssbd = msrs[i].data; -+ break; - case MSR_IA32_RTIT_CTL: - env->msr_rtit_ctrl = msrs[i].data; - break; -diff --git a/target/i386/machine.c b/target/i386/machine.c -index bd2d82e91b..f0a835c292 100644 ---- a/target/i386/machine.c -+++ b/target/i386/machine.c -@@ -893,6 +893,25 @@ static const VMStateDescription vmstate_msr_intel_pt = { - } - }; - -+static bool virt_ssbd_needed(void *opaque) -+{ -+ X86CPU *cpu = opaque; -+ CPUX86State *env = &cpu->env; -+ -+ return env->virt_ssbd != 0; -+} -+ -+static const VMStateDescription vmstate_msr_virt_ssbd = { -+ .name = "cpu/virt_ssbd", -+ .version_id = 1, -+ .minimum_version_id = 1, -+ .needed = virt_ssbd_needed, -+ .fields = (VMStateField[]){ -+ VMSTATE_UINT64(env.virt_ssbd, X86CPU), -+ VMSTATE_END_OF_LIST() -+ } -+}; -+ - VMStateDescription vmstate_x86_cpu = { - .name = "cpu", - .version_id = 12, -@@ -1015,6 +1034,7 @@ VMStateDescription vmstate_x86_cpu = { - &vmstate_spec_ctrl, - &vmstate_mcg_ext_ctl, - &vmstate_msr_intel_pt, -+ &vmstate_msr_virt_ssbd, - NULL - } - }; --- -2.17.0 - diff --git a/0003-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch b/0003-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch deleted file mode 100644 index 09f7116..0000000 --- a/0003-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch +++ /dev/null @@ -1,41 +0,0 @@ -From f956cd4aed74d55ecc03d3c33ea66b1d933cb28f Mon Sep 17 00:00:00 2001 -From: Konrad Rzeszutek Wilk -Date: Mon, 21 May 2018 22:54:23 +0100 -Subject: [PATCH 3/3] i386: define the AMD 'virt-ssbd' CPUID feature bit - (CVE-2018-3639) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -AMD Zen expose the Intel equivalant to Speculative Store Bypass Disable -via the 0x80000008_EBX[25] CPUID feature bit. - -This needs to be exposed to guest OS to allow them to protect -against CVE-2018-3639. - -Signed-off-by: Konrad Rzeszutek Wilk -Reviewed-by: Daniel P. Berrangé -Signed-off-by: Daniel P. Berrangé -Message-Id: <20180521215424.13520-3-berrange@redhat.com> -Signed-off-by: Eduardo Habkost -(cherry picked from commit 403503b162ffc33fb64cfefdf7b880acf41772cd) ---- - target/i386/cpu.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/target/i386/cpu.c b/target/i386/cpu.c -index 2f5263e22f..2e305ab689 100644 ---- a/target/i386/cpu.c -+++ b/target/i386/cpu.c -@@ -541,7 +541,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { - "ibpb", NULL, NULL, NULL, - NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, -- NULL, NULL, NULL, NULL, -+ NULL, "virt-ssbd", NULL, NULL, - NULL, NULL, NULL, NULL, - }, - .cpuid_eax = 0x80000008, --- -2.17.0 -