render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
Source Code
GIT

Blame SOURCES/libvirt-cpu_map-Define-md-clear-CPUID-bit.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale libvirt-hyperscale-10.4.0 upgrade-hyperscale-libvirt
  1.   f3a72a3599d22200c1cc99f3f8bb16ddba074040
  2.   SOURCES
  3.   libvirt-cpu_map-Define-md-clear-CPUID-bit.patch
Blob History Raw
072c97 
From 96b390925bffede1dcf2940cc79120b54dc3ed6c Mon Sep 17 00:00:00 2001
072c97 
Message-Id: <96b390925bffede1dcf2940cc79120b54dc3ed6c@dist-git>
072c97 
From: Jiri Denemark <jdenemar@redhat.com>
072c97 
Date: Fri, 5 Apr 2019 15:11:20 +0200
072c97 
Subject: [PATCH] cpu_map: Define md-clear CPUID bit
072c97
072c97 
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
072c97
072c97 
The bit is set when microcode provides the mechanism to invoke a flush
072c97 
of various exploitable CPU buffers by invoking the VERW instruction.
072c97
072c97 
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
072c97 
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
072c97 
(cherry picked from a private commit)
072c97
072c97 
Conflicts:
072c97 
	src/cpu_map/x86_features.xml
072c97 
            - no CPU map split downstream
072c97
072c97 
	tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
072c97 
	tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
072c97 
            - test data missing downstream
072c97
072c97 
	tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
072c97 
	tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
072c97 
            - intel-pt feature is missing in RHEL-7.6
072c97
072c97 
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
072c97 
---
072c97 
 src/cpu/cpu_map.xml                                        | 3 +++
072c97 
 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 2 +-
072c97 
 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml   | 1 +
072c97 
 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml    | 1 +
072c97 
 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml    | 1 +
072c97 
 5 files changed, 7 insertions(+), 1 deletion(-)
072c97
072c97 
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
072c97 
index 1382c29cd1..e8960470ad 100644
072c97 
--- a/src/cpu/cpu_map.xml
072c97 
+++ b/src/cpu/cpu_map.xml
072c97 
@@ -295,6 +295,9 @@
072c97 
     <feature name='avx512-4fmaps'>
072c97 
       <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
072c97 
     </feature>
072c97 
+    <feature name='md-clear'>
072c97 
+      <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
072c97 
+    </feature>
072c97 
     <feature name='spec-ctrl'>
072c97 
       <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
072c97 
     </feature>
072c97 
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
072c97 
index 0deca9fba6..74763a462b 100644
072c97 
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
072c97 
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
072c97 
@@ -2,7 +2,7 @@
072c97 
 <cpudata arch='x86'>
072c97 
   <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
072c97 
   <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
072c97 
-  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
072c97 
+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>
072c97 
   <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
072c97 
   <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
072c97 
 </cpudata>
072c97 
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
072c97 
index 141c01c841..3b3472742e 100644
072c97 
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
072c97 
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
072c97 
@@ -19,6 +19,7 @@
072c97 
   <feature policy='require' name='osxsave'/>
072c97 
   <feature policy='require' name='tsc_adjust'/>
072c97 
   <feature policy='require' name='clflushopt'/>
072c97 
+  <feature policy='require' name='md-clear'/>
072c97 
   <feature policy='require' name='stibp'/>
072c97 
   <feature policy='require' name='ssbd'/>
072c97 
   <feature policy='require' name='xsaves'/>
072c97 
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
072c97 
index 53bfc9728d..df4f97417c 100644
072c97 
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
072c97 
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
072c97 
@@ -20,6 +20,7 @@
072c97 
   <feature name='osxsave'/>
072c97 
   <feature name='tsc_adjust'/>
072c97 
   <feature name='clflushopt'/>
072c97 
+  <feature name='md-clear'/>
072c97 
   <feature name='stibp'/>
072c97 
   <feature name='ssbd'/>
072c97 
   <feature name='xsaves'/>
072c97 
diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
072c97 
index 1f321db273..a5591278df 100644
072c97 
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
072c97 
+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
072c97 
@@ -5,6 +5,7 @@
072c97 
   <feature policy='require' name='hypervisor'/>
072c97 
   <feature policy='require' name='tsc_adjust'/>
072c97 
   <feature policy='require' name='clflushopt'/>
072c97 
+  <feature policy='require' name='md-clear'/>
072c97 
   <feature policy='require' name='stibp'/>
072c97 
   <feature policy='require' name='ssbd'/>
072c97 
   <feature policy='require' name='pdpe1gb'/>
072c97 
--
072c97 
2.21.0
072c97

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation