From ff87044456775053ad487635804d7ab49d476cf7 Mon Sep 17 00:00:00 2001

Message-Id: <ff87044456775053ad487635804d7ab49d476cf7@dist-git>

From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>

Date: Thu, 10 May 2018 09:06:15 +0200

Subject: [PATCH] cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

New microcode introduces the "Speculative Store Bypass Disable"

CPUID feature bit. This needs to be exposed to guest OS to allow

them to protect against CVE-2018-3639.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

(no upstream commit yet)

Conflicts:

	src/cpu/cpu_map.xml

            - stibp and arch-facilities features pushed for Spectre do

              not exist upstream

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

---

 src/cpu/cpu_map.xml | 3 +++

 1 file changed, 3 insertions(+)

diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml

index 4d786f1e0a..cee3541d24 100644

--- a/src/cpu/cpu_map.xml

+++ b/src/cpu/cpu_map.xml

@@ -301,6 +301,9 @@

     <feature name='arch-facilities'>

       <cpuid eax_in='0x07' ecx_in='0x00' edx='0x20000000'/>

     </feature>

+    <feature name='ssbd'>

+      <cpuid eax_in='0x07' ecx_in='0x00' edx='0x80000000'/>

+    </feature>

     <feature name='xsaveopt'>

-- 

2.17.0