0b0dff
From ff87044456775053ad487635804d7ab49d476cf7 Mon Sep 17 00:00:00 2001
0b0dff
Message-Id: <ff87044456775053ad487635804d7ab49d476cf7@dist-git>
0b0dff
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
0b0dff
Date: Thu, 10 May 2018 09:06:15 +0200
0b0dff
Subject: [PATCH] cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
0b0dff
MIME-Version: 1.0
0b0dff
Content-Type: text/plain; charset=UTF-8
0b0dff
Content-Transfer-Encoding: 8bit
0b0dff
0b0dff
New microcode introduces the "Speculative Store Bypass Disable"
0b0dff
CPUID feature bit. This needs to be exposed to guest OS to allow
0b0dff
them to protect against CVE-2018-3639.
0b0dff
0b0dff
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
0b0dff
(no upstream commit yet)
0b0dff
0b0dff
Conflicts:
0b0dff
	src/cpu/cpu_map.xml
0b0dff
            - stibp and arch-facilities features pushed for Spectre do
0b0dff
              not exist upstream
0b0dff
0b0dff
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
0b0dff
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
0b0dff
---
0b0dff
 src/cpu/cpu_map.xml | 3 +++
0b0dff
 1 file changed, 3 insertions(+)
0b0dff
0b0dff
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
0b0dff
index 4d786f1e0a..cee3541d24 100644
0b0dff
--- a/src/cpu/cpu_map.xml
0b0dff
+++ b/src/cpu/cpu_map.xml
0b0dff
@@ -301,6 +301,9 @@
0b0dff
     <feature name='arch-facilities'>
0b0dff
       <cpuid eax_in='0x07' ecx_in='0x00' edx='0x20000000'/>
0b0dff
     </feature>
0b0dff
+    <feature name='ssbd'>
0b0dff
+      <cpuid eax_in='0x07' ecx_in='0x00' edx='0x80000000'/>
0b0dff
+    </feature>
0b0dff
 
0b0dff
     
0b0dff
     <feature name='xsaveopt'>
0b0dff
-- 
0b0dff
2.17.0
0b0dff