diff --git a/SOURCES/libvirt-cpu_map-Define-md-clear-CPUID-bit.patch b/SOURCES/libvirt-cpu_map-Define-md-clear-CPUID-bit.patch
new file mode 100644
index 0000000..7116abf
--- /dev/null
+++ b/SOURCES/libvirt-cpu_map-Define-md-clear-CPUID-bit.patch
@@ -0,0 +1,102 @@
+From 96b390925bffede1dcf2940cc79120b54dc3ed6c Mon Sep 17 00:00:00 2001
+Message-Id: <96b390925bffede1dcf2940cc79120b54dc3ed6c@dist-git>
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 5 Apr 2019 15:11:20 +0200
+Subject: [PATCH] cpu_map: Define md-clear CPUID bit
+
+CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+
+The bit is set when microcode provides the mechanism to invoke a flush
+of various exploitable CPU buffers by invoking the VERW instruction.
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from a private commit)
+
+Conflicts:
+ src/cpu_map/x86_features.xml
+ - no CPU map split downstream
+
+ tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
+ tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
+ - test data missing downstream
+
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+ - intel-pt feature is missing in RHEL-7.6
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/cpu/cpu_map.xml | 3 +++
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 2 +-
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 1 +
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 1 +
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 1 +
+ 5 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
+index 1382c29cd1..e8960470ad 100644
+--- a/src/cpu/cpu_map.xml
++++ b/src/cpu/cpu_map.xml
+@@ -295,6 +295,9 @@
+ <feature name='avx512-4fmaps'>
+ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
+ </feature>
++ <feature name='md-clear'> <!-- md_clear -->
++ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
++ </feature>
+ <feature name='spec-ctrl'>
+ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
+ </feature>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+index 0deca9fba6..74763a462b 100644
+--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+@@ -2,7 +2,7 @@
+ <cpudata arch='x86'>
+ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
+ <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+- <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
++ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>
+ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+ <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
+ </cpudata>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+index 141c01c841..3b3472742e 100644
+--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+@@ -19,6 +19,7 @@
+ <feature policy='require' name='osxsave'/>
+ <feature policy='require' name='tsc_adjust'/>
+ <feature policy='require' name='clflushopt'/>
++ <feature policy='require' name='md-clear'/>
+ <feature policy='require' name='stibp'/>
+ <feature policy='require' name='ssbd'/>
+ <feature policy='require' name='xsaves'/>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+index 53bfc9728d..df4f97417c 100644
+--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+@@ -20,6 +20,7 @@
+ <feature name='osxsave'/>
+ <feature name='tsc_adjust'/>
+ <feature name='clflushopt'/>
++ <feature name='md-clear'/>
+ <feature name='stibp'/>
+ <feature name='ssbd'/>
+ <feature name='xsaves'/>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+index 1f321db273..a5591278df 100644
+--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+@@ -5,6 +5,7 @@
+ <feature policy='require' name='hypervisor'/>
+ <feature policy='require' name='tsc_adjust'/>
+ <feature policy='require' name='clflushopt'/>
++ <feature policy='require' name='md-clear'/>
+ <feature policy='require' name='stibp'/>
+ <feature policy='require' name='ssbd'/>
+ <feature policy='require' name='pdpe1gb'/>
+--
+2.21.0
+
diff --git a/SOURCES/libvirt-cpu_x86-Do-not-cache-microcode-version.patch b/SOURCES/libvirt-cpu_x86-Do-not-cache-microcode-version.patch
new file mode 100644
index 0000000..e5d5152
--- /dev/null
+++ b/SOURCES/libvirt-cpu_x86-Do-not-cache-microcode-version.patch
@@ -0,0 +1,60 @@
+From 1054c2ab4381145ddc9e937a40c109980f15cf69 Mon Sep 17 00:00:00 2001
+Message-Id: <1054c2ab4381145ddc9e937a40c109980f15cf69@dist-git>
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 5 Apr 2019 11:33:32 +0200
+Subject: [PATCH] cpu_x86: Do not cache microcode version
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The microcode version checks are used to invalidate cached CPU data we
+get from QEMU. To minimize /proc/cpuinfo parsing the microcode version
+was only read when libvirtd started and cached for the daemon's
+lifetime. However, the CPU microcode can change anytime (updating the
+microcode package can automatically upload it to the CPU) and we need to
+stop caching it to avoid using stale CPU model data.
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b)
+
+CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/cpu/cpu_x86.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
+index cf3d80eeb5..1acd8c4f49 100644
+--- a/src/cpu/cpu_x86.c
++++ b/src/cpu/cpu_x86.c
+@@ -155,7 +155,6 @@ struct _virCPUx86Map {
+ };
+
+ static virCPUx86MapPtr cpuMap;
+-static unsigned int microcodeVersion;
+
+ int virCPUx86DriverOnceInit(void);
+ VIR_ONCE_GLOBAL_INIT(virCPUx86Driver);
+@@ -1469,8 +1468,6 @@ virCPUx86DriverOnceInit(void)
+ if (!(cpuMap = virCPUx86LoadMap()))
+ return -1;
+
+- microcodeVersion = virHostCPUGetMicrocodeVersion();
+-
+ return 0;
+ }
+
+@@ -2553,7 +2550,7 @@ virCPUx86GetHost(virCPUDefPtr cpu,
+ goto cleanup;
+
+ ret = x86DecodeCPUData(cpu, cpuData, models);
+- cpu->microcodeVersion = microcodeVersion;
++ cpu->microcodeVersion = virHostCPUGetMicrocodeVersion();
+
+ cleanup:
+ virCPUx86DataFree(cpuData);
+--
+2.21.0
+
diff --git a/SOURCES/libvirt-cputest-Add-data-for-Intel-R-Xeon-R-CPU-E3-1225-v5.patch b/SOURCES/libvirt-cputest-Add-data-for-Intel-R-Xeon-R-CPU-E3-1225-v5.patch
new file mode 100644
index 0000000..732b74c
--- /dev/null
+++ b/SOURCES/libvirt-cputest-Add-data-for-Intel-R-Xeon-R-CPU-E3-1225-v5.patch
@@ -0,0 +1,884 @@
+From dc31ed12dd6b199cc7963ee6177c7dac0ffea041 Mon Sep 17 00:00:00 2001
+Message-Id: <dc31ed12dd6b199cc7963ee6177c7dac0ffea041@dist-git>
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 5 Apr 2019 11:19:30 +0200
+Subject: [PATCH] cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from a private commit)
+
+CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+
+Conflicts:
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+ - intel-pt feature is missing int RHEL-7.6
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ tests/cputest.c | 1 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml | 7 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 8 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 27 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 28 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 11 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5.json | 652 ++++++++++++++++++
+ .../x86_64-cpuid-Xeon-E3-1225-v5.sig | 4 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5.xml | 47 ++
+ 9 files changed, 785 insertions(+)
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
+
+diff --git a/tests/cputest.c b/tests/cputest.c
+index 74f84fab6c..9e5f807823 100644
+--- a/tests/cputest.c
++++ b/tests/cputest.c
+@@ -1192,6 +1192,7 @@ mymain(void)
+ DO_TEST_CPUID(VIR_ARCH_X86_64, "Phenom-B95", JSON_HOST);
+ DO_TEST_CPUID(VIR_ARCH_X86_64, "Ryzen-7-1800X-Eight-Core", JSON_HOST);
+ DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-5110", JSON_NONE);
++ DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1225-v5", JSON_MODELS);
+ DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1245-v5", JSON_MODELS);
+ DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2609-v3", JSON_MODELS);
+ DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2623-v4", JSON_MODELS);
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
+new file mode 100644
+index 0000000000..ce51903e53
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
+@@ -0,0 +1,7 @@
++<!-- Features disabled by QEMU -->
++<cpudata arch='x86'>
++ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x0800c1fc' edx='0xb0600000'/>
++ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x02000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
++</cpudata>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+new file mode 100644
+index 0000000000..0deca9fba6
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+@@ -0,0 +1,8 @@
++<!-- Features enabled by QEMU -->
++<cpudata arch='x86'>
++ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
++ <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
++ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
++</cpudata>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+new file mode 100644
+index 0000000000..141c01c841
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+@@ -0,0 +1,27 @@
++<cpu mode='custom' match='exact'>
++ <model fallback='forbid'>Skylake-Client-IBRS</model>
++ <vendor>Intel</vendor>
++ <feature policy='require' name='ds'/>
++ <feature policy='require' name='acpi'/>
++ <feature policy='require' name='ss'/>
++ <feature policy='require' name='ht'/>
++ <feature policy='require' name='tm'/>
++ <feature policy='require' name='pbe'/>
++ <feature policy='require' name='dtes64'/>
++ <feature policy='require' name='monitor'/>
++ <feature policy='require' name='ds_cpl'/>
++ <feature policy='require' name='vmx'/>
++ <feature policy='require' name='smx'/>
++ <feature policy='require' name='est'/>
++ <feature policy='require' name='tm2'/>
++ <feature policy='require' name='xtpr'/>
++ <feature policy='require' name='pdcm'/>
++ <feature policy='require' name='osxsave'/>
++ <feature policy='require' name='tsc_adjust'/>
++ <feature policy='require' name='clflushopt'/>
++ <feature policy='require' name='stibp'/>
++ <feature policy='require' name='ssbd'/>
++ <feature policy='require' name='xsaves'/>
++ <feature policy='require' name='pdpe1gb'/>
++ <feature policy='require' name='invtsc'/>
++</cpu>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+new file mode 100644
+index 0000000000..53bfc9728d
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+@@ -0,0 +1,28 @@
++<cpu>
++ <arch>x86_64</arch>
++ <model>Skylake-Client-IBRS</model>
++ <vendor>Intel</vendor>
++ <feature name='ds'/>
++ <feature name='acpi'/>
++ <feature name='ss'/>
++ <feature name='ht'/>
++ <feature name='tm'/>
++ <feature name='pbe'/>
++ <feature name='dtes64'/>
++ <feature name='monitor'/>
++ <feature name='ds_cpl'/>
++ <feature name='vmx'/>
++ <feature name='smx'/>
++ <feature name='est'/>
++ <feature name='tm2'/>
++ <feature name='xtpr'/>
++ <feature name='pdcm'/>
++ <feature name='osxsave'/>
++ <feature name='tsc_adjust'/>
++ <feature name='clflushopt'/>
++ <feature name='stibp'/>
++ <feature name='ssbd'/>
++ <feature name='xsaves'/>
++ <feature name='pdpe1gb'/>
++ <feature name='invtsc'/>
++</cpu>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+new file mode 100644
+index 0000000000..1f321db273
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+@@ -0,0 +1,11 @@
++<cpu mode='custom' match='exact'>
++ <model fallback='forbid'>Skylake-Client-IBRS</model>
++ <vendor>Intel</vendor>
++ <feature policy='require' name='ss'/>
++ <feature policy='require' name='hypervisor'/>
++ <feature policy='require' name='tsc_adjust'/>
++ <feature policy='require' name='clflushopt'/>
++ <feature policy='require' name='stibp'/>
++ <feature policy='require' name='ssbd'/>
++ <feature policy='require' name='pdpe1gb'/>
++</cpu>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
+new file mode 100644
+index 0000000000..084747556b
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
+@@ -0,0 +1,652 @@
++{
++ "return": {
++ "model": {
++ "name": "base",
++ "props": {
++ "phys-bits": 0,
++ "core-id": -1,
++ "xlevel": 2147483656,
++ "cmov": true,
++ "ia64": false,
++ "aes": true,
++ "mmx": true,
++ "rdpid": false,
++ "arat": true,
++ "gfni": false,
++ "pause-filter": false,
++ "xsavec": true,
++ "intel-pt": false,
++ "osxsave": false,
++ "hv-frequencies": false,
++ "tsc-frequency": 0,
++ "xd": true,
++ "hv-vendor-id": "",
++ "kvm-asyncpf": true,
++ "kvm_asyncpf": true,
++ "perfctr_core": false,
++ "perfctr-core": false,
++ "mpx": true,
++ "pbe": false,
++ "decodeassists": false,
++ "avx512cd": false,
++ "sse4_1": true,
++ "sse4.1": true,
++ "sse4-1": true,
++ "family": 6,
++ "legacy-cache": true,
++ "vmware-cpuid-freq": true,
++ "avx512f": false,
++ "msr": true,
++ "mce": true,
++ "mca": true,
++ "hv-runtime": false,
++ "xcrypt": false,
++ "thread-id": -1,
++ "min-level": 13,
++ "xgetbv1": true,
++ "cid": false,
++ "hv-relaxed": false,
++ "hv-crash": false,
++ "ds": false,
++ "fxsr": true,
++ "xsaveopt": true,
++ "xtpr": false,
++ "avx512vl": false,
++ "avx512-vpopcntdq": false,
++ "phe": false,
++ "extapic": false,
++ "3dnowprefetch": true,
++ "avx512vbmi2": false,
++ "cr8legacy": false,
++ "stibp": true,
++ "cpuid-0xb": true,
++ "xcrypt-en": false,
++ "kvm_pv_eoi": true,
++ "apic-id": 4294967295,
++ "pn": false,
++ "dca": false,
++ "vendor": "GenuineIntel",
++ "pku": false,
++ "smx": false,
++ "cmp_legacy": false,
++ "cmp-legacy": false,
++ "node-id": -1,
++ "avx512-4fmaps": false,
++ "vmcb_clean": false,
++ "vmcb-clean": false,
++ "3dnowext": false,
++ "hle": true,
++ "npt": false,
++ "memory": "/machine/unattached/system[0]",
++ "clwb": false,
++ "lbrv": false,
++ "adx": true,
++ "ss": true,
++ "pni": true,
++ "svm_lock": false,
++ "svm-lock": false,
++ "pfthreshold": false,
++ "smep": true,
++ "smap": true,
++ "x2apic": true,
++ "avx512vbmi": false,
++ "avx512vnni": false,
++ "hv-stimer": false,
++ "i64": true,
++ "flushbyasid": false,
++ "f16c": true,
++ "ace2-en": false,
++ "pat": true,
++ "pae": true,
++ "sse": true,
++ "phe-en": false,
++ "kvm_nopiodelay": true,
++ "kvm-nopiodelay": true,
++ "tm": false,
++ "kvmclock-stable-bit": true,
++ "hypervisor": true,
++ "socket-id": -1,
++ "pcommit": false,
++ "syscall": true,
++ "level": 13,
++ "avx512dq": false,
++ "svm": false,
++ "full-cpuid-auto-level": true,
++ "hv-reset": false,
++ "invtsc": false,
++ "sse3": true,
++ "sse2": true,
++ "ssbd": true,
++ "est": false,
++ "avx512ifma": false,
++ "tm2": false,
++ "kvm-pv-eoi": true,
++ "cx8": true,
++ "kvm_mmu": false,
++ "kvm-mmu": false,
++ "sse4_2": true,
++ "sse4.2": true,
++ "sse4-2": true,
++ "pge": true,
++ "fill-mtrr-mask": true,
++ "avx512bitalg": false,
++ "nodeid_msr": false,
++ "pdcm": false,
++ "movbe": true,
++ "model": 94,
++ "nrip_save": false,
++ "nrip-save": false,
++ "kvm_pv_unhalt": true,
++ "ssse3": true,
++ "sse4a": false,
++ "invpcid": true,
++ "pdpe1gb": true,
++ "tsc-deadline": true,
++ "fma": true,
++ "cx16": true,
++ "de": true,
++ "enforce": false,
++ "stepping": 3,
++ "xsave": true,
++ "clflush": true,
++ "skinit": false,
++ "tsc": true,
++ "tce": false,
++ "fpu": true,
++ "ibs": false,
++ "ds_cpl": false,
++ "ds-cpl": false,
++ "host-phys-bits": true,
++ "fma4": false,
++ "la57": false,
++ "osvw": false,
++ "check": true,
++ "hv-spinlocks": -1,
++ "pmu": false,
++ "pmm": false,
++ "apic": true,
++ "spec-ctrl": true,
++ "min-xlevel2": 0,
++ "tsc-adjust": true,
++ "tsc_adjust": true,
++ "kvm-steal-time": true,
++ "kvm_steal_time": true,
++ "kvmclock": true,
++ "l3-cache": true,
++ "lwp": false,
++ "ibpb": false,
++ "xop": false,
++ "avx": true,
++ "ospke": false,
++ "ace2": false,
++ "avx512bw": false,
++ "acpi": false,
++ "hv-vapic": false,
++ "fsgsbase": true,
++ "ht": false,
++ "nx": true,
++ "pclmulqdq": true,
++ "mmxext": false,
++ "vaes": false,
++ "popcnt": true,
++ "xsaves": false,
++ "tcg-cpuid": true,
++ "lm": true,
++ "umip": false,
++ "pse": true,
++ "avx2": true,
++ "sep": true,
++ "pclmuldq": true,
++ "virt-ssbd": false,
++ "x-hv-max-vps": -1,
++ "nodeid-msr": false,
++ "md-clear": true,
++ "kvm": true,
++ "misalignsse": false,
++ "min-xlevel": 2147483656,
++ "kvm-pv-unhalt": true,
++ "bmi2": true,
++ "bmi1": true,
++ "realized": false,
++ "tsc_scale": false,
++ "tsc-scale": false,
++ "topoext": false,
++ "hv-vpindex": false,
++ "xlevel2": 0,
++ "clflushopt": true,
++ "kvm-no-smi-migration": false,
++ "monitor": false,
++ "avx512er": false,
++ "pmm-en": false,
++ "pcid": true,
++ "3dnow": false,
++ "erms": true,
++ "lahf-lm": true,
++ "lahf_lm": true,
++ "vpclmulqdq": false,
++ "fxsr-opt": false,
++ "hv-synic": false,
++ "xstore": false,
++ "fxsr_opt": false,
++ "kvm-hint-dedicated": false,
++ "rtm": true,
++ "lmce": true,
++ "hv-time": false,
++ "perfctr-nb": false,
++ "perfctr_nb": false,
++ "ffxsr": false,
++ "rdrand": true,
++ "rdseed": true,
++ "avx512-4vnniw": false,
++ "vmx": false,
++ "vme": true,
++ "dtes64": false,
++ "mtrr": true,
++ "rdtscp": true,
++ "pse36": true,
++ "kvm-pv-tlb-flush": false,
++ "tbm": false,
++ "wdt": false,
++ "pause_filter": false,
++ "sha-ni": false,
++ "model-id": "Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz",
++ "abm": true,
++ "avx512pf": false,
++ "xstore-en": false
++ }
++ }
++ },
++ "id": "model-expansion"
++}
++
++{
++ "return": [
++ {
++ "name": "max",
++ "typename": "max-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": false
++ },
++ {
++ "name": "host",
++ "typename": "host-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": false
++ },
++ {
++ "name": "base",
++ "typename": "base-x86_64-cpu",
++ "unavailable-features": [],
++ "static": true,
++ "migration-safe": true
++ },
++ {
++ "name": "qemu64",
++ "typename": "qemu64-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "qemu32",
++ "typename": "qemu32-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "phenom",
++ "typename": "phenom-x86_64-cpu",
++ "unavailable-features": [
++ "mmxext",
++ "fxsr-opt",
++ "3dnowext",
++ "3dnow",
++ "sse4a",
++ "npt"
++ ],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "pentium3",
++ "typename": "pentium3-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "pentium2",
++ "typename": "pentium2-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "pentium",
++ "typename": "pentium-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "n270",
++ "typename": "n270-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "kvm64",
++ "typename": "kvm64-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "kvm32",
++ "typename": "kvm32-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "cpu64-rhel6",
++ "typename": "cpu64-rhel6-x86_64-cpu",
++ "unavailable-features": [
++ "sse4a"
++ ],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "coreduo",
++ "typename": "coreduo-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "core2duo",
++ "typename": "core2duo-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "athlon",
++ "typename": "athlon-x86_64-cpu",
++ "unavailable-features": [
++ "mmxext",
++ "3dnowext",
++ "3dnow"
++ ],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Westmere",
++ "typename": "Westmere-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Westmere-IBRS",
++ "typename": "Westmere-IBRS-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Skylake-Server",
++ "typename": "Skylake-Server-x86_64-cpu",
++ "unavailable-features": [
++ "avx512f",
++ "avx512dq",
++ "clwb",
++ "avx512cd",
++ "avx512bw",
++ "avx512vl",
++ "avx512f",
++ "avx512f",
++ "avx512f"
++ ],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Skylake-Server-IBRS",
++ "typename": "Skylake-Server-IBRS-x86_64-cpu",
++ "unavailable-features": [
++ "avx512f",
++ "avx512dq",
++ "clwb",
++ "avx512cd",
++ "avx512bw",
++ "avx512vl",
++ "avx512f",
++ "avx512f",
++ "avx512f"
++ ],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Skylake-Client",
++ "typename": "Skylake-Client-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Skylake-Client-IBRS",
++ "typename": "Skylake-Client-IBRS-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "SandyBridge",
++ "typename": "SandyBridge-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "SandyBridge-IBRS",
++ "typename": "SandyBridge-IBRS-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Penryn",
++ "typename": "Penryn-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Opteron_G5",
++ "typename": "Opteron_G5-x86_64-cpu",
++ "unavailable-features": [
++ "sse4a",
++ "misalignsse",
++ "xop",
++ "fma4",
++ "tbm"
++ ],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Opteron_G4",
++ "typename": "Opteron_G4-x86_64-cpu",
++ "unavailable-features": [
++ "sse4a",
++ "misalignsse",
++ "xop",
++ "fma4"
++ ],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Opteron_G3",
++ "typename": "Opteron_G3-x86_64-cpu",
++ "unavailable-features": [
++ "sse4a",
++ "misalignsse"
++ ],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Opteron_G2",
++ "typename": "Opteron_G2-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Opteron_G1",
++ "typename": "Opteron_G1-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Nehalem",
++ "typename": "Nehalem-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Nehalem-IBRS",
++ "typename": "Nehalem-IBRS-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "IvyBridge",
++ "typename": "IvyBridge-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "IvyBridge-IBRS",
++ "typename": "IvyBridge-IBRS-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Haswell",
++ "typename": "Haswell-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Haswell-noTSX",
++ "typename": "Haswell-noTSX-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Haswell-noTSX-IBRS",
++ "typename": "Haswell-noTSX-IBRS-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Haswell-IBRS",
++ "typename": "Haswell-IBRS-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "EPYC",
++ "typename": "EPYC-x86_64-cpu",
++ "unavailable-features": [
++ "sha-ni",
++ "mmxext",
++ "fxsr-opt",
++ "cr8legacy",
++ "sse4a",
++ "misalignsse",
++ "osvw"
++ ],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "EPYC-IBPB",
++ "typename": "EPYC-IBPB-x86_64-cpu",
++ "unavailable-features": [
++ "sha-ni",
++ "mmxext",
++ "fxsr-opt",
++ "cr8legacy",
++ "sse4a",
++ "misalignsse",
++ "osvw",
++ "ibpb"
++ ],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Conroe",
++ "typename": "Conroe-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Broadwell",
++ "typename": "Broadwell-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Broadwell-noTSX",
++ "typename": "Broadwell-noTSX-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Broadwell-noTSX-IBRS",
++ "typename": "Broadwell-noTSX-IBRS-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "Broadwell-IBRS",
++ "typename": "Broadwell-IBRS-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ },
++ {
++ "name": "486",
++ "typename": "486-x86_64-cpu",
++ "unavailable-features": [],
++ "static": false,
++ "migration-safe": true
++ }
++ ],
++ "id": "definitions"
++}
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
+new file mode 100644
+index 0000000000..7e57c2ded6
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
+@@ -0,0 +1,4 @@
++0506e3
++family: 6 (0x06)
++model: 94 (0x5e)
++stepping: 3 (0x03)
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
+new file mode 100644
+index 0000000000..437429d61d
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
+@@ -0,0 +1,47 @@
++<!-- Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz -->
++<cpudata arch='x86'>
++ <cpuid eax_in='0x00000000' ecx_in='0x00' eax='0x00000016' ebx='0x756e6547' ecx='0x6c65746e' edx='0x49656e69'/>
++ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x000506e3' ebx='0x06100800' ecx='0x7ffafbff' edx='0xbfebfbff'/>
++ <cpuid eax_in='0x00000002' ecx_in='0x00' eax='0x76036301' ebx='0x00f0b6ff' ecx='0x00000000' edx='0x00c30000'/>
++ <cpuid eax_in='0x00000003' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x00000004' ecx_in='0x00' eax='0x1c004121' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
++ <cpuid eax_in='0x00000004' ecx_in='0x01' eax='0x1c004122' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
++ <cpuid eax_in='0x00000004' ecx_in='0x02' eax='0x1c004143' ebx='0x00c0003f' ecx='0x000003ff' edx='0x00000000'/>
++ <cpuid eax_in='0x00000004' ecx_in='0x03' eax='0x1c03c163' ebx='0x03c0003f' ecx='0x00001fff' edx='0x00000006'/>
++ <cpuid eax_in='0x00000005' ecx_in='0x00' eax='0x00000040' ebx='0x00000040' ecx='0x00000003' edx='0x00142120'/>
++ <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x000027f7' ebx='0x00000002' ecx='0x00000009' edx='0x00000000'/>
++ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x029c6fbf' ecx='0x00000000' edx='0x9c002400'/>
++ <cpuid eax_in='0x00000008' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x00000009' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x0000000a' ecx_in='0x00' eax='0x07300804' ebx='0x00000000' ecx='0x00000000' edx='0x00000603'/>
++ <cpuid eax_in='0x0000000b' ecx_in='0x00' eax='0x00000001' ebx='0x00000001' ecx='0x00000100' edx='0x00000006'/>
++ <cpuid eax_in='0x0000000b' ecx_in='0x01' eax='0x00000004' ebx='0x00000004' ecx='0x00000201' edx='0x00000006'/>
++ <cpuid eax_in='0x0000000c' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x0000000d' ecx_in='0x00' eax='0x0000001f' ebx='0x00000440' ecx='0x00000440' edx='0x00000000'/>
++ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x0000000f' ebx='0x000003c0' ecx='0x00000100' edx='0x00000000'/>
++ <cpuid eax_in='0x0000000d' ecx_in='0x02' eax='0x00000100' ebx='0x00000240' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x0000000d' ecx_in='0x03' eax='0x00000040' ebx='0x000003c0' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x0000000d' ecx_in='0x04' eax='0x00000040' ebx='0x00000400' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x0000000d' ecx_in='0x08' eax='0x00000080' ebx='0x00000000' ecx='0x00000001' edx='0x00000000'/>
++ <cpuid eax_in='0x0000000e' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x0000000f' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x00000010' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x00000011' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x00000012' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x00000013' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x00000014' ecx_in='0x00' eax='0x00000001' ebx='0x0000000f' ecx='0x00000007' edx='0x00000000'/>
++ <cpuid eax_in='0x00000014' ecx_in='0x01' eax='0x02490002' ebx='0x003f3fff' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x00000015' ecx_in='0x00' eax='0x00000002' ebx='0x00000114' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x00000016' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
++ <cpuid eax_in='0x80000000' ecx_in='0x00' eax='0x80000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
++ <cpuid eax_in='0x80000002' ecx_in='0x00' eax='0x65746e49' ebx='0x2952286c' ecx='0x6f655820' edx='0x2952286e'/>
++ <cpuid eax_in='0x80000003' ecx_in='0x00' eax='0x55504320' ebx='0x2d334520' ecx='0x35323231' edx='0x20357620'/>
++ <cpuid eax_in='0x80000004' ecx_in='0x00' eax='0x2e332040' ebx='0x48473033' ecx='0x0000007a' edx='0x00000000'/>
++ <cpuid eax_in='0x80000005' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x80000006' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x01006040' edx='0x00000000'/>
++ <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
++ <cpuid eax_in='0x80000008' ecx_in='0x00' eax='0x00003027' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++ <cpuid eax_in='0x80860000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
++ <cpuid eax_in='0xc0000000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
++</cpudata>
+--
+2.21.0
+
diff --git a/SOURCES/libvirt-qemu-Don-t-cache-microcode-version.patch b/SOURCES/libvirt-qemu-Don-t-cache-microcode-version.patch
new file mode 100644
index 0000000..0e4e5cb
--- /dev/null
+++ b/SOURCES/libvirt-qemu-Don-t-cache-microcode-version.patch
@@ -0,0 +1,154 @@
+From abfcb113bd1200dc91e8d6e3bcbd2084d458f554 Mon Sep 17 00:00:00 2001
+Message-Id: <abfcb113bd1200dc91e8d6e3bcbd2084d458f554@dist-git>
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 12 Apr 2019 21:21:05 +0200
+Subject: [PATCH] qemu: Don't cache microcode version
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+My earlier commit be46f61326 was incomplete. It removed caching of
+microcode version in the CPU driver, which means the capabilities XML
+will see the correct microcode version. But it is also cached in the
+QEMU capabilities cache where it is used to detect whether we need to
+reprobe QEMU. By missing the second place, the original commit
+be46f61326 made the situation even worse since libvirt would report
+correct microcode version while still using the old host CPU model
+(visible in domain capabilities XML).
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit 673c62a3b7855a0685d8f116e227c402720b9ee9)
+
+CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+
+Conflicts:
+ src/qemu/qemu_capabilities.c
+ - virQEMUCapsCacheLookupByArch refactoring (commits
+ 7948ad4129a and 1a3de67001c) are missing
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/qemu/qemu_capabilities.c | 12 ++++++++----
+ src/qemu/qemu_capabilities.h | 3 +--
+ src/qemu/qemu_driver.c | 9 +--------
+ tests/testutilsqemu.c | 2 +-
+ 4 files changed, 11 insertions(+), 15 deletions(-)
+
+diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
+index 4f2051a2bb..96aa1b15e4 100644
+--- a/src/qemu/qemu_capabilities.c
++++ b/src/qemu/qemu_capabilities.c
+@@ -4625,7 +4625,7 @@ virQEMUCapsNewData(const char *binary,
+ priv->libDir,
+ priv->runUid,
+ priv->runGid,
+- priv->microcodeVersion,
++ virHostCPUGetMicrocodeVersion(),
+ priv->kernelVersion);
+ }
+
+@@ -4708,8 +4708,7 @@ virFileCachePtr
+ virQEMUCapsCacheNew(const char *libDir,
+ const char *cacheDir,
+ uid_t runUid,
+- gid_t runGid,
+- unsigned int microcodeVersion)
++ gid_t runGid)
+ {
+ char *capsCacheDir = NULL;
+ virFileCachePtr cache = NULL;
+@@ -4733,7 +4732,6 @@ virQEMUCapsCacheNew(const char *libDir,
+
+ priv->runUid = runUid;
+ priv->runGid = runGid;
+- priv->microcodeVersion = microcodeVersion;
+
+ if (uname(&uts) == 0 &&
+ virAsprintf(&priv->kernelVersion, "%s %s", uts.release, uts.version) < 0)
+@@ -4754,8 +4752,11 @@ virQEMUCapsPtr
+ virQEMUCapsCacheLookup(virFileCachePtr cache,
+ const char *binary)
+ {
++ virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
+ virQEMUCapsPtr ret = NULL;
+
++ priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
++
+ ret = virFileCacheLookup(cache, binary);
+
+ VIR_DEBUG("Returning caps %p for %s", ret, binary);
+@@ -4801,10 +4802,13 @@ virQEMUCapsPtr
+ virQEMUCapsCacheLookupByArch(virFileCachePtr cache,
+ virArch arch)
+ {
++ virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
+ virQEMUCapsPtr ret = NULL;
+ virArch target;
+ struct virQEMUCapsSearchData data = { .arch = arch };
+
++ priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
++
+ ret = virFileCacheLookupByFunc(cache, virQEMUCapsCompareArch, &data);
+ if (!ret) {
+ /* If the first attempt at finding capabilities has failed, try
+diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
+index 9e8ad5f5c3..7a91b7da62 100644
+--- a/src/qemu/qemu_capabilities.h
++++ b/src/qemu/qemu_capabilities.h
+@@ -572,8 +572,7 @@ void virQEMUCapsFilterByMachineType(virQEMUCapsPtr qemuCaps,
+ virFileCachePtr virQEMUCapsCacheNew(const char *libDir,
+ const char *cacheDir,
+ uid_t uid,
+- gid_t gid,
+- unsigned int microcodeVersion);
++ gid_t gid);
+ virQEMUCapsPtr virQEMUCapsCacheLookup(virFileCachePtr cache,
+ const char *binary);
+ virQEMUCapsPtr virQEMUCapsCacheLookupCopy(virFileCachePtr cache,
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 295613ba3c..21d836a540 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -592,8 +592,6 @@ qemuStateInitialize(bool privileged,
+ char *hugepagePath = NULL;
+ char *memoryBackingPath = NULL;
+ size_t i;
+- virCPUDefPtr hostCPU = NULL;
+- unsigned int microcodeVersion = 0;
+
+ if (VIR_ALLOC(qemu_driver) < 0)
+ return -1;
+@@ -813,15 +811,10 @@ qemuStateInitialize(bool privileged,
+ run_gid = cfg->group;
+ }
+
+- if ((hostCPU = virCPUProbeHost(virArchFromHost())))
+- microcodeVersion = hostCPU->microcodeVersion;
+- virCPUDefFree(hostCPU);
+-
+ qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir,
+ cfg->cacheDir,
+ run_uid,
+- run_gid,
+- microcodeVersion);
++ run_gid);
+ if (!qemu_driver->qemuCapsCache)
+ goto error;
+
+diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
+index dc7e90b952..3e0b753549 100644
+--- a/tests/testutilsqemu.c
++++ b/tests/testutilsqemu.c
+@@ -617,7 +617,7 @@ int qemuTestDriverInit(virQEMUDriver *driver)
+
+ /* Using /dev/null for libDir and cacheDir automatically produces errors
+ * upon attempt to use any of them */
+- driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0, 0);
++ driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0);
+ if (!driver->qemuCapsCache)
+ goto error;
+
+--
+2.21.0
+
diff --git a/SPECS/libvirt.spec b/SPECS/libvirt.spec
index 3d5acc9..a456370 100644
--- a/SPECS/libvirt.spec
+++ b/SPECS/libvirt.spec
@@ -253,7 +253,7 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: 4.5.0
-Release: 10%{?dist}.7%{?extra_release}
+Release: 10%{?dist}.9%{?extra_release}
License: LGPLv2+
URL: https://libvirt.org/
@@ -411,6 +411,10 @@ Patch145: libvirt-util-Modify-virStorageFileGetSCSIKey-return.patch
Patch146: libvirt-storage-Rework-virStorageBackendSCSISerial.patch
Patch147: libvirt-util-Introduce-virStorageFileGetNPIVKey.patch
Patch148: libvirt-storage-Fetch-a-unique-key-for-vHBA-NPIV-LUNs.patch
+Patch149: libvirt-cpu_x86-Do-not-cache-microcode-version.patch
+Patch150: libvirt-cputest-Add-data-for-Intel-R-Xeon-R-CPU-E3-1225-v5.patch
+Patch151: libvirt-cpu_map-Define-md-clear-CPUID-bit.patch
+Patch152: libvirt-qemu-Don-t-cache-microcode-version.patch
Requires: libvirt-daemon = %{version}-%{release}
Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -2312,6 +2316,14 @@ exit 0
%changelog
+* Tue Apr 16 2019 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-10.el7_6.9
+- qemu: Don't cache microcode version (CVE-2018-12127, CVE-2018-12126, CVE-2018-12130)
+
+* Wed Apr 10 2019 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-10.el7_6.8
+- cpu_x86: Do not cache microcode version (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)
+- cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)
+- cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)
+
* Tue Mar 26 2019 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-10.el7_6.7
- cputest: Add data for Intel(R) Xeon(R) CPU E5-2630 v4 (rhbz#1687515)
- cputest: Add data for Intel(R) Core(TM) i7-7600U (rhbz#1687515)