From 0e04ead1cdde827f1c0a20f8b83c76386dbf33e2 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
Date: Wed, 13 Dec 2017 15:42:55 -0200
Subject: [PATCH 1/3] target-i386: cpu: add new CPUID bits for indirect branch
 predictor restrictions

RH-Author: Eduardo Habkost <ehabkost@redhat.com>
Message-id: <20171213174257.20475-2-ehabkost@redhat.com>
Patchwork-id: n/a
O-Subject: [CONFIDENTIAL][RHEL-7.4.z qemu-kvm PATCH v2 1/3] target-i386: cpu:
 add new CPUID bits for indirect branch predictor restrictions
Bugzilla: CVE-2017-5715
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
---
 target-i386/cpu.c | 19 ++++++++++++++++++-
 target-i386/cpu.h |  1 +
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index ae56995..400a7ab 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -172,6 +172,17 @@ static const char *cpuid_7_0_edx_feature_name[] = {
     NULL, NULL, NULL, NULL,
     NULL, NULL, NULL, NULL,
     NULL, NULL, NULL, NULL,
+    NULL, NULL, "spec-ctrl", "stibp",
+    NULL, "arch-facilities", NULL, NULL,
+};
+
+static const char *cpuid_80000008_ebx_feature_name[] = {
+    NULL, NULL, NULL, NULL,
+    NULL, NULL, NULL, NULL,
+    NULL, NULL, NULL, NULL,
+    "ibpb", NULL, NULL, NULL,
+    NULL, NULL, NULL, NULL,
+    NULL, NULL, NULL, NULL,
     NULL, NULL, NULL, NULL,
     NULL, NULL, NULL, NULL,
 };
@@ -314,6 +325,12 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
         .cpuid_reg = R_EDX,
         .tcg_features = TCG_7_0_EDX_FEATURES,
     },
+    [FEAT_8000_0008_EBX] = {
+        .feat_names = cpuid_80000008_ebx_feature_name,
+        .cpuid_eax = 0x80000008,
+        .cpuid_needs_ecx = false, .cpuid_ecx = 0,
+        .cpuid_reg = R_EBX,
+    },
     [FEAT_XSAVE] = {
         .feat_names = cpuid_xsave_feature_name,
         .cpuid_eax = 0xd,
@@ -2371,7 +2388,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
                 *eax = 0x00000020; /* 32 bits physical */
             }
         }
-        *ebx = 0;
+        *ebx = env->features[FEAT_8000_0008_EBX];
         *ecx = 0;
         *edx = 0;
         if (cs->nr_cores * cs->nr_threads > 1) {
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index ac60309..5697dc6 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -405,6 +405,7 @@ typedef enum FeatureWord {
     FEAT_7_0_EDX,       /* CPUID[EAX=7,ECX=0].EDX */
     FEAT_8000_0001_EDX, /* CPUID[8000_0001].EDX */
     FEAT_8000_0001_ECX, /* CPUID[8000_0001].ECX */
+    FEAT_8000_0008_EBX, /* CPUID[8000_0008].EBX */
     FEAT_C000_0001_EDX, /* CPUID[C000_0001].EDX */
     FEAT_KVM,           /* CPUID[4000_0001].EAX (KVM_CPUID_FEATURES) */
     FEAT_SVM,           /* CPUID[8000_000A].EDX */
-- 
1.8.3.1