diff --git a/SOURCES/kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch b/SOURCES/kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch
new file mode 100644
index 0000000..9ca80c2
--- /dev/null
+++ b/SOURCES/kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch
@@ -0,0 +1,189 @@
+From cd4088d607d604085015b0e405b2340420de5d5a Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 9 Oct 2019 17:51:43 +0200
+Subject: [PATCH 05/10] kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and
+ KVM_GET_MSRS system ioctl
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191009175148.1361-6-ehabkost@redhat.com>
+Patchwork-id: 91361
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH 05/10] kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl
+Bugzilla: 1730606
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Robert Hoo <robert.hu@linux.intel.com>
+
+Add kvm_get_supported_feature_msrs() to get supported MSR feature index list.
+Add kvm_arch_get_supported_msr_feature() to get each MSR features value.
+
+7.7.z backport notes:
+* No conflicts, but `#include "qemu/error-report.h"` lines was added
+
+Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
+Message-Id: <1539578845-37944-2-git-send-email-robert.hu@linux.intel.com>
+Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit f57bceb6ab5163ddd6c41ff4344ab8cf28a9c63d)
+Signed-off-by: Paul Lai <plai@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ include/sysemu/kvm.h | 1 +
+ linux-headers/linux/kvm.h | 2 ++
+ target-i386/kvm.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 83 insertions(+)
+
+diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
+index e4403be..281fe26 100644
+--- a/include/sysemu/kvm.h
++++ b/include/sysemu/kvm.h
+@@ -253,6 +253,7 @@ int kvm_check_extension(KVMState *s, unsigned int extension);
+
+ uint32_t kvm_arch_get_supported_cpuid(KVMState *env, uint32_t function,
+ uint32_t index, int reg);
++uint32_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index);
+ void kvm_cpu_synchronize_state(CPUArchState *env);
+
+ /* generic hooks - to be moved/refactored once there are more users */
+diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
+index 4b93099..bfeafff 100644
+--- a/linux-headers/linux/kvm.h
++++ b/linux-headers/linux/kvm.h
+@@ -541,6 +541,7 @@ struct kvm_ppc_smmu_info {
+ #define KVM_TRACE_ENABLE __KVM_DEPRECATED_MAIN_W_0x06
+ #define KVM_TRACE_PAUSE __KVM_DEPRECATED_MAIN_0x07
+ #define KVM_TRACE_DISABLE __KVM_DEPRECATED_MAIN_0x08
++#define KVM_GET_MSR_FEATURE_INDEX_LIST _IOWR(KVMIO, 0x0a, struct kvm_msr_list)
+
+ /*
+ * Extension capability list.
+@@ -667,6 +668,7 @@ struct kvm_ppc_smmu_info {
+ #define KVM_CAP_PPC_RTAS 91
+ #define KVM_CAP_IRQ_XICS 92
+ #define KVM_CAP_HYPERV_TIME 96
++#define KVM_CAP_GET_MSR_FEATURES 153
+
+ #ifdef KVM_CAP_IRQ_ROUTING
+
+diff --git a/target-i386/kvm.c b/target-i386/kvm.c
+index d5f6deb..2b1d7da 100644
+--- a/target-i386/kvm.c
++++ b/target-i386/kvm.c
+@@ -33,6 +33,7 @@
+ #include "exec/ioport.h"
+ #include <asm/hyperv.h>
+ #include "hw/pci/pci.h"
++#include "qemu/error-report.h"
+
+ //#define DEBUG_KVM
+
+@@ -82,6 +83,7 @@ static bool has_msr_virt_ssbd;
+
+ static bool has_msr_architectural_pmu;
+ static uint32_t num_architectural_pmu_counters;
++static struct kvm_msr_list *kvm_feature_msrs;
+
+ bool kvm_allows_irq0_override(void)
+ {
+@@ -249,11 +251,87 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
+ return ret;
+ }
+
++uint32_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index)
++{
++ struct {
++ struct kvm_msrs info;
++ struct kvm_msr_entry entries[1];
++ } msr_data;
++ uint32_t ret;
++
++ if (kvm_feature_msrs == NULL) { /* Host doesn't support feature MSRs */
++ return 0;
++ }
++
++ /* Check if requested MSR is supported feature MSR */
++ int i;
++ for (i = 0; i < kvm_feature_msrs->nmsrs; i++)
++ if (kvm_feature_msrs->indices[i] == index) {
++ break;
++ }
++ if (i == kvm_feature_msrs->nmsrs) {
++ return 0; /* if the feature MSR is not supported, simply return 0 */
++ }
++
++ msr_data.info.nmsrs = 1;
++ msr_data.entries[0].index = index;
++
++ ret = kvm_ioctl(s, KVM_GET_MSRS, &msr_data);
++ if (ret != 1) {
++ error_report("KVM get MSR (index=0x%x) feature failed, %s",
++ index, strerror(-ret));
++ exit(1);
++ }
++
++ return msr_data.entries[0].data;
++}
++
+ typedef struct HWPoisonPage {
+ ram_addr_t ram_addr;
+ QLIST_ENTRY(HWPoisonPage) list;
+ } HWPoisonPage;
+
++static int kvm_get_supported_feature_msrs(KVMState *s)
++{
++ int ret = 0;
++
++ if (kvm_feature_msrs != NULL) {
++ return 0;
++ }
++
++ if (!kvm_check_extension(s, KVM_CAP_GET_MSR_FEATURES)) {
++ return 0;
++ }
++
++ struct kvm_msr_list msr_list;
++
++ msr_list.nmsrs = 0;
++ ret = kvm_ioctl(s, KVM_GET_MSR_FEATURE_INDEX_LIST, &msr_list);
++ if (ret < 0 && ret != -E2BIG) {
++ error_report("Fetch KVM feature MSR list failed: %s",
++ strerror(-ret));
++ return ret;
++ }
++
++ assert(msr_list.nmsrs > 0);
++ kvm_feature_msrs = (struct kvm_msr_list *) \
++ g_malloc0(sizeof(msr_list) +
++ msr_list.nmsrs * sizeof(msr_list.indices[0]));
++
++ kvm_feature_msrs->nmsrs = msr_list.nmsrs;
++ ret = kvm_ioctl(s, KVM_GET_MSR_FEATURE_INDEX_LIST, kvm_feature_msrs);
++
++ if (ret < 0) {
++ error_report("Fetch KVM feature MSR list failed: %s",
++ strerror(-ret));
++ g_free(kvm_feature_msrs);
++ kvm_feature_msrs = NULL;
++ return ret;
++ }
++
++ return 0;
++}
++
+ static QLIST_HEAD(, HWPoisonPage) hwpoison_page_list =
+ QLIST_HEAD_INITIALIZER(hwpoison_page_list);
+
+@@ -831,6 +909,8 @@ int kvm_arch_init(KVMState *s)
+ return ret;
+ }
+
++ kvm_get_supported_feature_msrs(s);
++
+ uname(&utsname);
+ lm_capable_kernel = strcmp(utsname.machine, "x86_64") == 0;
+
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-Remove-arch-capabilities-deprecation.patch b/SOURCES/kvm-Remove-arch-capabilities-deprecation.patch
new file mode 100644
index 0000000..8c6febe
--- /dev/null
+++ b/SOURCES/kvm-Remove-arch-capabilities-deprecation.patch
@@ -0,0 +1,60 @@
+From deb80e0563048d3bb02d4c975929ddc8502172d4 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 9 Oct 2019 17:51:48 +0200
+Subject: [PATCH 10/10] Remove arch-capabilities deprecation
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191009175148.1361-11-ehabkost@redhat.com>
+Patchwork-id: 91366
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH 10/10] Remove arch-capabilities deprecation
+Bugzilla: 1730606
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Paul Lai <plai@redhat.com>
+
+[RHEL INTERNAL] Logic to support arch-capabilities now exists.
+Deprecation of arch-facilities is no longer needed.
+
+fixes: arch-facilities deprecation introduced by
+ 59c1aecdd i386: Deprecate arch-facilities and make it block live migration
+
+7.7.z backport notes (ehabkost):
+* Cherry pick from 7.8 tree with no conflicts
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index 35381f0..5aa45ba 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -34,7 +34,6 @@
+ #include "qapi-visit.h"
+ #include "qapi/visitor.h"
+ #include "sysemu/arch_init.h"
+-#include "migration/migration.h"
+
+ #include "hw/hw.h"
+ #if defined(CONFIG_KVM)
+@@ -1802,13 +1801,6 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
+ x86_cpu_def->features[w] = x86_cpu_get_supported_feature_word(w);
+ }
+
+- /*
+- * Features that won't be enabled automatically by "-cpu host" even if
+- * reported by GET_SUPPORTED_CPUID:
+- */
+-
+- /* arch-facilities: deprecated (see comment on x86_cpu_realizefn()) */
+- x86_cpu_def->features[FEAT_7_0_EDX] &= ~CPUID_7_0_EDX_ARCH_CAPABILITIES;
+
+ #endif /* CONFIG_KVM */
+ }
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch b/SOURCES/kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch
new file mode 100644
index 0000000..0e6ea80
--- /dev/null
+++ b/SOURCES/kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch
@@ -0,0 +1,107 @@
+From dd8556fe139be9237694229e55ac3762ec71eca5 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 9 Oct 2019 17:51:46 +0200
+Subject: [PATCH 08/10] kvm: Use KVM_GET_MSR_INDEX_LIST for
+ MSR_IA32_ARCH_CAPABILITIES support
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191009175148.1361-9-ehabkost@redhat.com>
+Patchwork-id: 91363
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH 08/10] kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support
+Bugzilla: 1730606
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Bandan Das <bsd@redhat.com>
+
+When writing to guest's MSR_IA32_ARCH_CAPABILITIES, check whether it's
+supported in the guest using the KVM_GET_MSR_INDEX_LIST ioctl.
+
+7.8 backport conflicts (plai):
+ target/i386/kvm.c changes to target-i386/kvm.c
+
+7.7.z backport notes (ehabkost):
+* Cherry pick from 7.8 tree with no conflicts
+
+Fixes: d86f963694df27f11b3681ffd225c9362de1b634
+Suggested-by: Eduardo Habkost <ehabkost@redhat.com>
+Tested-by: balducci@units.it
+Signed-off-by: Bandan Das <bsd@redhat.com>
+Message-Id: <jpg4lc4iiav.fsf_-_@linux.bootlegged.copy>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit aec5e9c3a94cf8b7920f59bef69a6f426092c4a0)
+Signed-off-by: Paul Lai <plai@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.h | 1 +
+ target-i386/kvm.c | 19 +++++++++++--------
+ 2 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/target-i386/cpu.h b/target-i386/cpu.h
+index 1c62e63..d855ae3 100644
+--- a/target-i386/cpu.h
++++ b/target-i386/cpu.h
+@@ -1066,6 +1066,7 @@ typedef struct CPUX86State {
+
+ uint64_t spec_ctrl;
+ uint64_t virt_ssbd;
++ uint64_t virt_arch_capabs;
+
+ TPRAccess tpr_access_type;
+ } CPUX86State;
+diff --git a/target-i386/kvm.c b/target-i386/kvm.c
+index 180ae56..bc3a514 100644
+--- a/target-i386/kvm.c
++++ b/target-i386/kvm.c
+@@ -80,6 +80,7 @@ static bool has_msr_mtrr;
+ static bool has_msr_xss;
+ static bool has_msr_spec_ctrl;
+ static bool has_msr_virt_ssbd;
++static bool has_msr_arch_capabs;
+
+ static bool has_msr_architectural_pmu;
+ static uint32_t num_architectural_pmu_counters;
+@@ -888,6 +889,10 @@ static int kvm_get_supported_msrs(KVMState *s)
+ has_msr_virt_ssbd = true;
+ continue;
+ }
++ if (kvm_msr_list->indices[i] == MSR_IA32_ARCH_CAPABILITIES) {
++ has_msr_arch_capabs = true;
++ continue;
++ }
+ }
+ }
+
+@@ -1326,14 +1331,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
+ }
+ }
+ /* If host supports feature MSR, write down. */
+- if (kvm_feature_msrs) {
+- int i;
+- for (i = 0; i < kvm_feature_msrs->nmsrs; i++)
+- if (kvm_feature_msrs->indices[i] == MSR_IA32_ARCH_CAPABILITIES) {
+- kvm_msr_entry_set(&msrs[n++], MSR_IA32_ARCH_CAPABILITIES,
+- env->features[FEAT_ARCH_CAPABILITIES]);
+- break;
+- }
++ if (has_msr_arch_capabs) {
++ kvm_msr_entry_set(&msrs[n++], MSR_IA32_ARCH_CAPABILITIES,
++ env->features[FEAT_ARCH_CAPABILITIES]);
+ }
+ /*
+ * The following MSRs have side effects on the guest or are too heavy
+@@ -1925,6 +1925,9 @@ static int kvm_get_msrs(X86CPU *cpu)
+ case MSR_VIRT_SSBD:
+ env->virt_ssbd = msrs[i].data;
+ break;
++ case MSR_IA32_ARCH_CAPABILITIES:
++ env->features[FEAT_ARCH_CAPABILITIES] = msrs[i].data;
++ break;
+ }
+ }
+
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch b/SOURCES/kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch
new file mode 100644
index 0000000..2ee8e0c
--- /dev/null
+++ b/SOURCES/kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch
@@ -0,0 +1,50 @@
+From c0da3c7b7bafe378a953f139397cadc26c3d054b Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 9 Oct 2019 17:51:42 +0200
+Subject: [PATCH 04/10] i386: Add CPUID bit and feature words for
+ IA32_ARCH_CAPABILITIES MSR
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191009175148.1361-5-ehabkost@redhat.com>
+Patchwork-id: 91360
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH 04/10] i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR
+Bugzilla: 1730606
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Robert Hoo <robert.hu@linux.intel.com>
+
+Support of IA32_PRED_CMD MSR already be enumerated by same CPUID bit as
+SPEC_CTRL.
+
+At present, mark CPUID_7_0_EDX_ARCH_CAPABILITIES unmigratable, per Paolo's
+comment.
+
+Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
+Message-Id: <1530781798-183214-3-git-send-email-robert.hu@linux.intel.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit 3fc7c73139d2d38ae80c3b0bc963b1ac1555924c)
+Signed-off-by: Paul Lai <plai@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index 5cfed19..ba2ce8e 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -174,7 +174,7 @@ static const char *cpuid_7_0_edx_feature_name[] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, "spec-ctrl", "stibp",
+- NULL, "arch-facilities", NULL, "ssbd",
++ NULL, "arch-facilities|arch-capabilities", NULL, "ssbd",
+ };
+
+ static const char *cpuid_80000008_ebx_feature_name[] = {
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch b/SOURCES/kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch
new file mode 100644
index 0000000..36bdee4
--- /dev/null
+++ b/SOURCES/kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch
@@ -0,0 +1,51 @@
+From 71b9824a243c47739730c263107b0e49f459db28 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 9 Oct 2019 17:51:41 +0200
+Subject: [PATCH 03/10] i386: Add new MSR indices for IA32_PRED_CMD and
+ IA32_ARCH_CAPABILITIES
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191009175148.1361-4-ehabkost@redhat.com>
+Patchwork-id: 91359
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH 03/10] i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES
+Bugzilla: 1730606
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Robert Hoo <robert.hu@linux.intel.com>
+
+IA32_PRED_CMD MSR gives software a way to issue commands that affect the state
+of indirect branch predictors. Enumerated by CPUID.(EAX=7H,ECX=0):EDX[26].
+IA32_ARCH_CAPABILITIES MSR enumerates architectural features of RDCL_NO and
+IBRS_ALL. Enumerated by CPUID.(EAX=07H, ECX=0):EDX[29].
+
+https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf
+
+Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
+Message-Id: <1530781798-183214-2-git-send-email-robert.hu@linux.intel.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit 8c80c99fcceabd0708a5a83f08577e778c9419f5)
+Signed-off-by: Paul Lai <plai@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/target-i386/cpu.h b/target-i386/cpu.h
+index 5d47ab8..ea5df77 100644
+--- a/target-i386/cpu.h
++++ b/target-i386/cpu.h
+@@ -306,6 +306,8 @@
+ #define MSR_TSC_ADJUST 0x0000003b
+ #define MSR_IA32_SPEC_CTRL 0x48
+ #define MSR_VIRT_SSBD 0xc001011f
++#define MSR_IA32_PRED_CMD 0x49
++#define MSR_IA32_ARCH_CAPABILITIES 0x10a
+ #define MSR_IA32_TSCDEADLINE 0x6e0
+
+ #define MSR_P6_PERFCTR0 0xc1
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch b/SOURCES/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch
new file mode 100644
index 0000000..48179c2
--- /dev/null
+++ b/SOURCES/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch
@@ -0,0 +1,76 @@
+From e9ae571d86a83652aa43f9b866f619709b1feda2 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 9 Oct 2019 17:51:47 +0200
+Subject: [PATCH 09/10] i386: kvm: Disable arch_capabilities if MSR can't be
+ set
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191009175148.1361-10-ehabkost@redhat.com>
+Patchwork-id: 91365
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH 09/10] i386: kvm: Disable arch_capabilities if MSR can't be set
+Bugzilla: 1730606
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+KVM has two bugs in the handling of MSR_IA32_ARCH_CAPABILITIES:
+
+1) Linux commit commit 1eaafe91a0df ("kvm: x86: IA32_ARCH_CAPABILITIES
+ is always supported") makes GET_SUPPORTED_CPUID return
+ arch_capabilities even if running on SVM. This makes "-cpu
+ host,migratable=off" incorrectly expose arch_capabilities on CPUID on
+ AMD hosts (where the MSR is not emulated by KVM).
+
+2) KVM_GET_MSR_INDEX_LIST does not return MSR_IA32_ARCH_CAPABILITIES if
+ the MSR is not supported by the host CPU. This makes QEMU not
+ initialize the MSR properly at kvm_put_msrs() on those hosts.
+
+Work around both bugs on the QEMU side, by checking if the MSR
+was returned by KVM_GET_MSR_INDEX_LIST before returning the
+feature flag on kvm_arch_get_supported_cpuid().
+
+This has the unfortunate side effect of making arch_capabilities
+unavailable on hosts without hardware support for the MSR until bug #2
+is fixed on KVM, but I can't see another way to work around bug #1
+without that side effect.
+
+7.8 backport conflicts (plai):
+ target/i386/kvm.c changes to target-i386/kvm.c
+
+7.7.z backport notes (ehabkost):
+* Cherry pick from 7.8 tree with no conflicts
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Message-Id: <20190125220606.4864-2-ehabkost@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit 485b1d256bcb0874bcde0223727c159b6837e6f8)
+Signed-off-by: Paul Lai <plai@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/kvm.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/target-i386/kvm.c b/target-i386/kvm.c
+index bc3a514..0374b7a 100644
+--- a/target-i386/kvm.c
++++ b/target-i386/kvm.c
+@@ -234,6 +234,15 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
+ if (!kvm_irqchip_in_kernel()) {
+ ret &= ~CPUID_EXT_X2APIC;
+ }
++ } else if (function == 7 && index == 0 && reg == R_EDX) {
++ /*
++ * Linux v4.17-v4.20 incorrectly return ARCH_CAPABILITIES on SVM hosts.
++ * We can detect the bug by checking if MSR_IA32_ARCH_CAPABILITIES is
++ * returned by KVM_GET_MSR_INDEX_LIST.
++ */
++ if (!has_msr_arch_capabs) {
++ ret &= ~CPUID_7_0_EDX_ARCH_CAPABILITIES;
++ }
+ } else if (function == 0x80000001 && reg == R_EDX) {
+ /* On Intel, kvm returns cpuid according to the Intel spec,
+ * so add missing bits according to the AMD spec:
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-target-i386-Export-TAA_NO-bit-to-guests.patch b/SOURCES/kvm-target-i386-Export-TAA_NO-bit-to-guests.patch
new file mode 100644
index 0000000..8e1f05e
--- /dev/null
+++ b/SOURCES/kvm-target-i386-Export-TAA_NO-bit-to-guests.patch
@@ -0,0 +1,48 @@
+From 5b1c740a646c4ecd8c85ac02429f43b84c746a04 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Tue, 3 Dec 2019 23:22:01 +0100
+Subject: [PATCH 1/2] target/i386: Export TAA_NO bit to guests
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191203232202.555105-2-ehabkost@redhat.com>
+Patchwork-id: 92844
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH 1/2] target/i386: Export TAA_NO bit to guests
+Bugzilla: 1771960
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
+
+TSX Async Abort (TAA) is a side channel attack on internal buffers in
+some Intel processors similar to Microachitectural Data Sampling (MDS).
+
+Some future Intel processors will use the ARCH_CAP_TAA_NO bit in the
+IA32_ARCH_CAPABILITIES MSR to report that they are not vulnerable to
+TAA. Make this bit available to guests.
+
+Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit 7fac38635e1cc5ebae34eb6530da1009bd5808e4)
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index 5aa45ba..2de8822 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -201,7 +201,7 @@ static const char *cpuid_xsave_feature_name[] = {
+ static const char *cpuid_arch_capabilities_feature_name[] = {
+ "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
+ "ssb-no", NULL, NULL, NULL,
+- NULL, NULL, NULL, NULL,
++ "taa-no", NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch b/SOURCES/kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch
new file mode 100644
index 0000000..0c66177
--- /dev/null
+++ b/SOURCES/kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch
@@ -0,0 +1,88 @@
+From 2b13f79a51b0106170cd0b5d9996a3a553d8781e Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 9 Oct 2019 17:51:40 +0200
+Subject: [PATCH 02/10] target-i386: Isolate KVM-specific code on CPU feature
+ filtering logic
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191009175148.1361-3-ehabkost@redhat.com>
+Patchwork-id: 91358
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH 02/10] target-i386: Isolate KVM-specific code on CPU feature filtering logic
+Bugzilla: 1730606
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+This will allow us to re-use the feature filtering logic (and the
+check/enforce flag logic) for TCG.
+
+Reviewed-by: Richard Henderson <rth@twiddle.net>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Andreas Färber <afaerber@suse.de>
+(cherry picked from commit 27418adf32b9cd164d464fffc4fc0505d6b2b15d)
+Signed-off-by: Paul Lai <plai@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index c9d7557..5cfed19 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -2367,6 +2367,16 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
+ return cpu_list;
+ }
+
++static uint32_t x86_cpu_get_supported_feature_word(FeatureWord w)
++{
++ FeatureWordInfo *wi = &feature_word_info[w];
++
++ assert(kvm_enabled());
++ return kvm_arch_get_supported_cpuid(kvm_state, wi->cpuid_eax,
++ wi->cpuid_ecx,
++ wi->cpuid_reg);
++}
++
+ /*
+ * Filters CPU feature words based on host availability of each feature.
+ *
+@@ -2374,20 +2384,15 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
+ *
+ * Returns: 0 if all flags are supported by the host, non-zero otherwise.
+ */
+-static int filter_features_for_kvm(X86CPU *cpu)
++static int x86_cpu_filter_features(X86CPU *cpu)
+ {
+ CPUX86State *env = &cpu->env;
+- KVMState *s = kvm_state;
+ FeatureWord w;
+ int rv = 0;
+
+- assert(kvm_enabled());
+-
+ for (w = 0; w < FEATURE_WORDS; w++) {
+ FeatureWordInfo *wi = &feature_word_info[w];
+- uint32_t host_feat = kvm_arch_get_supported_cpuid(s, wi->cpuid_eax,
+- wi->cpuid_ecx,
+- wi->cpuid_reg);
++ uint32_t host_feat = x86_cpu_get_supported_feature_word(w);
+ uint32_t requested_features = env->features[w];
+ env->features[w] &= host_feat;
+ cpu->filtered_features[w] = requested_features & ~env->features[w];
+@@ -3070,7 +3075,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
+ env->features[w] &= feature_word_info[w].tcg_features;
+ }
+ } else {
+- if (filter_features_for_kvm(cpu) && cpu->enforce_cpuid) {
++ if (x86_cpu_filter_features(cpu) && cpu->enforce_cpuid) {
+ error_setg(&local_err,
+ "Host's CPU doesn't support requested features");
+ goto out;
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-target-i386-Merge-feature-filtering-checking-functio.patch b/SOURCES/kvm-target-i386-Merge-feature-filtering-checking-functio.patch
new file mode 100644
index 0000000..89f6b7e
--- /dev/null
+++ b/SOURCES/kvm-target-i386-Merge-feature-filtering-checking-functio.patch
@@ -0,0 +1,189 @@
+From 7e79bb0dc6af82413c9c5b153f18ce91146e0e53 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 9 Oct 2019 17:51:39 +0200
+Subject: [PATCH 01/10] target-i386: Merge feature filtering/checking functions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191009175148.1361-2-ehabkost@redhat.com>
+Patchwork-id: 91357
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH 01/10] target-i386: Merge feature filtering/checking functions
+Bugzilla: 1730606
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+Merge filter_features_for_kvm() and kvm_check_features_against_host().
+
+Both functions made exactly the same calculations, the only difference
+was that filter_features_for_kvm() changed the bits on cpu->features[],
+and kvm_check_features_against_host() did error reporting.
+
+7.8 backport notes (plai):
+* unavailable_host_feature() removed due to lack of references.
+* report_unavailable_features() from 51f63aed3 to make things compile.
+
+7.7.z backport notes (ehabkost):
+* cherry-pick from 7.8 with no conflicts
+
+Reviewed-by: Richard Henderson <rth@twiddle.net>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Andreas Färber <afaerber@suse.de>
+(cherry picked from commit 51f63aed32314479065207ff2fb28255de4dbda4)
+Signed-off-by: Paul Lai <plai@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 91 ++++++++++++++-----------------------------------------
+ 1 file changed, 22 insertions(+), 69 deletions(-)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index c2fcd1e..c9d7557 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -1754,11 +1754,11 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
+ #endif /* CONFIG_KVM */
+ }
+
+-static int unavailable_host_feature(FeatureWordInfo *f, uint32_t mask)
++static void report_unavailable_features(FeatureWordInfo *f, uint32_t mask)
+ {
+ int i;
+
+- for (i = 0; i < 32; ++i)
++ for (i = 0; i < 32; ++i) {
+ if (1 << i & mask) {
+ const char *reg = get_register_name_32(f->cpuid_reg);
+ assert(reg);
+@@ -1767,40 +1767,8 @@ static int unavailable_host_feature(FeatureWordInfo *f, uint32_t mask)
+ f->cpuid_eax, reg,
+ f->feat_names[i] ? "." : "",
+ f->feat_names[i] ? f->feat_names[i] : "", i);
+- break;
+- }
+- return 0;
+-}
+-
+-/* Check if all requested cpu flags are making their way to the guest
+- *
+- * Returns 0 if all flags are supported by the host, non-zero otherwise.
+- *
+- * This function may be called only if KVM is enabled.
+- */
+-static int kvm_check_features_against_host(KVMState *s, X86CPU *cpu)
+-{
+- CPUX86State *env = &cpu->env;
+- int rv = 0;
+- FeatureWord w;
+-
+- assert(kvm_enabled());
+-
+- for (w = 0; w < FEATURE_WORDS; w++) {
+- FeatureWordInfo *wi = &feature_word_info[w];
+- uint32_t guest_feat = env->features[w];
+- uint32_t host_feat = kvm_arch_get_supported_cpuid(s, wi->cpuid_eax,
+- wi->cpuid_ecx,
+- wi->cpuid_reg);
+- uint32_t mask;
+- for (mask = 1; mask; mask <<= 1) {
+- if (guest_feat & mask && !(host_feat & mask)) {
+- unavailable_host_feature(wi, mask);
+- rv = 1;
+- }
+ }
+ }
+- return rv;
+ }
+
+ static void x86_cpuid_version_get_family(Object *obj, Visitor *v, void *opaque,
+@@ -2399,12 +2367,21 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
+ return cpu_list;
+ }
+
+-#ifdef CONFIG_KVM
+-static void filter_features_for_kvm(X86CPU *cpu)
++/*
++ * Filters CPU feature words based on host availability of each feature.
++ *
++ * This function may be called only if KVM is enabled.
++ *
++ * Returns: 0 if all flags are supported by the host, non-zero otherwise.
++ */
++static int filter_features_for_kvm(X86CPU *cpu)
+ {
+ CPUX86State *env = &cpu->env;
+ KVMState *s = kvm_state;
+ FeatureWord w;
++ int rv = 0;
++
++ assert(kvm_enabled());
+
+ for (w = 0; w < FEATURE_WORDS; w++) {
+ FeatureWordInfo *wi = &feature_word_info[w];
+@@ -2414,9 +2391,16 @@ static void filter_features_for_kvm(X86CPU *cpu)
+ uint32_t requested_features = env->features[w];
+ env->features[w] &= host_feat;
+ cpu->filtered_features[w] = requested_features & ~env->features[w];
++ if (cpu->filtered_features[w]) {
++ if (cpu->check_cpuid || cpu->enforce_cpuid) {
++ report_unavailable_features(wi, cpu->filtered_features[w]);
++ }
++ rv = 1;
++ }
+ }
++
++ return rv;
+ }
+-#endif
+
+ static void cpu_x86_register(X86CPU *cpu, const char *name, Error **errp)
+ {
+@@ -3086,42 +3070,11 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
+ env->features[w] &= feature_word_info[w].tcg_features;
+ }
+ } else {
+- KVMState *s = kvm_state;
+- if ((cpu->check_cpuid || cpu->enforce_cpuid)
+- && kvm_check_features_against_host(s, cpu) && cpu->enforce_cpuid) {
++ if (filter_features_for_kvm(cpu) && cpu->enforce_cpuid) {
+ error_setg(&local_err,
+ "Host's CPU doesn't support requested features");
+ goto out;
+ }
+-#ifdef CONFIG_KVM
+- filter_features_for_kvm(cpu);
+-#endif
+- }
+-
+- /*
+- * RHEL-only:
+- *
+- * The arch-facilities feature flag is deprecated because it was never
+- * supported upstream. The upstream property is "arch-capabilities",
+- * but it was not backported to this QEMU version. Note that
+- * arch-capabilities is not required for mitigation of CVE-2017-5715.
+- *
+- * In addition to being deprecated, arch-facilities blocks live migration
+- * because the value of MSR_IA32_ARCH_CAPABILITIES is host-dependent and
+- * not migration-safe.
+- */
+- if (cpu->env.features[FEAT_7_0_EDX] & CPUID_7_0_EDX_ARCH_CAPABILITIES) {
+- static bool warned = false;
+- static Error *arch_facilities_blocker;
+- if (!warned) {
+- error_setg(&arch_facilities_blocker,
+- "The arch-facilities CPU feature is deprecated and "
+- "does not support live migration");
+- migrate_add_blocker(arch_facilities_blocker);
+- error_report("WARNING: the arch-facilities CPU feature is "
+- "deprecated and does not support live migration");
+- warned = true;
+- }
+ }
+
+ #ifndef CONFIG_USER_ONLY
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-target-i386-add-MDS-NO-feature.patch b/SOURCES/kvm-target-i386-add-MDS-NO-feature.patch
new file mode 100644
index 0000000..2e6e266
--- /dev/null
+++ b/SOURCES/kvm-target-i386-add-MDS-NO-feature.patch
@@ -0,0 +1,49 @@
+From c432e7520c4410545d5883f2a5be5dcecbf1854d Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Mon, 6 Jan 2020 13:04:21 +0100
+Subject: [PATCH] target/i386: add MDS-NO feature
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191024031525.7449-1-ehabkost@redhat.com>
+Patchwork-id: 91937
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH] target/i386: add MDS-NO feature
+Bugzilla: 1755333
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+Microarchitectural Data Sampling is a hardware vulnerability which allows
+unprivileged speculative access to data which is available in various CPU
+internal buffers.
+
+Some Intel processors use the ARCH_CAP_MDS_NO bit in the
+IA32_ARCH_CAPABILITIES
+MSR to report that they are not vulnerable, make it available to guests.
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-Id: <20190516185320.28340-1-pbonzini@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit 20140a82c67467f53814ca197403d5e1b561a5e5)
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+---
+ target-i386/cpu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index 48d3aec..63ae76e 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -200,7 +200,7 @@ static const char *cpuid_xsave_feature_name[] = {
+
+ static const char *cpuid_arch_capabilities_feature_name[] = {
+ "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
+- "ssb-no", NULL, NULL, "tsx-ctrl",
++ "ssb-no", "mds-no", NULL, "tsx-ctrl",
+ "taa-no", NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch b/SOURCES/kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch
new file mode 100644
index 0000000..c2af061
--- /dev/null
+++ b/SOURCES/kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch
@@ -0,0 +1,170 @@
+From bd481c114114e2a694ed1e8cb24e3c5d7cc451a3 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Tue, 3 Dec 2019 23:22:02 +0100
+Subject: [PATCH 2/2] target/i386: add support for MSR_IA32_TSX_CTRL
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191203232202.555105-3-ehabkost@redhat.com>
+Patchwork-id: 92845
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH 2/2] target/i386: add support for MSR_IA32_TSX_CTRL
+Bugzilla: 1771960
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+The MSR_IA32_TSX_CTRL MSR can be used to hide TSX (also known as the
+Trusty Side-channel Extension). By virtualizing the MSR, KVM guests
+can disable TSX and avoid paying the price of mitigating TSX-based
+attacks on microarchitectural side channels.
+
+Backport notes:
+* MSR code had to be rewritten
+* .needed is inside VMStateSubsection
+
+Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit 2a9758c51e2c2d13fc3845c3d603c11df98b8823)
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 2 +-
+ target-i386/cpu.h | 5 +++++
+ target-i386/kvm.c | 14 ++++++++++++++
+ target-i386/machine.c | 21 +++++++++++++++++++++
+ 4 files changed, 41 insertions(+), 1 deletion(-)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index 2de8822..48d3aec 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -200,7 +200,7 @@ static const char *cpuid_xsave_feature_name[] = {
+
+ static const char *cpuid_arch_capabilities_feature_name[] = {
+ "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
+- "ssb-no", NULL, NULL, NULL,
++ "ssb-no", NULL, NULL, "tsx-ctrl",
+ "taa-no", NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+diff --git a/target-i386/cpu.h b/target-i386/cpu.h
+index d855ae3..705cd66 100644
+--- a/target-i386/cpu.h
++++ b/target-i386/cpu.h
+@@ -307,7 +307,11 @@
+ #define MSR_IA32_SPEC_CTRL 0x48
+ #define MSR_VIRT_SSBD 0xc001011f
+ #define MSR_IA32_PRED_CMD 0x49
++
+ #define MSR_IA32_ARCH_CAPABILITIES 0x10a
++#define ARCH_CAP_TSX_CTRL_MSR (1<<7)
++
++#define MSR_IA32_TSX_CTRL 0x122
+ #define MSR_IA32_TSCDEADLINE 0x6e0
+
+ #define MSR_P6_PERFCTR0 0xc1
+@@ -1063,6 +1067,7 @@ typedef struct CPUX86State {
+ uint64_t xss;
+
+ uint32_t pkru;
++ uint32_t tsx_ctrl;
+
+ uint64_t spec_ctrl;
+ uint64_t virt_ssbd;
+diff --git a/target-i386/kvm.c b/target-i386/kvm.c
+index 0374b7a..689b37c 100644
+--- a/target-i386/kvm.c
++++ b/target-i386/kvm.c
+@@ -79,6 +79,7 @@ static bool has_msr_hv_tsc;
+ static bool has_msr_mtrr;
+ static bool has_msr_xss;
+ static bool has_msr_spec_ctrl;
++static bool has_msr_tsx_ctrl;
+ static bool has_msr_virt_ssbd;
+ static bool has_msr_arch_capabs;
+
+@@ -894,6 +895,10 @@ static int kvm_get_supported_msrs(KVMState *s)
+ has_msr_spec_ctrl = true;
+ continue;
+ }
++ if (kvm_msr_list->indices[i] == MSR_IA32_TSX_CTRL) {
++ has_msr_tsx_ctrl = true;
++ continue;
++ }
+ if (kvm_msr_list->indices[i] == MSR_VIRT_SSBD) {
+ has_msr_virt_ssbd = true;
+ continue;
+@@ -1316,6 +1321,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
+ if (has_msr_spec_ctrl) {
+ kvm_msr_entry_set(&msrs[n++], MSR_IA32_SPEC_CTRL, env->spec_ctrl);
+ }
++ if (has_msr_tsx_ctrl) {
++ kvm_msr_entry_set(&msrs[n++], MSR_IA32_TSX_CTRL, env->tsx_ctrl);
++ }
+ if (has_msr_virt_ssbd) {
+ kvm_msr_entry_set(&msrs[n++], MSR_VIRT_SSBD, env->virt_ssbd);
+ }
+@@ -1685,6 +1693,9 @@ static int kvm_get_msrs(X86CPU *cpu)
+ if (has_msr_spec_ctrl) {
+ msrs[n++].index = MSR_IA32_SPEC_CTRL;
+ }
++ if (has_msr_tsx_ctrl) {
++ msrs[n++].index = MSR_IA32_TSX_CTRL;
++ }
+ if (has_msr_virt_ssbd) {
+ msrs[n++].index = MSR_VIRT_SSBD;
+ }
+@@ -1931,6 +1942,9 @@ static int kvm_get_msrs(X86CPU *cpu)
+ case MSR_IA32_SPEC_CTRL:
+ env->spec_ctrl = msrs[i].data;
+ break;
++ case MSR_IA32_TSX_CTRL:
++ env->tsx_ctrl = msrs[i].data;
++ break;
+ case MSR_VIRT_SSBD:
+ env->virt_ssbd = msrs[i].data;
+ break;
+diff --git a/target-i386/machine.c b/target-i386/machine.c
+index 507ab1a..266797a 100644
+--- a/target-i386/machine.c
++++ b/target-i386/machine.c
+@@ -778,6 +778,24 @@ static const VMStateDescription vmstate_msr_virt_ssbd = {
+ }
+ };
+
++static bool msr_tsx_ctrl_needed(void *opaque)
++{
++ X86CPU *cpu = opaque;
++ CPUX86State *env = &cpu->env;
++
++ return env->features[FEAT_ARCH_CAPABILITIES] & ARCH_CAP_TSX_CTRL_MSR;
++}
++
++static const VMStateDescription vmstate_msr_tsx_ctrl = {
++ .name = "cpu/msr_tsx_ctrl",
++ .version_id = 1,
++ .minimum_version_id = 1,
++ .fields = (VMStateField[]) {
++ VMSTATE_UINT32(env.tsx_ctrl, X86CPU),
++ VMSTATE_END_OF_LIST()
++ }
++};
++
+ const VMStateDescription vmstate_x86_cpu = {
+ .name = "cpu",
+ .version_id = 12,
+@@ -938,6 +956,9 @@ const VMStateDescription vmstate_x86_cpu = {
+ }, {
+ .vmsd = &vmstate_msr_virt_ssbd,
+ .needed = virt_ssbd_needed,
++ }, {
++ .vmsd = &vmstate_msr_tsx_ctrl,
++ .needed = msr_tsx_ctrl_needed,
+ } , {
+ /* empty */
+ }
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch b/SOURCES/kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch
new file mode 100644
index 0000000..c8ad7fc
--- /dev/null
+++ b/SOURCES/kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch
@@ -0,0 +1,314 @@
+From c238d465b43fa575e2571f54813ca44a8709168d Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 9 Oct 2019 17:51:44 +0200
+Subject: [PATCH 06/10] x86: Data structure changes to support MSR based
+ features
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191009175148.1361-7-ehabkost@redhat.com>
+Patchwork-id: 91364
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH 06/10] x86: Data structure changes to support MSR based features
+Bugzilla: 1730606
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Robert Hoo <robert.hu@linux.intel.com>
+
+Add FeatureWordType indicator in struct FeatureWordInfo.
+Change feature_word_info[] accordingly.
+Change existing functions that refer to feature_word_info[] accordingly.
+
+7.8 backport conflicts (plai):
+ target/i386/cpu.c changes to target-i386/cpu.c
+
+ x86_cpu_get_supported_feature_word() updated @ 07585923485
+ dropped hvf_enabled(), tcg_enabled(), and migratable_only checks
+
+7.7.z backport notes (ehabkost):
+* Cherry pick from 7.8 tree with no conflicts
+
+Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
+Message-Id: <1539578845-37944-3-git-send-email-robert.hu@linux.intel.com>
+[ehabkost: fixed hvf_enabled() case]
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit 07585923485952bf4cb7da563c9f91fecc85d09c)
+Signed-off-by: Paul Lai <plai@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 160 ++++++++++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 118 insertions(+), 42 deletions(-)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index ba2ce8e..7fecd21 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -260,83 +260,120 @@ static const char *cpuid_xsave_feature_name[] = {
+ #define TCG_7_0_EDX_FEATURES 0
+
+
++typedef enum FeatureWordType {
++ CPUID_FEATURE_WORD,
++ MSR_FEATURE_WORD,
++} FeatureWordType;
++
+ typedef struct FeatureWordInfo {
++ FeatureWordType type;
+ const char **feat_names;
+- uint32_t cpuid_eax; /* Input EAX for CPUID */
+- bool cpuid_needs_ecx; /* CPUID instruction uses ECX as input */
+- uint32_t cpuid_ecx; /* Input ECX value for CPUID */
+- int cpuid_reg; /* output register (R_* constant) */
++ union {
++ /* If type==CPUID_FEATURE_WORD */
++ struct {
++ uint32_t eax; /* Input EAX for CPUID */
++ bool needs_ecx; /* CPUID instruction uses ECX as input */
++ uint32_t ecx; /* Input ECX value for CPUID */
++ int reg; /* output register (R_* constant) */
++ } cpuid;
++ /* If type==MSR_FEATURE_WORD */
++ struct {
++ uint32_t index;
++ struct { /*CPUID that enumerate this MSR*/
++ FeatureWord cpuid_class;
++ uint32_t cpuid_flag;
++ } cpuid_dep;
++ } msr;
++ };
+ uint32_t tcg_features; /* Feature flags supported by TCG */
+ } FeatureWordInfo;
+
+ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ [FEAT_1_EDX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = feature_name,
+- .cpuid_eax = 1, .cpuid_reg = R_EDX,
++ .cpuid = {.eax = 1, .reg = R_EDX, },
+ .tcg_features = TCG_FEATURES,
+ },
+ [FEAT_1_ECX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = ext_feature_name,
+- .cpuid_eax = 1, .cpuid_reg = R_ECX,
++ .cpuid = { .eax = 1, .reg = R_ECX, },
+ .tcg_features = TCG_EXT_FEATURES,
+ },
+ [FEAT_8000_0001_EDX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = ext2_feature_name,
+- .cpuid_eax = 0x80000001, .cpuid_reg = R_EDX,
++ .cpuid = { .eax = 0x80000001, .reg = R_EDX, },
+ .tcg_features = TCG_EXT2_FEATURES,
+ },
+ [FEAT_8000_0001_ECX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = ext3_feature_name,
+- .cpuid_eax = 0x80000001, .cpuid_reg = R_ECX,
++ .cpuid = { .eax = 0x80000001, .reg = R_ECX, },
+ .tcg_features = TCG_EXT3_FEATURES,
+ },
+ [FEAT_C000_0001_EDX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = ext4_feature_name,
+- .cpuid_eax = 0xC0000001, .cpuid_reg = R_EDX,
++ .cpuid = { .eax = 0x80000001, .reg = R_EDX, },
+ .tcg_features = TCG_EXT4_FEATURES,
+ },
+ [FEAT_KVM] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = kvm_feature_name,
+- .cpuid_eax = KVM_CPUID_FEATURES, .cpuid_reg = R_EAX,
++ .cpuid = { .eax = KVM_CPUID_FEATURES, .reg = R_EAX, },
+ .tcg_features = TCG_KVM_FEATURES,
+ },
+ [FEAT_SVM] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = svm_feature_name,
+- .cpuid_eax = 0x8000000A, .cpuid_reg = R_EDX,
++ .cpuid = { .eax = 0x8000000A, .reg = R_EDX, },
+ .tcg_features = TCG_SVM_FEATURES,
+ },
+ [FEAT_7_0_EBX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = cpuid_7_0_ebx_feature_name,
+- .cpuid_eax = 7,
+- .cpuid_needs_ecx = true, .cpuid_ecx = 0,
+- .cpuid_reg = R_EBX,
++ .cpuid = {
++ .eax = 7,
++ .needs_ecx = true, .ecx = 0,
++ .reg = R_EBX,
++ },
+ .tcg_features = TCG_7_0_EBX_FEATURES,
+ },
+ [FEAT_7_0_ECX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = cpuid_7_0_ecx_feature_name,
+- .cpuid_eax = 7,
+- .cpuid_needs_ecx = true, .cpuid_ecx = 0,
+- .cpuid_reg = R_ECX,
++ .cpuid = {
++ .eax = 7,
++ .needs_ecx = true, .ecx = 0,
++ .reg = R_ECX,
++ },
+ .tcg_features = TCG_7_0_ECX_FEATURES,
+ },
+ [FEAT_7_0_EDX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = cpuid_7_0_edx_feature_name,
+- .cpuid_eax = 7,
+- .cpuid_needs_ecx = true, .cpuid_ecx = 0,
+- .cpuid_reg = R_EDX,
++ .cpuid = {
++ .eax = 7,
++ .needs_ecx = true, .ecx = 0,
++ .reg = R_EDX,
++ },
+ .tcg_features = TCG_7_0_EDX_FEATURES,
+ },
+ [FEAT_8000_0008_EBX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = cpuid_80000008_ebx_feature_name,
+- .cpuid_eax = 0x80000008,
+- .cpuid_needs_ecx = false, .cpuid_ecx = 0,
+- .cpuid_reg = R_EBX,
++ .cpuid = { .eax = 0x80000008, .reg = R_EBX, },
+ },
+ [FEAT_XSAVE] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = cpuid_xsave_feature_name,
+- .cpuid_eax = 0xd,
+- .cpuid_needs_ecx = true, .cpuid_ecx = 1,
+- .cpuid_reg = R_EAX,
++ .cpuid = {
++ .eax = 0xd,
++ .needs_ecx = true, .ecx = 1,
++ .reg = R_EAX,
++ },
+ },
+ };
+
+@@ -366,6 +403,8 @@ typedef struct ExtSaveArea {
+ uint32_t offset, size;
+ } ExtSaveArea;
+
++static uint32_t x86_cpu_get_supported_feature_word(FeatureWord w);
++
+ static const ExtSaveArea ext_save_areas[] = {
+ [2] = { .feature = FEAT_1_ECX, .bits = CPUID_EXT_AVX,
+ .offset = 0x240, .size = 0x100 },
+@@ -1737,10 +1776,7 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
+
+ FeatureWord w;
+ for (w = 0; w < FEATURE_WORDS; w++) {
+- FeatureWordInfo *wi = &feature_word_info[w];
+- x86_cpu_def->features[w] =
+- kvm_arch_get_supported_cpuid(s, wi->cpuid_eax, wi->cpuid_ecx,
+- wi->cpuid_reg);
++ x86_cpu_def->features[w] = x86_cpu_get_supported_feature_word(w);
+ }
+
+ /*
+@@ -1754,19 +1790,40 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
+ #endif /* CONFIG_KVM */
+ }
+
++static char *feature_word_description(FeatureWordInfo *f, uint32_t bit)
++{
++ assert(f->type == CPUID_FEATURE_WORD || f->type == MSR_FEATURE_WORD);
++
++ switch (f->type) {
++ case CPUID_FEATURE_WORD:
++ {
++ const char *reg = get_register_name_32(f->cpuid.reg);
++ assert(reg);
++ return g_strdup_printf("CPUID.%02XH:%s",
++ f->cpuid.eax, reg);
++ }
++ case MSR_FEATURE_WORD:
++ return g_strdup_printf("MSR(%02XH)",
++ f->msr.index);
++ }
++
++ return NULL;
++}
++
+ static void report_unavailable_features(FeatureWordInfo *f, uint32_t mask)
+ {
+ int i;
++ char *feat_word_str;
+
+ for (i = 0; i < 32; ++i) {
+ if (1 << i & mask) {
+- const char *reg = get_register_name_32(f->cpuid_reg);
+- assert(reg);
++ feat_word_str = feature_word_description(f, i);
+ fprintf(stderr, "warning: host doesn't support requested feature: "
+- "CPUID.%02XH:%s%s%s [bit %d]\n",
+- f->cpuid_eax, reg,
++ "%s%s%s [bit %d]\n",
++ feat_word_str,
+ f->feat_names[i] ? "." : "",
+ f->feat_names[i] ? f->feat_names[i] : "", i);
++ g_free(feat_word_str);
+ }
+ }
+ }
+@@ -2075,11 +2132,18 @@ static void x86_cpu_get_feature_words(Object *obj, Visitor *v, void *opaque,
+
+ for (w = 0; w < FEATURE_WORDS; w++) {
+ FeatureWordInfo *wi = &feature_word_info[w];
++ /*
++ * We didn't have MSR features when "feature-words" was
++ * introduced. Therefore skipped other type entries.
++ */
++ if (wi->type != CPUID_FEATURE_WORD) {
++ continue;
++ }
+ X86CPUFeatureWordInfo *qwi = &word_infos[w];
+- qwi->cpuid_input_eax = wi->cpuid_eax;
+- qwi->has_cpuid_input_ecx = wi->cpuid_needs_ecx;
+- qwi->cpuid_input_ecx = wi->cpuid_ecx;
+- qwi->cpuid_register = x86_reg_info_32[wi->cpuid_reg].qapi_enum;
++ qwi->cpuid_input_eax = wi->cpuid.eax;
++ qwi->has_cpuid_input_ecx = wi->cpuid.needs_ecx;
++ qwi->cpuid_input_ecx = wi->cpuid.ecx;
++ qwi->cpuid_register = x86_reg_info_32[wi->cpuid.reg].qapi_enum;
+ qwi->features = array[w];
+
+ /* List will be in reverse order, but order shouldn't matter */
+@@ -2370,11 +2434,23 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
+ static uint32_t x86_cpu_get_supported_feature_word(FeatureWord w)
+ {
+ FeatureWordInfo *wi = &feature_word_info[w];
++ uint32_t r = 0;
+
+- assert(kvm_enabled());
+- return kvm_arch_get_supported_cpuid(kvm_state, wi->cpuid_eax,
+- wi->cpuid_ecx,
+- wi->cpuid_reg);
++ if (kvm_enabled()) {
++ switch (wi->type) {
++ case CPUID_FEATURE_WORD:
++ r = kvm_arch_get_supported_cpuid(kvm_state, wi->cpuid.eax,
++ wi->cpuid.ecx,
++ wi->cpuid.reg);
++ break;
++ case MSR_FEATURE_WORD:
++ r = kvm_arch_get_supported_msr_feature(kvm_state, wi->msr.index);
++ break;
++ }
++ } else {
++ return ~0;
++ }
++ return r;
+ }
+
+ /*
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch b/SOURCES/kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch
new file mode 100644
index 0000000..7cd7905
--- /dev/null
+++ b/SOURCES/kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch
@@ -0,0 +1,135 @@
+From 44f5e2649ee37f15607c516c8f9efc58aad708bb Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 9 Oct 2019 17:51:45 +0200
+Subject: [PATCH 07/10] x86: define a new MSR based feature word --
+ FEATURE_WORDS_ARCH_CAPABILITIES
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191009175148.1361-8-ehabkost@redhat.com>
+Patchwork-id: 91362
+O-Subject: [RHEL-7.7.z qemu-kvm PATCH 07/10] x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH_CAPABILITIES
+Bugzilla: 1730606
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Robert Hoo <robert.hu@linux.intel.com>
+
+Note RSBA is specially treated -- no matter host support it or not, qemu
+pretends it is supported.
+
+7.8 backport conflicts (plai):
+ target/i386/cpu.c
+ target/i386/cpu.h
+ target/i386/kvm.c
+
+7.7.z backport notes (ehabkost):
+* Cherry picked from 7.8 tree with no conflicts
+
+Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
+Message-Id: <1539578845-37944-4-git-send-email-robert.hu@linux.intel.com>
+[ehabkost: removed automatic enabling of RSBA]
+Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit d86f963694df27f11b3681ffd225c9362de1b634)
+Signed-off-by: Paul Lai <plai@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 23 +++++++++++++++++++++++
+ target-i386/cpu.h | 8 ++++++++
+ target-i386/kvm.c | 10 ++++++++++
+ 3 files changed, 41 insertions(+)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index 7fecd21..35381f0 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -199,6 +199,17 @@ static const char *cpuid_xsave_feature_name[] = {
+ NULL, NULL, NULL, NULL,
+ };
+
++static const char *cpuid_arch_capabilities_feature_name[] = {
++ "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
++ "ssb-no", NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++};
++
+ #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
+ #define PENTIUM_FEATURES (I486_FEATURES | CPUID_DE | CPUID_TSC | \
+ CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_MMX | CPUID_APIC)
+@@ -375,6 +386,18 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ .reg = R_EAX,
+ },
+ },
++ /*Below are MSR exposed features*/
++ [FEAT_ARCH_CAPABILITIES] = {
++ .type = MSR_FEATURE_WORD,
++ .feat_names = cpuid_arch_capabilities_feature_name,
++ .msr = {
++ .index = MSR_IA32_ARCH_CAPABILITIES,
++ .cpuid_dep = {
++ FEAT_7_0_EDX,
++ CPUID_7_0_EDX_ARCH_CAPABILITIES
++ }
++ },
++ },
+ };
+
+ typedef struct X86RegisterInfo32 {
+diff --git a/target-i386/cpu.h b/target-i386/cpu.h
+index ea5df77..1c62e63 100644
+--- a/target-i386/cpu.h
++++ b/target-i386/cpu.h
+@@ -415,6 +415,7 @@ typedef enum FeatureWord {
+ FEAT_KVM, /* CPUID[4000_0001].EAX (KVM_CPUID_FEATURES) */
+ FEAT_SVM, /* CPUID[8000_000A].EDX */
+ FEAT_XSAVE, /* CPUID[EAX=0xd,ECX=1].EAX */
++ FEAT_ARCH_CAPABILITIES,
+ FEATURE_WORDS,
+ } FeatureWord;
+
+@@ -632,6 +633,13 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
+ #define CPUID_MWAIT_IBE (1U << 1) /* Interrupts can exit capability */
+ #define CPUID_MWAIT_EMX (1U << 0) /* enumeration supported */
+
++/* MSR Feature Bits */
++#define MSR_ARCH_CAP_RDCL_NO (1U << 0)
++#define MSR_ARCH_CAP_IBRS_ALL (1U << 1)
++#define MSR_ARCH_CAP_RSBA (1U << 2)
++#define MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY (1U << 3)
++#define MSR_ARCH_CAP_SSB_NO (1U << 4)
++
+ #ifndef HYPERV_SPINLOCK_NEVER_RETRY
+ #define HYPERV_SPINLOCK_NEVER_RETRY 0xFFFFFFFF
+ #endif
+diff --git a/target-i386/kvm.c b/target-i386/kvm.c
+index 2b1d7da..180ae56 100644
+--- a/target-i386/kvm.c
++++ b/target-i386/kvm.c
+@@ -1325,6 +1325,16 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
+ kvm_msr_entry_set(&msrs[n++], MSR_IA32_TSC, env->tsc);
+ }
+ }
++ /* If host supports feature MSR, write down. */
++ if (kvm_feature_msrs) {
++ int i;
++ for (i = 0; i < kvm_feature_msrs->nmsrs; i++)
++ if (kvm_feature_msrs->indices[i] == MSR_IA32_ARCH_CAPABILITIES) {
++ kvm_msr_entry_set(&msrs[n++], MSR_IA32_ARCH_CAPABILITIES,
++ env->features[FEAT_ARCH_CAPABILITIES]);
++ break;
++ }
++ }
+ /*
+ * The following MSRs have side effects on the guest or are too heavy
+ * for normal writeback. Limit them to reset or full state updates.
+--
+1.8.3.1
+
diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec
index 9c254b2..ed6cd10 100644
--- a/SPECS/qemu-kvm.spec
+++ b/SPECS/qemu-kvm.spec
@@ -14,7 +14,7 @@
%global have_usbredir 0
%endif
-%ifnarch s390 s390x %{arm}
+%ifnarch s390 s390x
%global have_librdma 1
%global have_tcmalloc 1
%endif
@@ -41,9 +41,6 @@
%ifarch aarch64
%global kvm_target aarch64
%endif
-%ifarch %{arm}
- %global kvm_target arm
-%endif
#Versions of various parts:
@@ -79,13 +76,13 @@ Obsoletes: %1 < %{obsoletes_version} \
Summary: QEMU is a machine emulator and virtualizer
Name: %{pkgname}%{?pkgsuffix}
Version: 1.5.3
-Release: 167%{?dist}.1
+Release: 167%{?dist}.4
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
Epoch: 10
License: GPLv2 and GPLv2+ and CC-BY
Group: Development/Tools
URL: http://www.qemu.org/
-ExclusiveArch: x86_64 %{arm}
+ExclusiveArch: x86_64
Requires: seabios-bin >= 1.7.2.2-5
Requires: sgabios-bin
Requires: seavgabios-bin
@@ -3976,6 +3973,32 @@ Patch1957: kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch
Patch1958: kvm-qxl-check-release-info-object.patch
# For bz#1734748 - CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.7.z]
Patch1959: kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch
+# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
+Patch1960: kvm-target-i386-Merge-feature-filtering-checking-functio.patch
+# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
+Patch1961: kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch
+# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
+Patch1962: kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch
+# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
+Patch1963: kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch
+# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
+Patch1964: kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch
+# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
+Patch1965: kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch
+# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
+Patch1966: kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch
+# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
+Patch1967: kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch
+# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
+Patch1968: kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch
+# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
+Patch1969: kvm-Remove-arch-capabilities-deprecation.patch
+# For bz#1771960 - CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z]
+Patch1970: kvm-target-i386-Export-TAA_NO-bit-to-guests.patch
+# For bz#1771960 - CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z]
+Patch1971: kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch
+# For bz#1755333 - [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm [rhel-7.7.z]
+Patch1972: kvm-target-i386-add-MDS-NO-feature.patch
BuildRequires: zlib-devel
@@ -6113,6 +6136,19 @@ tar -xf %{SOURCE21}
%patch1957 -p1
%patch1958 -p1
%patch1959 -p1
+%patch1960 -p1
+%patch1961 -p1
+%patch1962 -p1
+%patch1963 -p1
+%patch1964 -p1
+%patch1965 -p1
+%patch1966 -p1
+%patch1967 -p1
+%patch1968 -p1
+%patch1969 -p1
+%patch1970 -p1
+%patch1971 -p1
+%patch1972 -p1
%build
buildarch="%{kvm_target}-softmmu"
@@ -6558,6 +6594,31 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%{_mandir}/man8/qemu-nbd.8*
%changelog
+* Mon Jan 06 2020 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-167.el7_7.4
+- kvm-target-i386-add-MDS-NO-feature.patch [bz#1755333]
+- Resolves: bz#1755333
+ ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm [rhel-7.7.z])
+
+* Tue Dec 10 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-167.el7_7.3
+- kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771960]
+- kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771960]
+- Resolves: bz#1771960
+ (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z])
+
+* Thu Oct 24 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-167.el7_7.2
+- kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1730606]
+- kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1730606]
+- kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1730606]
+- kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1730606]
+- kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1730606]
+- kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1730606]
+- kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1730606]
+- kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1730606]
+- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1730606]
+- kvm-Remove-arch-capabilities-deprecation.patch [bz#1730606]
+- Resolves: bz#1730606
+ ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z])
+
* Mon Aug 12 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-167.el7_7.1
- kvm-qxl-check-release-info-object.patch [bz#1732337]
- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734748]