From 6fff75c304d9403ac7c36c436ddf53497f6417ef Mon Sep 17 00:00:00 2001

Message-Id: <6fff75c304d9403ac7c36c436ddf53497f6417ef@dist-git>

From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>

Date: Mon, 21 May 2018 23:05:08 +0100

Subject: [PATCH] cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Some AMD processors only support a non-architectural means of

enabling Speculative Store Bypass Disable. To allow simplified

handling in virtual environments, hypervisors will expose an

architectural definition through CPUID bit 0x80000008_EBX[25].

This needs to be exposed to guest OS running on AMD x86 hosts to

allow them to protect against CVE-2018-3639.

Note that since this CPUID bit won't be present in the host CPUID

results on physical hosts, it will not be enabled automatically

in guests configured with "host-model" CPU unless using QEMU

version >= 2.9.0. Thus for older versions of QEMU, this feature

must be manually enabled using policy=force. Guests using the

"host-passthrough" CPU mode do not need special handling.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

(cherry picked from commit 9267342206ce17f6933d57a3128cdc504d5945c9)

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

Reviewed-by: Erik Skultety <eskultet@redhat.com>

---

 src/cpu/cpu_map.xml | 3 +++

 1 file changed, 3 insertions(+)

diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml

index cee3541d24..e0c39bb690 100644

--- a/src/cpu/cpu_map.xml

+++ b/src/cpu/cpu_map.xml

@@ -436,6 +436,9 @@

     <feature name='ibpb'>

       <cpuid eax_in='0x80000008' ebx='0x00001000'/>

     </feature>

+    <feature name='virt-ssbd'>

+      <cpuid eax_in='0x80000008' ebx='0x02000000'/>

+    </feature>

     <model name='486'>

-- 

2.17.1