External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 03:25:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)

Browse Source 
Some AMD processors only support a non-architectural means of
enabling Speculative Store Bypass Disable. To allow simplified
handling in virtual environments, hypervisors will expose an
architectural definition through CPUID bit 0x80000008_EBX[25].
This needs to be exposed to guest OS running on AMD x86 hosts to
allow them to protect against CVE-2018-3639.

Note that since this CPUID bit won't be present in the host CPUID
results on physical hosts, it will not be enabled automatically
in guests configured with "host-model" CPU unless using QEMU
version >= 2.9.0. Thus for older versions of QEMU, this feature
must be manually enabled using policy=force. Guests using the
"host-passthrough" CPU mode do not need special handling.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 9267342206)
This commit is contained in:
Daniel P. Berrangé 2018-05-21 23:05:08 +01:00
parent 519a6adb13
commit 40cf57b55f
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/cpu/cpu_map.xml
View File

@ -433,6 +433,9 @@
<feature name='ibpb'> <feature name='ibpb'>
<cpuid eax_in='0x80000008' ebx='0x00001000'/> <cpuid eax_in='0x80000008' ebx='0x00001000'/>
</feature> </feature>
<feature name='virt-ssbd'>
<cpuid eax_in='0x80000008' ebx='0x02000000'/>
</feature>
<!-- models --> <!-- models -->
<model name='486'> <model name='486'>