mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
cpu_map: Define md-clear CPUID bit
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 The bit is set when microcode provides the mechanism to invoke a flush of various exploitable CPU buffers by invoking the VERW instruction. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
5cd9db3ac1
commit
538d873571
@ -320,6 +320,9 @@
|
|||||||
<feature name='avx512-4fmaps'>
|
<feature name='avx512-4fmaps'>
|
||||||
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
|
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
|
||||||
</feature>
|
</feature>
|
||||||
|
<feature name='md-clear'> <!-- md_clear -->
|
||||||
|
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
|
||||||
|
</feature>
|
||||||
<feature name='pconfig'>
|
<feature name='pconfig'>
|
||||||
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/>
|
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/>
|
||||||
</feature>
|
</feature>
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
<cpudata arch='x86'>
|
<cpudata arch='x86'>
|
||||||
<cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
|
<cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
|
||||||
<cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
|
<cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
|
||||||
<cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
|
<cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>
|
||||||
<cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
|
<cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
|
||||||
<cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
|
<cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
|
||||||
</cpudata>
|
</cpudata>
|
||||||
|
@ -20,6 +20,7 @@
|
|||||||
<feature policy='require' name='tsc_adjust'/>
|
<feature policy='require' name='tsc_adjust'/>
|
||||||
<feature policy='require' name='clflushopt'/>
|
<feature policy='require' name='clflushopt'/>
|
||||||
<feature policy='require' name='intel-pt'/>
|
<feature policy='require' name='intel-pt'/>
|
||||||
|
<feature policy='require' name='md-clear'/>
|
||||||
<feature policy='require' name='stibp'/>
|
<feature policy='require' name='stibp'/>
|
||||||
<feature policy='require' name='ssbd'/>
|
<feature policy='require' name='ssbd'/>
|
||||||
<feature policy='require' name='xsaves'/>
|
<feature policy='require' name='xsaves'/>
|
||||||
|
@ -21,6 +21,7 @@
|
|||||||
<feature name='tsc_adjust'/>
|
<feature name='tsc_adjust'/>
|
||||||
<feature name='clflushopt'/>
|
<feature name='clflushopt'/>
|
||||||
<feature name='intel-pt'/>
|
<feature name='intel-pt'/>
|
||||||
|
<feature name='md-clear'/>
|
||||||
<feature name='stibp'/>
|
<feature name='stibp'/>
|
||||||
<feature name='ssbd'/>
|
<feature name='ssbd'/>
|
||||||
<feature name='xsaves'/>
|
<feature name='xsaves'/>
|
||||||
|
@ -5,6 +5,7 @@
|
|||||||
<feature policy='require' name='hypervisor'/>
|
<feature policy='require' name='hypervisor'/>
|
||||||
<feature policy='require' name='tsc_adjust'/>
|
<feature policy='require' name='tsc_adjust'/>
|
||||||
<feature policy='require' name='clflushopt'/>
|
<feature policy='require' name='clflushopt'/>
|
||||||
|
<feature policy='require' name='md-clear'/>
|
||||||
<feature policy='require' name='stibp'/>
|
<feature policy='require' name='stibp'/>
|
||||||
<feature policy='require' name='ssbd'/>
|
<feature policy='require' name='ssbd'/>
|
||||||
<feature policy='require' name='pdpe1gb'/>
|
<feature policy='require' name='pdpe1gb'/>
|
||||||
|
@ -23,6 +23,7 @@
|
|||||||
<feature policy='require' name='intel-pt'/>
|
<feature policy='require' name='intel-pt'/>
|
||||||
<feature policy='require' name='pku'/>
|
<feature policy='require' name='pku'/>
|
||||||
<feature policy='require' name='ospke'/>
|
<feature policy='require' name='ospke'/>
|
||||||
|
<feature policy='require' name='md-clear'/>
|
||||||
<feature policy='require' name='stibp'/>
|
<feature policy='require' name='stibp'/>
|
||||||
<feature policy='require' name='arch-capabilities'/>
|
<feature policy='require' name='arch-capabilities'/>
|
||||||
<feature policy='require' name='xsaves'/>
|
<feature policy='require' name='xsaves'/>
|
||||||
|
@ -24,6 +24,7 @@
|
|||||||
<feature name='intel-pt'/>
|
<feature name='intel-pt'/>
|
||||||
<feature name='pku'/>
|
<feature name='pku'/>
|
||||||
<feature name='ospke'/>
|
<feature name='ospke'/>
|
||||||
|
<feature name='md-clear'/>
|
||||||
<feature name='stibp'/>
|
<feature name='stibp'/>
|
||||||
<feature name='arch-capabilities'/>
|
<feature name='arch-capabilities'/>
|
||||||
<feature name='xsaves'/>
|
<feature name='xsaves'/>
|
||||||
|
Loading…
Reference in New Issue
Block a user