mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
Some AMD processors only support a non-architectural means of enabling Speculative Store Bypass Disable. To allow simplified handling in virtual environments, hypervisors will expose an architectural definition through CPUID bit 0x80000008_EBX[25]. This needs to be exposed to guest OS running on AMD x86 hosts to allow them to protect against CVE-2018-3639. Note that since this CPUID bit won't be present in the host CPUID results on physical hosts, it will not be enabled automatically in guests configured with "host-model" CPU unless using QEMU version >= 2.9.0. Thus for older versions of QEMU, this feature must be manually enabled using policy=force. Guests using the "host-passthrough" CPU mode do not need special handling. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
This commit is contained in:
parent
1dbca2ecca
commit
9267342206
@ -433,6 +433,9 @@
|
||||
<feature name='ibpb'>
|
||||
<cpuid eax_in='0x80000008' ebx='0x00001000'/>
|
||||
</feature>
|
||||
<feature name='virt-ssbd'>
|
||||
<cpuid eax_in='0x80000008' ebx='0x02000000'/>
|
||||
</feature>
|
||||
|
||||
<!-- models -->
|
||||
<model name='486'>
|
||||
|
Loading…
Reference in New Issue
Block a user