[PATCH 2/2] cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Some AMD processors only support a non-architectural means of
enabling Speculative Store Bypass Disable. To allow simplified
handling in virtual environments, hypervisors will expose an
architectural definition through CPUID bit 0x80000008_EBX[25].
This needs to be exposed to guest OS running on AMD x86 hosts to
allow them to protect against CVE-2018-3639.

Note that since this CPUID bit won't be present in the host CPUID
results on physical hosts, it will not be enabled automatically
in guests configured with "host-model" CPU unless using QEMU
version >= 2.9.0. Thus for older versions of QEMU, this feature
must be manually enabled using policy=force. Guests using the
"host-passthrough" CPU mode do not need special handling.

Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
 src/cpu/cpu_map.xml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
index 245aec3309..96daa0f9af 100644
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.xml
@@ -433,6 +433,9 @@
     <feature name='ibpb'>
       <cpuid eax_in='0x80000008' ebx='0x00001000'/>
     </feature>
+    <feature name='virt-ssbd'>
+      <cpuid eax_in='0x80000008' ebx='0x02000000'/>
+    </feature>
 
     <!-- models -->
     <model name='486'>
-- 
2.17.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux