diff options
Diffstat (limited to 'system/qemu/patches/0001-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch')
-rw-r--r-- | system/qemu/patches/0001-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/system/qemu/patches/0001-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch b/system/qemu/patches/0001-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch new file mode 100644 index 0000000000..00cad34a6f --- /dev/null +++ b/system/qemu/patches/0001-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch @@ -0,0 +1,51 @@ +From 7920d78dc80e7206e07f2a35f942e9f33174d251 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com> +Date: Mon, 21 May 2018 22:54:22 +0100 +Subject: [PATCH 1/3] i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +New microcode introduces the "Speculative Store Bypass Disable" +CPUID feature bit. This needs to be exposed to guest OS to allow +them to protect against CVE-2018-3639. + +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> +Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> +Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> +Message-Id: <20180521215424.13520-2-berrange@redhat.com> +Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> +(cherry picked from commit d19d1f965904a533998739698020ff4ee8a103da) +--- + target/i386/cpu.c | 2 +- + target/i386/cpu.h | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index a20fe26573..2f5263e22f 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -510,7 +510,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, "spec-ctrl", NULL, +- NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, "ssbd", + }, + .cpuid_eax = 7, + .cpuid_needs_ecx = true, .cpuid_ecx = 0, +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 1b219fafc4..970ab96e54 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -684,6 +684,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */ + #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */ + #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */ ++#define CPUID_7_0_EDX_SPEC_CTRL_SSBD (1U << 31) /* Speculative Store Bypass Disable */ + + #define KVM_HINTS_DEDICATED (1U << 0) + +-- +2.17.0 + |