Add new CPU features for speculative store bypass (CVE-2018-3639)
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé
parent
f6736a34a2
commit
398721ffd4
|
|
@ -0,0 +1,36 @@
|
|||
From 519a6adb135959709fefbe30b7f40de436dd2f16 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Mon, 21 May 2018 23:05:07 +0100
|
||||
Subject: [PATCH 1/2] cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
New microcode introduces the "Speculative Store Bypass Disable"
|
||||
CPUID feature bit. This needs to be exposed to guest OS to allow
|
||||
them to protect against CVE-2018-3639.
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
|
||||
(cherry picked from commit 1dbca2eccad58d91a5fd33962854f1a653638182)
|
||||
---
|
||||
src/cpu/cpu_map.xml | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
|
||||
index 00a43b172c..245aec3309 100644
|
||||
--- a/src/cpu/cpu_map.xml
|
||||
+++ b/src/cpu/cpu_map.xml
|
||||
@@ -298,6 +298,9 @@
|
||||
<feature name='spec-ctrl'>
|
||||
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
|
||||
</feature>
|
||||
+ <feature name='ssbd'>
|
||||
+ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x80000000'/>
|
||||
+ </feature>
|
||||
|
||||
<!-- Processor Extended State Enumeration sub leaf 1 -->
|
||||
<feature name='xsaveopt'>
|
||||
--
|
||||
2.17.0
|
||||
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
From 40cf57b55f3af94163d7ef3d50aec6c5c79c139d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Mon, 21 May 2018 23:05:08 +0100
|
||||
Subject: [PATCH 2/2] cpu: define the 'virt-ssbd' CPUID feature bit
|
||||
(CVE-2018-3639)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Some AMD processors only support a non-architectural means of
|
||||
enabling Speculative Store Bypass Disable. To allow simplified
|
||||
handling in virtual environments, hypervisors will expose an
|
||||
architectural definition through CPUID bit 0x80000008_EBX[25].
|
||||
This needs to be exposed to guest OS running on AMD x86 hosts to
|
||||
allow them to protect against CVE-2018-3639.
|
||||
|
||||
Note that since this CPUID bit won't be present in the host CPUID
|
||||
results on physical hosts, it will not be enabled automatically
|
||||
in guests configured with "host-model" CPU unless using QEMU
|
||||
version >= 2.9.0. Thus for older versions of QEMU, this feature
|
||||
must be manually enabled using policy=force. Guests using the
|
||||
"host-passthrough" CPU mode do not need special handling.
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
|
||||
(cherry picked from commit 9267342206ce17f6933d57a3128cdc504d5945c9)
|
||||
---
|
||||
src/cpu/cpu_map.xml | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
|
||||
index 245aec3309..96daa0f9af 100644
|
||||
--- a/src/cpu/cpu_map.xml
|
||||
+++ b/src/cpu/cpu_map.xml
|
||||
@@ -433,6 +433,9 @@
|
||||
<feature name='ibpb'>
|
||||
<cpuid eax_in='0x80000008' ebx='0x00001000'/>
|
||||
</feature>
|
||||
+ <feature name='virt-ssbd'>
|
||||
+ <cpuid eax_in='0x80000008' ebx='0x02000000'/>
|
||||
+ </feature>
|
||||
|
||||
<!-- models -->
|
||||
<model name='486'>
|
||||
--
|
||||
2.17.0
|
||||
|
||||
|
|
@ -247,7 +247,7 @@
|
|||
Summary: Library providing a simple virtualization API
|
||||
Name: libvirt
|
||||
Version: 4.1.0
|
||||
Release: 2%{?dist}%{?extra_release}
|
||||
Release: 3%{?dist}%{?extra_release}
|
||||
License: LGPLv2+
|
||||
Group: Development/Libraries
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
|
|
@ -258,6 +258,8 @@ URL: https://libvirt.org/
|
|||
%endif
|
||||
Source: https://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.xz
|
||||
Patch1: 0001-tests-force-use-of-NORMAL-TLS-priority-in-test-suite.patch
|
||||
Patch2: 0001-cpu-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch
|
||||
Patch3: 0002-cpu-define-the-virt-ssbd-CPUID-feature-bit-CVE-2018-.patch
|
||||
|
||||
Requires: libvirt-daemon = %{version}-%{release}
|
||||
Requires: libvirt-daemon-config-network = %{version}-%{release}
|
||||
|
|
@ -2192,6 +2194,9 @@ exit 0
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Jun 18 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.1.0-3
|
||||
- Add new CPU features for speculative store bypass (CVE-2018-3639)
|
||||
|
||||
* Wed Mar 21 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.1.0-2
|
||||
- Fix systemd macro argument with line continuations (rhbz#1558648)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue