cpu: add 'amd-ssbd' and 'amd-no-ssb' CPU features (CVE-2018-3639)

AMD x86 CPUs have two separate ways to mitigate the Speculative Store Bypass hardware flaw. In current processors only non-architectural MSRs are available, and so hypervisors must expose a virtualized MSR and CPU flag "virt-ssbd" (CPUID Function 8000_0008, EBX[25]=1). In future processors AMD will provide an architectural MSR, indicated by existance of the CPUID Function 8000_0008, EBX[24]=1, to which QEMU has given the name "amd-ssbd". The "amd-ssbd" flag should be used in preference to "virt-ssbd", if it is available, since it provides improved performance. For virtual machine configuration, both should be exposed when available, to allow for maximal guest OS compatibility as not all guests yet support both. If future processes are not vulnerable to the flaw, this will be indicated by the existance of CPUID Function 8000_0008, EBX[26]=1, to which QEMU has given the name "amd-no-ssb". See also 124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf from: https://bugzilla.kernel.org/show_bug.cgi?id=199889 Note that neither amd-ssbd or amd-no-ssb will be reported by the kernel in /proc/cpuinfo. It knows about these CPUID bits and does the right thing, but doesn't report their existance as distinct flags in /proc/cpuinfo. Signed-off-by: N Daniel P. Berrangé <berrange@redhat.com>

cpu: add 'amd-ssbd' and 'amd-no-ssb' CPU features (CVE-2018-3639)
AMD x86 CPUs have two separate ways to mitigate the Speculative Store Bypass hardware flaw. In current processors only non-architectural MSRs are available, and so hypervisors must expose a virtualized MSR and CPU flag "virt-ssbd" (CPUID Function 8000_0008, EBX[25]=1). In future processors AMD will provide an architectural MSR, indicated by existance of the CPUID Function 8000_0008, EBX[24]=1, to which QEMU has given the name "amd-ssbd". The "amd-ssbd" flag should be used in preference to "virt-ssbd", if it is available, since it provides improved performance. For virtual machine configuration, both should be exposed when available, to allow for maximal guest OS compatibility as not all guests yet support both. If future processes are not vulnerable to the flaw, this will be indicated by the existance of CPUID Function 8000_0008, EBX[26]=1, to which QEMU has given the name "amd-no-ssb". See also 124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf from: https://bugzilla.kernel.org/show_bug.cgi?id=199889 Note that neither amd-ssbd or amd-no-ssb will be reported by the kernel in /proc/cpuinfo. It knows about these CPUID bits and does the right thing, but doesn't report their existance as distinct flags in /proc/cpuinfo. Signed-off-by: N Daniel P. Berrangé <berrange@redhat.com>
2625722c · Daniel P. Berrangé · 12e93dc0 · 2625722c
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

src/cpu/cpu_map.xml src/cpu/cpu_map.xml +6 -0

未找到文件。
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.xml
@@ -433,9 +433,15 @@
    <feature name='ibpb'>
      <cpuid eax_in='0x80000008' ebx='0x00001000'/>
    </feature>
+    <feature name='amd-ssbd'>
+      <cpuid eax_in='0x80000008' ebx='0x01000000'/>
+    </feature>
    <feature name='virt-ssbd'>
      <cpuid eax_in='0x80000008' ebx='0x02000000'/>
    </feature>
+    <feature name='amd-no-ssb'>
+      <cpuid eax_in='0x80000008' ebx='0x04000000'/>
+    </feature>

    <!-- models -->
    <model name='486'>