提交 2686c9e1 编写于 作者: J Jiri Denemark 提交者: Daniel P. Berrangé

cpu_map: Define md-clear CPUID bit

CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

The bit is set when microcode provides the mechanism to invoke a flush
of various exploitable CPU buffers by invoking the VERW instruction.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 538d8735)

Conflicts:
        tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
        tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
            - test data missing downstream
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
上级 54fb85c2
...@@ -317,6 +317,9 @@ ...@@ -317,6 +317,9 @@
<feature name='avx512-4fmaps'> <feature name='avx512-4fmaps'>
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/> <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
</feature> </feature>
<feature name='md-clear'> <!-- md_clear -->
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
</feature>
<feature name='pconfig'> <feature name='pconfig'>
<cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/> <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/>
</feature> </feature>
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
<cpudata arch='x86'> <cpudata arch='x86'>
<cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/> <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
<cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
<cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/> <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>
<cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
<cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/> <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
</cpudata> </cpudata>
...@@ -20,6 +20,7 @@ ...@@ -20,6 +20,7 @@
<feature policy='require' name='tsc_adjust'/> <feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clflushopt'/> <feature policy='require' name='clflushopt'/>
<feature policy='require' name='intel-pt'/> <feature policy='require' name='intel-pt'/>
<feature policy='require' name='md-clear'/>
<feature policy='require' name='stibp'/> <feature policy='require' name='stibp'/>
<feature policy='require' name='ssbd'/> <feature policy='require' name='ssbd'/>
<feature policy='require' name='xsaves'/> <feature policy='require' name='xsaves'/>
......
...@@ -21,6 +21,7 @@ ...@@ -21,6 +21,7 @@
<feature name='tsc_adjust'/> <feature name='tsc_adjust'/>
<feature name='clflushopt'/> <feature name='clflushopt'/>
<feature name='intel-pt'/> <feature name='intel-pt'/>
<feature name='md-clear'/>
<feature name='stibp'/> <feature name='stibp'/>
<feature name='ssbd'/> <feature name='ssbd'/>
<feature name='xsaves'/> <feature name='xsaves'/>
......
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
<feature policy='require' name='hypervisor'/> <feature policy='require' name='hypervisor'/>
<feature policy='require' name='tsc_adjust'/> <feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clflushopt'/> <feature policy='require' name='clflushopt'/>
<feature policy='require' name='md-clear'/>
<feature policy='require' name='stibp'/> <feature policy='require' name='stibp'/>
<feature policy='require' name='ssbd'/> <feature policy='require' name='ssbd'/>
<feature policy='require' name='pdpe1gb'/> <feature policy='require' name='pdpe1gb'/>
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册