From 40cf57b55f3af94163d7ef3d50aec6c5c79c139d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Mon, 21 May 2018 23:05:08 +0100 Subject: [PATCH] cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some AMD processors only support a non-architectural means of enabling Speculative Store Bypass Disable. To allow simplified handling in virtual environments, hypervisors will expose an architectural definition through CPUID bit 0x80000008_EBX[25]. This needs to be exposed to guest OS running on AMD x86 hosts to allow them to protect against CVE-2018-3639. Note that since this CPUID bit won't be present in the host CPUID results on physical hosts, it will not be enabled automatically in guests configured with "host-model" CPU unless using QEMU version >= 2.9.0. Thus for older versions of QEMU, this feature must be manually enabled using policy=force. Guests using the "host-passthrough" CPU mode do not need special handling. Signed-off-by: Daniel P. Berrangé Reviewed-by: Jiri Denemark (cherry picked from commit 9267342206ce17f6933d57a3128cdc504d5945c9) --- src/cpu/cpu_map.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml index 245aec3309..96daa0f9af 100644 --- a/src/cpu/cpu_map.xml +++ b/src/cpu/cpu_map.xml @@ -433,6 +433,9 @@ + + + -- GitLab