File 92673422-CVE-2018-3639.patch of Package libvirt.8091

Overview Repositories Revisions Requests Users Attributes Meta

File 92673422-CVE-2018-3639.patch of Package libvirt.8091

commit 9267342206ce17f6933d57a3128cdc504d5945c9
Author: Daniel P. Berrangé <berrange@redhat.com>
Date:   Mon May 21 23:05:08 2018 +0100

cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
    
    Some AMD processors only support a non-architectural means of
    enabling Speculative Store Bypass Disable. To allow simplified
    handling in virtual environments, hypervisors will expose an
    architectural definition through CPUID bit 0x80000008_EBX[25].
    This needs to be exposed to guest OS running on AMD x86 hosts to
    allow them to protect against CVE-2018-3639.
    
    Note that since this CPUID bit won't be present in the host CPUID
    results on physical hosts, it will not be enabled automatically
    in guests configured with "host-model" CPU unless using QEMU
    version >= 2.9.0. Thus for older versions of QEMU, this feature
    must be manually enabled using policy=force. Guests using the
    "host-passthrough" CPU mode do not need special handling.
    
    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
    Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

Index: libvirt-1.2.5/src/cpu/cpu_map.xml
===================================================================
--- libvirt-1.2.5.orig/src/cpu/cpu_map.xml
+++ libvirt-1.2.5/src/cpu/cpu_map.xml
@@ -338,6 +338,9 @@
     <feature name='ibpb'>
       <cpuid function='0x80000008' ebx='0x00001000'/>
     </feature>
+    <feature name='virt-ssbd'>
+      <cpuid function='0x80000008' ebx='0x02000000'/>
+    </feature>
 
     
     <model name='486'>

Places

File 92673422-CVE-2018-3639.patch of Package libvirt.8091

Places