Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
libvirt.17937
92673422-CVE-2018-3639.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 92673422-CVE-2018-3639.patch of Package libvirt.17937
commit 9267342206ce17f6933d57a3128cdc504d5945c9 Author: Daniel P. Berrangé <berrange@redhat.com> Date: Mon May 21 23:05:08 2018 +0100 cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) Some AMD processors only support a non-architectural means of enabling Speculative Store Bypass Disable. To allow simplified handling in virtual environments, hypervisors will expose an architectural definition through CPUID bit 0x80000008_EBX[25]. This needs to be exposed to guest OS running on AMD x86 hosts to allow them to protect against CVE-2018-3639. Note that since this CPUID bit won't be present in the host CPUID results on physical hosts, it will not be enabled automatically in guests configured with "host-model" CPU unless using QEMU version >= 2.9.0. Thus for older versions of QEMU, this feature must be manually enabled using policy=force. Guests using the "host-passthrough" CPU mode do not need special handling. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Index: libvirt-4.0.0/src/cpu/cpu_map.xml =================================================================== --- libvirt-4.0.0.orig/src/cpu/cpu_map.xml +++ libvirt-4.0.0/src/cpu/cpu_map.xml @@ -430,6 +430,9 @@ <feature name='ibpb'> <cpuid eax_in='0x80000008' ebx='0x00001000'/> </feature> + <feature name='virt-ssbd'> + <cpuid eax_in='0x80000008' ebx='0x02000000'/> + </feature> <!-- models --> <model name='486'>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor