From b2ae52101fca7f9547ac2f388085dbc58f8fe1c0 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Wed, 15 May 2019 15:10:10 +0100 Subject: [PATCH 1/3] target/i386: define md-clear bit md-clear is a new CPUID bit which is set when microcode provides the mechanism to invoke a flush of various exploitable CPU buffers by invoking the VERW instruction. Signed-off-by: Paolo Bonzini Message-Id: <20190515141011.5315-2-berrange@redhat.com> Signed-off-by: Eduardo Habkost --- target/i386/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 2df56fa977..953d78b062 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -1077,7 +1077,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { .feat_names = { NULL, NULL, "avx512-4vnniw", "avx512-4fmaps", NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, + NULL, NULL, "md-clear", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, From 2c7e82a30774730100da9dbe68d2360459030d91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 15 May 2019 15:10:11 +0100 Subject: [PATCH 2/3] docs: recommend use of md-clear feature on all Intel CPUs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update x86 CPU model guidance to recommend that the md-clear feature is manually enabled with all Intel CPU models, when supported by the host microcode. Signed-off-by: Daniel P. Berrangé Message-Id: <20190515141011.5315-3-berrange@redhat.com> Signed-off-by: Eduardo Habkost --- docs/qemu-cpu-models.texi | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi index 23c11dc86f..ad040cfc98 100644 --- a/docs/qemu-cpu-models.texi +++ b/docs/qemu-cpu-models.texi @@ -200,6 +200,18 @@ Not included by default in any Intel CPU model. Should be explicitly turned on for all Intel CPU models. Note that not all CPU hardware will support this feature. + +@item @code{md-clear} + +Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, +CVE-2019-11091) fixes. + +Not included by default in any Intel CPU model. + +Must be explicitly turned on for all Intel CPU models. + +Requires the host CPU microcode to support this feature before it +can be used for guest CPUs. @end table From 20140a82c67467f53814ca197403d5e1b561a5e5 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 16 May 2019 20:53:20 +0200 Subject: [PATCH 3/3] target/i386: add MDS-NO feature Microarchitectural Data Sampling is a hardware vulnerability which allows unprivileged speculative access to data which is available in various CPU internal buffers. Some Intel processors use the ARCH_CAP_MDS_NO bit in the IA32_ARCH_CAPABILITIES MSR to report that they are not vulnerable, make it available to guests. Signed-off-by: Paolo Bonzini Message-Id: <20190516185320.28340-1-pbonzini@redhat.com> Signed-off-by: Eduardo Habkost --- target/i386/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 953d78b062..2f151dad8c 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -1184,7 +1184,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { .type = MSR_FEATURE_WORD, .feat_names = { "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry", - "ssb-no", NULL, NULL, NULL, + "ssb-no", "mds-no", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,