File libvirt-cpu-add-CPU-features-and-model-for-indirect-branch-prediction-protection.patch of Package libvirt.8364

From 7cdce91e3e1fc211754fe251d8d76fcfb02e7fe0 Mon Sep 17 00:00:00 2001
Message-Id: <7cdce91e3e1fc211754fe251d8d76fcfb02e7fe0@dist-git>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 12 Dec 2017 16:23:42 +0100
Subject: [PATCH] cpu: add CPU features and model for indirect branch
 prediction protection

CVE-2017-5715

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

Conflicts:
	src/cpu/cpu_map.xml
            - several CPU features and Skylake-Server and EPYC CPU
              models are missing

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/cpu/cpu_map.xml | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

Index: libvirt-2.0.0/src/cpu/cpu_map.xml
===================================================================
--- libvirt-2.0.0.orig/src/cpu/cpu_map.xml
+++ libvirt-2.0.0/src/cpu/cpu_map.xml
@@ -255,6 +255,10 @@
       <cpuid eax_in='0x07' ebx='0x10000000'/>
     </feature>
 
+    <feature name='spec-ctrl'>
+      <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
+    </feature>
+
     <!-- Processor Extended State Enumeration sub leaf 1 -->
     <feature name='xsaveopt'>
       <cpuid eax_in='0x0d' ecx_in='0x01' eax='0x00000001'/>
@@ -382,6 +386,11 @@
       <cpuid eax_in='0x80000007' edx='0x00000100'/>
     </feature>
 
+    <!-- More AMD-specific features -->
+    <feature name='ibpb'>
+      <cpuid eax_in='0x80000008' ebx='0x00001000'/>
+    </feature>
+
     <!-- models -->
     <model name='486'>
       <feature name='fpu'/>
@@ -829,6 +838,43 @@
       <feature name='tsc'/>
     </model>
 
+    <model name='Nehalem-IBRS'>
+      <signature family='6' model='26'/>
+      <vendor name='Intel'/>
+      <feature name='apic'/>
+      <feature name='clflush'/>
+      <feature name='cmov'/>
+      <feature name='cx16'/>
+      <feature name='cx8'/>
+      <feature name='de'/>
+      <feature name='fpu'/>
+      <feature name='fxsr'/>
+      <feature name='lahf_lm'/>
+      <feature name='lm'/>
+      <feature name='mca'/>
+      <feature name='mce'/>
+      <feature name='mmx'/>
+      <feature name='msr'/>
+      <feature name='mtrr'/>
+      <feature name='nx'/>
+      <feature name='pae'/>
+      <feature name='pat'/>
+      <feature name='pge'/>
+      <feature name='pni'/>
+      <feature name='popcnt'/>
+      <feature name='pse'/>
+      <feature name='pse36'/>
+      <feature name='sep'/>
+      <feature name='sse'/>
+      <feature name='sse2'/>
+      <feature name='sse4.1'/>
+      <feature name='sse4.2'/>
+      <feature name='ssse3'/>
+      <feature name='syscall'/>
+      <feature name='tsc'/>
+      <feature name='spec-ctrl'/>
+    </model>
+
     <model name='Westmere'>
       <signature family='6' model='44'/>
       <vendor name='Intel'/>
@@ -866,6 +912,44 @@
       <feature name='tsc'/>
     </model>
 
+    <model name='Westmere-IBRS'>
+      <signature family='6' model='44'/>
+      <vendor name='Intel'/>
+      <feature name='aes'/>
+      <feature name='apic'/>
+      <feature name='clflush'/>
+      <feature name='cmov'/>
+      <feature name='cx16'/>
+      <feature name='cx8'/>
+      <feature name='de'/>
+      <feature name='fpu'/>
+      <feature name='fxsr'/>
+      <feature name='lahf_lm'/>
+      <feature name='lm'/>
+      <feature name='mca'/>
+      <feature name='mce'/>
+      <feature name='mmx'/>
+      <feature name='msr'/>
+      <feature name='mtrr'/>
+      <feature name='nx'/>
+      <feature name='pae'/>
+      <feature name='pat'/>
+      <feature name='pge'/>
+      <feature name='pni'/>
+      <feature name='popcnt'/>
+      <feature name='pse'/>
+      <feature name='pse36'/>
+      <feature name='sep'/>
+      <feature name='sse'/>
+      <feature name='sse2'/>
+      <feature name='sse4.1'/>
+      <feature name='sse4.2'/>
+      <feature name='ssse3'/>
+      <feature name='syscall'/>
+      <feature name='tsc'/>
+      <feature name='spec-ctrl'/>
+    </model>
+
     <model name='SandyBridge'>
       <signature family='6' model='42'/>
       <vendor name='Intel'/>
@@ -909,6 +993,50 @@
       <feature name='xsave'/>
     </model>
 
+    <model name='SandyBridge-IBRS'>
+      <signature family='6' model='42'/>
+      <vendor name='Intel'/>
+      <feature name='aes'/>
+      <feature name='apic'/>
+      <feature name='avx'/>
+      <feature name='clflush'/>
+      <feature name='cmov'/>
+      <feature name='cx16'/>
+      <feature name='cx8'/>
+      <feature name='de'/>
+      <feature name='fpu'/>
+      <feature name='fxsr'/>
+      <feature name='lahf_lm'/>
+      <feature name='lm'/>
+      <feature name='mca'/>
+      <feature name='mce'/>
+      <feature name='mmx'/>
+      <feature name='msr'/>
+      <feature name='mtrr'/>
+      <feature name='nx'/>
+      <feature name='pae'/>
+      <feature name='pat'/>
+      <feature name='pclmuldq'/>
+      <feature name='pge'/>
+      <feature name='pni'/>
+      <feature name='popcnt'/>
+      <feature name='pse'/>
+      <feature name='pse36'/>
+      <feature name='rdtscp'/>
+      <feature name='sep'/>
+      <feature name='sse'/>
+      <feature name='sse2'/>
+      <feature name='sse4.1'/>
+      <feature name='sse4.2'/>
+      <feature name='ssse3'/>
+      <feature name='syscall'/>
+      <feature name='tsc'/>
+      <feature name='tsc-deadline'/>
+      <feature name='x2apic'/>
+      <feature name='xsave'/>
+      <feature name='spec-ctrl'/>
+    </model>
+
     <model name='IvyBridge'>
       <signature family='6' model='58'/>
       <vendor name='Intel'/>
@@ -958,6 +1086,56 @@
       <feature name='xsave'/>
     </model>
 
+    <model name='IvyBridge-IBRS'>
+      <signature family='6' model='58'/>
+      <vendor name='Intel'/>
+      <feature name='aes'/>
+      <feature name='apic'/>
+      <feature name='avx'/>
+      <feature name='clflush'/>
+      <feature name='cmov'/>
+      <feature name='cx16'/>
+      <feature name='cx8'/>
+      <feature name='de'/>
+      <feature name='erms'/>
+      <feature name='f16c'/>
+      <feature name='fpu'/>
+      <feature name='fsgsbase'/>
+      <feature name='fxsr'/>
+      <feature name='lahf_lm'/>
+      <feature name='lm'/>
+      <feature name='mca'/>
+      <feature name='mce'/>
+      <feature name='mmx'/>
+      <feature name='msr'/>
+      <feature name='mtrr'/>
+      <feature name='nx'/>
+      <feature name='pae'/>
+      <feature name='pat'/>
+      <feature name='pclmuldq'/>
+      <feature name='pge'/>
+      <feature name='pni'/>
+      <feature name='popcnt'/>
+      <feature name='pse'/>
+      <feature name='pse36'/>
+      <feature name='rdrand'/>
+      <feature name='rdtscp'/>
+      <feature name='sep'/>
+      <feature name='smep'/>
+      <feature name='sse'/>
+      <feature name='sse2'/>
+      <feature name='sse4.1'/>
+      <feature name='sse4.2'/>
+      <feature name='ssse3'/>
+      <feature name='syscall'/>
+      <feature name='tsc'/>
+      <feature name='tsc-deadline'/>
+      <feature name='vme'/>
+      <feature name='x2apic'/>
+      <feature name='xsave'/>
+      <feature name='spec-ctrl'/>
+    </model>
+
     <model name='Haswell-noTSX'>
       <signature family='6' model='60'/>
       <vendor name='Intel'/>
@@ -1011,6 +1189,60 @@
       <feature name='xsave'/>
     </model>
 
+    <model name='Haswell-noTSX-IBRS'>
+      <signature family='6' model='60'/>
+      <vendor name='Intel'/>
+      <feature name='aes'/>
+      <feature name='apic'/>
+      <feature name='avx'/>
+      <feature name='avx2'/>
+      <feature name='bmi1'/>
+      <feature name='bmi2'/>
+      <feature name='clflush'/>
+      <feature name='cmov'/>
+      <feature name='cx16'/>
+      <feature name='cx8'/>
+      <feature name='de'/>
+      <feature name='erms'/>
+      <feature name='fma'/>
+      <feature name='fpu'/>
+      <feature name='fsgsbase'/>
+      <feature name='fxsr'/>
+      <feature name='invpcid'/>
+      <feature name='lahf_lm'/>
+      <feature name='lm'/>
+      <feature name='mca'/>
+      <feature name='mce'/>
+      <feature name='mmx'/>
+      <feature name='movbe'/>
+      <feature name='msr'/>
+      <feature name='mtrr'/>
+      <feature name='nx'/>
+      <feature name='pae'/>
+      <feature name='pat'/>
+      <feature name='pcid'/>
+      <feature name='pclmuldq'/>
+      <feature name='pge'/>
+      <feature name='pni'/>
+      <feature name='popcnt'/>
+      <feature name='pse'/>
+      <feature name='pse36'/>
+      <feature name='rdtscp'/>
+      <feature name='sep'/>
+      <feature name='smep'/>
+      <feature name='sse'/>
+      <feature name='sse2'/>
+      <feature name='sse4.1'/>
+      <feature name='sse4.2'/>
+      <feature name='ssse3'/>
+      <feature name='syscall'/>
+      <feature name='tsc'/>
+      <feature name='tsc-deadline'/>
+      <feature name='x2apic'/>
+      <feature name='xsave'/>
+      <feature name='spec-ctrl'/>
+    </model>
+
     <model name='Haswell'>
       <signature family='6' model='60'/>
       <vendor name='Intel'/>
@@ -1066,6 +1298,62 @@
       <feature name='xsave'/>
     </model>
 
+    <model name='Haswell-IBRS'>
+      <signature family='6' model='60'/>
+      <vendor name='Intel'/>
+      <feature name='aes'/>
+      <feature name='apic'/>
+      <feature name='avx'/>
+      <feature name='avx2'/>
+      <feature name='bmi1'/>
+      <feature name='bmi2'/>
+      <feature name='clflush'/>
+      <feature name='cmov'/>
+      <feature name='cx16'/>
+      <feature name='cx8'/>
+      <feature name='de'/>
+      <feature name='erms'/>
+      <feature name='fma'/>
+      <feature name='fpu'/>
+      <feature name='fsgsbase'/>
+      <feature name='fxsr'/>
+      <feature name='hle'/>
+      <feature name='invpcid'/>
+      <feature name='lahf_lm'/>
+      <feature name='lm'/>
+      <feature name='mca'/>
+      <feature name='mce'/>
+      <feature name='mmx'/>
+      <feature name='movbe'/>
+      <feature name='msr'/>
+      <feature name='mtrr'/>
+      <feature name='nx'/>
+      <feature name='pae'/>
+      <feature name='pat'/>
+      <feature name='pcid'/>
+      <feature name='pclmuldq'/>
+      <feature name='pge'/>
+      <feature name='pni'/>
+      <feature name='popcnt'/>
+      <feature name='pse'/>
+      <feature name='pse36'/>
+      <feature name='rdtscp'/>
+      <feature name='rtm'/>
+      <feature name='sep'/>
+      <feature name='smep'/>
+      <feature name='sse'/>
+      <feature name='sse2'/>
+      <feature name='sse4.1'/>
+      <feature name='sse4.2'/>
+      <feature name='ssse3'/>
+      <feature name='syscall'/>
+      <feature name='tsc'/>
+      <feature name='tsc-deadline'/>
+      <feature name='x2apic'/>
+      <feature name='xsave'/>
+      <feature name='spec-ctrl'/>
+    </model>
+
     <model name='Broadwell-noTSX'>
       <signature family='6' model='61'/>
       <vendor name='Intel'/>
@@ -1123,6 +1411,64 @@
       <feature name='xsave'/>
     </model>
 
+    <model name='Broadwell-noTSX-IBRS'>
+      <signature family='6' model='61'/>
+      <vendor name='Intel'/>
+      <feature name='3dnowprefetch'/>
+      <feature name='adx'/>
+      <feature name='aes'/>
+      <feature name='apic'/>
+      <feature name='avx'/>
+      <feature name='avx2'/>
+      <feature name='bmi1'/>
+      <feature name='bmi2'/>
+      <feature name='clflush'/>
+      <feature name='cmov'/>
+      <feature name='cx16'/>
+      <feature name='cx8'/>
+      <feature name='de'/>
+      <feature name='erms'/>
+      <feature name='fma'/>
+      <feature name='fpu'/>
+      <feature name='fsgsbase'/>
+      <feature name='fxsr'/>
+      <feature name='invpcid'/>
+      <feature name='lahf_lm'/>
+      <feature name='lm'/>
+      <feature name='mca'/>
+      <feature name='mce'/>
+      <feature name='mmx'/>
+      <feature name='movbe'/>
+      <feature name='msr'/>
+      <feature name='mtrr'/>
+      <feature name='nx'/>
+      <feature name='pae'/>
+      <feature name='pat'/>
+      <feature name='pcid'/>
+      <feature name='pclmuldq'/>
+      <feature name='pge'/>
+      <feature name='pni'/>
+      <feature name='popcnt'/>
+      <feature name='pse'/>
+      <feature name='pse36'/>
+      <feature name='rdseed'/>
+      <feature name='rdtscp'/>
+      <feature name='sep'/>
+      <feature name='smap'/>
+      <feature name='smep'/>
+      <feature name='sse'/>
+      <feature name='sse2'/>
+      <feature name='sse4.1'/>
+      <feature name='sse4.2'/>
+      <feature name='ssse3'/>
+      <feature name='syscall'/>
+      <feature name='tsc'/>
+      <feature name='tsc-deadline'/>
+      <feature name='x2apic'/>
+      <feature name='xsave'/>
+      <feature name='spec-ctrl'/>
+    </model>
+
     <model name='Broadwell'>
       <signature family='6' model='61'/>
       <vendor name='Intel'/>
@@ -1182,6 +1528,66 @@
       <feature name='xsave'/>
     </model>
 
+    <model name='Broadwell-IBRS'>
+      <signature family='6' model='61'/>
+      <vendor name='Intel'/>
+      <feature name='3dnowprefetch'/>
+      <feature name='adx'/>
+      <feature name='aes'/>
+      <feature name='apic'/>
+      <feature name='avx'/>
+      <feature name='avx2'/>
+      <feature name='bmi1'/>
+      <feature name='bmi2'/>
+      <feature name='clflush'/>
+      <feature name='cmov'/>
+      <feature name='cx16'/>
+      <feature name='cx8'/>
+      <feature name='de'/>
+      <feature name='erms'/>
+      <feature name='fma'/>
+      <feature name='fpu'/>
+      <feature name='fsgsbase'/>
+      <feature name='fxsr'/>
+      <feature name='hle'/>
+      <feature name='invpcid'/>
+      <feature name='lahf_lm'/>
+      <feature name='lm'/>
+      <feature name='mca'/>
+      <feature name='mce'/>
+      <feature name='mmx'/>
+      <feature name='movbe'/>
+      <feature name='msr'/>
+      <feature name='mtrr'/>
+      <feature name='nx'/>
+      <feature name='pae'/>
+      <feature name='pat'/>
+      <feature name='pcid'/>
+      <feature name='pclmuldq'/>
+      <feature name='pge'/>
+      <feature name='pni'/>
+      <feature name='popcnt'/>
+      <feature name='pse'/>
+      <feature name='pse36'/>
+      <feature name='rdseed'/>
+      <feature name='rdtscp'/>
+      <feature name='rtm'/>
+      <feature name='sep'/>
+      <feature name='smap'/>
+      <feature name='smep'/>
+      <feature name='sse'/>
+      <feature name='sse2'/>
+      <feature name='sse4.1'/>
+      <feature name='sse4.2'/>
+      <feature name='ssse3'/>
+      <feature name='syscall'/>
+      <feature name='tsc'/>
+      <feature name='tsc-deadline'/>
+      <feature name='x2apic'/>
+      <feature name='xsave'/>
+      <feature name='spec-ctrl'/>
+    </model>
+
     <model name='Skylake-Client'>
       <signature family='6' model='94'/>
       <vendor name='Intel'/>
@@ -1250,6 +1656,75 @@
       <feature name='xsaveopt'/>
     </model>
 
+    <model name='Skylake-Client-IBRS'>
+      <signature family='6' model='94'/>
+      <vendor name='Intel'/>
+      <feature name='3dnowprefetch'/>
+      <feature name='abm'/>
+      <feature name='adx'/>
+      <feature name='aes'/>
+      <feature name='apic'/>
+      <feature name='arat'/>
+      <feature name='avx'/>
+      <feature name='avx2'/>
+      <feature name='bmi1'/>
+      <feature name='bmi2'/>
+      <feature name='clflush'/>
+      <feature name='cmov'/>
+      <feature name='cx16'/>
+      <feature name='cx8'/>
+      <feature name='de'/>
+      <feature name='erms'/>
+      <feature name='f16c'/>
+      <feature name='fma'/>
+      <feature name='fpu'/>
+      <feature name='fsgsbase'/>
+      <feature name='fxsr'/>
+      <feature name='hle'/>
+      <feature name='invpcid'/>
+      <feature name='lahf_lm'/>
+      <feature name='lm'/>
+      <feature name='mca'/>
+      <feature name='mce'/>
+      <feature name='mmx'/>
+      <feature name='movbe'/>
+      <feature name='mpx'/>
+      <feature name='msr'/>
+      <feature name='mtrr'/>
+      <feature name='nx'/>
+      <feature name='pae'/>
+      <feature name='pat'/>
+      <feature name='pcid'/>
+      <feature name='pclmuldq'/>
+      <feature name='pge'/>
+      <feature name='pni'/>
+      <feature name='popcnt'/>
+      <feature name='pse'/>
+      <feature name='pse36'/>
+      <feature name='rdrand'/>
+      <feature name='rdseed'/>
+      <feature name='rdtscp'/>
+      <feature name='rtm'/>
+      <feature name='sep'/>
+      <feature name='smap'/>
+      <feature name='smep'/>
+      <feature name='sse'/>
+      <feature name='sse2'/>
+      <feature name='sse4.1'/>
+      <feature name='sse4.2'/>
+      <feature name='ssse3'/>
+      <feature name='syscall'/>
+      <feature name='tsc'/>
+      <feature name='tsc-deadline'/>
+      <feature name='vme'/>
+      <feature name='x2apic'/>
+      <feature name='xgetbv1'/>
+      <feature name='xsave'/>
+      <feature name='xsavec'/>
+      <feature name='xsaveopt'/>
+      <feature name='spec-ctrl'/>
+    </model>
+
     <!-- AMD CPUs -->
     <model name='athlon'>
       <vendor name='AMD'/>
openSUSE Build Service is sponsored by