File libvirt-cpu-add-CPU-features-and-model-for-indirect-branch-prediction-protection.patch of Package libvirt.7551
From 7cdce91e3e1fc211754fe251d8d76fcfb02e7fe0 Mon Sep 17 00:00:00 2001
Message-Id: <7cdce91e3e1fc211754fe251d8d76fcfb02e7fe0@dist-git>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 12 Dec 2017 16:23:42 +0100
Subject: [PATCH] cpu: add CPU features and model for indirect branch
prediction protection
CVE-2017-5715
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Conflicts:
src/cpu/cpu_map.xml
- several CPU features and Skylake-Server and EPYC CPU
models are missing
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/cpu/cpu_map.xml | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
Index: libvirt-2.0.0/src/cpu/cpu_map.xml
===================================================================
--- libvirt-2.0.0.orig/src/cpu/cpu_map.xml
+++ libvirt-2.0.0/src/cpu/cpu_map.xml
@@ -255,6 +255,10 @@
<cpuid eax_in='0x07' ebx='0x10000000'/>
</feature>
+ <feature name='spec-ctrl'>
+ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
+ </feature>
+
<!-- Processor Extended State Enumeration sub leaf 1 -->
<feature name='xsaveopt'>
<cpuid eax_in='0x0d' ecx_in='0x01' eax='0x00000001'/>
@@ -382,6 +386,11 @@
<cpuid eax_in='0x80000007' edx='0x00000100'/>
</feature>
+ <!-- More AMD-specific features -->
+ <feature name='ibpb'>
+ <cpuid eax_in='0x80000008' ebx='0x00001000'/>
+ </feature>
+
<!-- models -->
<model name='486'>
<feature name='fpu'/>
@@ -828,6 +837,10 @@
<feature name='syscall'/>
<feature name='tsc'/>
</model>
+ <model name='Nehalem-IBRS'>
+ <model name='Nehalem'/>
+ <feature name='spec-ctrl'/>
+ </model>
<model name='Westmere'>
<signature family='6' model='44'/>
@@ -865,6 +878,10 @@
<feature name='syscall'/>
<feature name='tsc'/>
</model>
+ <model name='Westmere-IBRS'>
+ <model name='Westmere'/>
+ <feature name='spec-ctrl'/>
+ </model>
<model name='SandyBridge'>
<signature family='6' model='42'/>
@@ -908,6 +925,10 @@
<feature name='x2apic'/>
<feature name='xsave'/>
</model>
+ <model name='SandyBridge-IBRS'>
+ <model name='SandyBridge'/>
+ <feature name='spec-ctrl'/>
+ </model>
<model name='IvyBridge'>
<signature family='6' model='58'/>
@@ -957,6 +978,10 @@
<feature name='x2apic'/>
<feature name='xsave'/>
</model>
+ <model name='IvyBridge-IBRS'>
+ <model name='IvyBridge'/>
+ <feature name='spec-ctrl'/>
+ </model>
<model name='Haswell-noTSX'>
<signature family='6' model='60'/>
@@ -1010,6 +1035,10 @@
<feature name='x2apic'/>
<feature name='xsave'/>
</model>
+ <model name='Haswell-noTSX-IBRS'>
+ <model name='Haswell-noTSX'/>
+ <feature name='spec-ctrl'/>
+ </model>
<model name='Haswell'>
<signature family='6' model='60'/>
@@ -1065,6 +1094,10 @@
<feature name='x2apic'/>
<feature name='xsave'/>
</model>
+ <model name='Haswell-IBRS'>
+ <model name='Haswell'/>
+ <feature name='spec-ctrl'/>
+ </model>
<model name='Broadwell-noTSX'>
<signature family='6' model='61'/>
@@ -1122,6 +1155,10 @@
<feature name='x2apic'/>
<feature name='xsave'/>
</model>
+ <model name='Broadwell-noTSX-IBRS'>
+ <model name='Broadwell-noTSX'/>
+ <feature name='spec-ctrl'/>
+ </model>
<model name='Broadwell'>
<signature family='6' model='61'/>
@@ -1181,6 +1218,10 @@
<feature name='x2apic'/>
<feature name='xsave'/>
</model>
+ <model name='Broadwell-IBRS'>
+ <model name='Broadwell'/>
+ <feature name='spec-ctrl'/>
+ </model>
<model name='Skylake-Client'>
<signature family='6' model='94'/>
@@ -1249,6 +1290,10 @@
<feature name='xsavec'/>
<feature name='xsaveopt'/>
</model>
+ <model name='Skylake-Client-IBRS'>
+ <model name='Skylake-Client'/>
+ <feature name='spec-ctrl'/>
+ </model>
<!-- AMD CPUs -->
<model name='athlon'>
