File libvirt-cpu-add-CPU-features-and-model-for-indirect-branch-prediction-protection.patch of Package libvirt.11696
From 7cdce91e3e1fc211754fe251d8d76fcfb02e7fe0 Mon Sep 17 00:00:00 2001
Message-Id: <7cdce91e3e1fc211754fe251d8d76fcfb02e7fe0@dist-git>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 12 Dec 2017 16:23:42 +0100
Subject: [PATCH] cpu: add CPU features and model for indirect branch
prediction protection
CVE-2017-5715
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Conflicts:
src/cpu/cpu_map.xml
- several CPU features and Skylake-Server and EPYC CPU
models are missing
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/cpu/cpu_map.xml | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
Index: libvirt-1.2.18.4/src/cpu/cpu_map.xml
===================================================================
--- libvirt-1.2.18.4.orig/src/cpu/cpu_map.xml
+++ libvirt-1.2.18.4/src/cpu/cpu_map.xml
@@ -347,6 +347,15 @@
<cpuid function='0x80000007' edx='0x00000100'/>
</feature>
+ <feature name='spec-ctrl'>
+ <cpuid function='0x07' edx='0x04000000'/>
+ </feature>
+
+ <!-- More AMD-specific features -->
+ <feature name='ibpb'>
+ <cpuid function='0x80000008' ebx='0x00001000'/>
+ </feature>
+
<!-- models -->
<model name='486'>
<feature name='fpu'/>
@@ -794,6 +803,43 @@
<feature name='tsc'/>
</model>
+ <model name='Nehalem-IBRS'>
+ <signature family='6' model='26'/>
+ <vendor name='Intel'/>
+ <feature name='apic'/>
+ <feature name='clflush'/>
+ <feature name='cmov'/>
+ <feature name='cx16'/>
+ <feature name='cx8'/>
+ <feature name='de'/>
+ <feature name='fpu'/>
+ <feature name='fxsr'/>
+ <feature name='lahf_lm'/>
+ <feature name='lm'/>
+ <feature name='mca'/>
+ <feature name='mce'/>
+ <feature name='mmx'/>
+ <feature name='msr'/>
+ <feature name='mtrr'/>
+ <feature name='nx'/>
+ <feature name='pae'/>
+ <feature name='pat'/>
+ <feature name='pge'/>
+ <feature name='pni'/>
+ <feature name='popcnt'/>
+ <feature name='pse'/>
+ <feature name='pse36'/>
+ <feature name='sep'/>
+ <feature name='sse'/>
+ <feature name='sse2'/>
+ <feature name='sse4.1'/>
+ <feature name='sse4.2'/>
+ <feature name='ssse3'/>
+ <feature name='syscall'/>
+ <feature name='tsc'/>
+ <feature name='spec-ctrl'/>
+ </model>
+
<model name='Westmere'>
<signature family='6' model='44'/>
<vendor name='Intel'/>
@@ -831,6 +877,44 @@
<feature name='tsc'/>
</model>
+ <model name='Westmere-IBRS'>
+ <signature family='6' model='44'/>
+ <vendor name='Intel'/>
+ <feature name='aes'/>
+ <feature name='apic'/>
+ <feature name='clflush'/>
+ <feature name='cmov'/>
+ <feature name='cx16'/>
+ <feature name='cx8'/>
+ <feature name='de'/>
+ <feature name='fpu'/>
+ <feature name='fxsr'/>
+ <feature name='lahf_lm'/>
+ <feature name='lm'/>
+ <feature name='mca'/>
+ <feature name='mce'/>
+ <feature name='mmx'/>
+ <feature name='msr'/>
+ <feature name='mtrr'/>
+ <feature name='nx'/>
+ <feature name='pae'/>
+ <feature name='pat'/>
+ <feature name='pge'/>
+ <feature name='pni'/>
+ <feature name='popcnt'/>
+ <feature name='pse'/>
+ <feature name='pse36'/>
+ <feature name='sep'/>
+ <feature name='sse'/>
+ <feature name='sse2'/>
+ <feature name='sse4.1'/>
+ <feature name='sse4.2'/>
+ <feature name='ssse3'/>
+ <feature name='syscall'/>
+ <feature name='tsc'/>
+ <feature name='spec-ctrl'/>
+ </model>
+
<model name='SandyBridge'>
<signature family='6' model='42'/>
<vendor name='Intel'/>
@@ -874,6 +958,50 @@
<feature name='xsave'/>
</model>
+ <model name='SandyBridge-IBRS'>
+ <signature family='6' model='42'/>
+ <vendor name='Intel'/>
+ <feature name='aes'/>
+ <feature name='apic'/>
+ <feature name='avx'/>
+ <feature name='clflush'/>
+ <feature name='cmov'/>
+ <feature name='cx16'/>
+ <feature name='cx8'/>
+ <feature name='de'/>
+ <feature name='fpu'/>
+ <feature name='fxsr'/>
+ <feature name='lahf_lm'/>
+ <feature name='lm'/>
+ <feature name='mca'/>
+ <feature name='mce'/>
+ <feature name='mmx'/>
+ <feature name='msr'/>
+ <feature name='mtrr'/>
+ <feature name='nx'/>
+ <feature name='pae'/>
+ <feature name='pat'/>
+ <feature name='pclmuldq'/>
+ <feature name='pge'/>
+ <feature name='pni'/>
+ <feature name='popcnt'/>
+ <feature name='pse'/>
+ <feature name='pse36'/>
+ <feature name='rdtscp'/>
+ <feature name='sep'/>
+ <feature name='sse'/>
+ <feature name='sse2'/>
+ <feature name='sse4.1'/>
+ <feature name='sse4.2'/>
+ <feature name='ssse3'/>
+ <feature name='syscall'/>
+ <feature name='tsc'/>
+ <feature name='tsc-deadline'/>
+ <feature name='x2apic'/>
+ <feature name='xsave'/>
+ <feature name='spec-ctrl'/>
+ </model>
+
<model name='Haswell-noTSX'>
<signature family='6' model='60'/>
<vendor name='Intel'/>
@@ -927,6 +1055,60 @@
<feature name='xsave'/>
</model>
+ <model name='Haswell-noTSX-IBRS'>
+ <signature family='6' model='60'/>
+ <vendor name='Intel'/>
+ <feature name='aes'/>
+ <feature name='apic'/>
+ <feature name='avx'/>
+ <feature name='avx2'/>
+ <feature name='bmi1'/>
+ <feature name='bmi2'/>
+ <feature name='clflush'/>
+ <feature name='cmov'/>
+ <feature name='cx16'/>
+ <feature name='cx8'/>
+ <feature name='de'/>
+ <feature name='erms'/>
+ <feature name='fma'/>
+ <feature name='fpu'/>
+ <feature name='fsgsbase'/>
+ <feature name='fxsr'/>
+ <feature name='invpcid'/>
+ <feature name='lahf_lm'/>
+ <feature name='lm'/>
+ <feature name='mca'/>
+ <feature name='mce'/>
+ <feature name='mmx'/>
+ <feature name='movbe'/>
+ <feature name='msr'/>
+ <feature name='mtrr'/>
+ <feature name='nx'/>
+ <feature name='pae'/>
+ <feature name='pat'/>
+ <feature name='pcid'/>
+ <feature name='pclmuldq'/>
+ <feature name='pge'/>
+ <feature name='pni'/>
+ <feature name='popcnt'/>
+ <feature name='pse'/>
+ <feature name='pse36'/>
+ <feature name='rdtscp'/>
+ <feature name='sep'/>
+ <feature name='smep'/>
+ <feature name='sse'/>
+ <feature name='sse2'/>
+ <feature name='sse4.1'/>
+ <feature name='sse4.2'/>
+ <feature name='ssse3'/>
+ <feature name='syscall'/>
+ <feature name='tsc'/>
+ <feature name='tsc-deadline'/>
+ <feature name='x2apic'/>
+ <feature name='xsave'/>
+ <feature name='spec-ctrl'/>
+ </model>
+
<model name='Haswell'>
<signature family='6' model='60'/>
<vendor name='Intel'/>
@@ -982,6 +1164,62 @@
<feature name='xsave'/>
</model>
+ <model name='Haswell-IBRS'>
+ <signature family='6' model='60'/>
+ <vendor name='Intel'/>
+ <feature name='aes'/>
+ <feature name='apic'/>
+ <feature name='avx'/>
+ <feature name='avx2'/>
+ <feature name='bmi1'/>
+ <feature name='bmi2'/>
+ <feature name='clflush'/>
+ <feature name='cmov'/>
+ <feature name='cx16'/>
+ <feature name='cx8'/>
+ <feature name='de'/>
+ <feature name='erms'/>
+ <feature name='fma'/>
+ <feature name='fpu'/>
+ <feature name='fsgsbase'/>
+ <feature name='fxsr'/>
+ <feature name='hle'/>
+ <feature name='invpcid'/>
+ <feature name='lahf_lm'/>
+ <feature name='lm'/>
+ <feature name='mca'/>
+ <feature name='mce'/>
+ <feature name='mmx'/>
+ <feature name='movbe'/>
+ <feature name='msr'/>
+ <feature name='mtrr'/>
+ <feature name='nx'/>
+ <feature name='pae'/>
+ <feature name='pat'/>
+ <feature name='pcid'/>
+ <feature name='pclmuldq'/>
+ <feature name='pge'/>
+ <feature name='pni'/>
+ <feature name='popcnt'/>
+ <feature name='pse'/>
+ <feature name='pse36'/>
+ <feature name='rdtscp'/>
+ <feature name='rtm'/>
+ <feature name='sep'/>
+ <feature name='smep'/>
+ <feature name='sse'/>
+ <feature name='sse2'/>
+ <feature name='sse4.1'/>
+ <feature name='sse4.2'/>
+ <feature name='ssse3'/>
+ <feature name='syscall'/>
+ <feature name='tsc'/>
+ <feature name='tsc-deadline'/>
+ <feature name='x2apic'/>
+ <feature name='xsave'/>
+ <feature name='spec-ctrl'/>
+ </model>
+
<model name='Broadwell-noTSX'>
<signature family='6' model='61'/>
<vendor name='Intel'/>
@@ -1039,6 +1277,64 @@
<feature name='xsave'/>
</model>
+ <model name='Broadwell-noTSX-IBRS'>
+ <signature family='6' model='61'/>
+ <vendor name='Intel'/>
+ <feature name='3dnowprefetch'/>
+ <feature name='adx'/>
+ <feature name='aes'/>
+ <feature name='apic'/>
+ <feature name='avx'/>
+ <feature name='avx2'/>
+ <feature name='bmi1'/>
+ <feature name='bmi2'/>
+ <feature name='clflush'/>
+ <feature name='cmov'/>
+ <feature name='cx16'/>
+ <feature name='cx8'/>
+ <feature name='de'/>
+ <feature name='erms'/>
+ <feature name='fma'/>
+ <feature name='fpu'/>
+ <feature name='fsgsbase'/>
+ <feature name='fxsr'/>
+ <feature name='invpcid'/>
+ <feature name='lahf_lm'/>
+ <feature name='lm'/>
+ <feature name='mca'/>
+ <feature name='mce'/>
+ <feature name='mmx'/>
+ <feature name='movbe'/>
+ <feature name='msr'/>
+ <feature name='mtrr'/>
+ <feature name='nx'/>
+ <feature name='pae'/>
+ <feature name='pat'/>
+ <feature name='pcid'/>
+ <feature name='pclmuldq'/>
+ <feature name='pge'/>
+ <feature name='pni'/>
+ <feature name='popcnt'/>
+ <feature name='pse'/>
+ <feature name='pse36'/>
+ <feature name='rdseed'/>
+ <feature name='rdtscp'/>
+ <feature name='sep'/>
+ <feature name='smap'/>
+ <feature name='smep'/>
+ <feature name='sse'/>
+ <feature name='sse2'/>
+ <feature name='sse4.1'/>
+ <feature name='sse4.2'/>
+ <feature name='ssse3'/>
+ <feature name='syscall'/>
+ <feature name='tsc'/>
+ <feature name='tsc-deadline'/>
+ <feature name='x2apic'/>
+ <feature name='xsave'/>
+ <feature name='spec-ctrl'/>
+ </model>
+
<model name='Broadwell'>
<signature family='6' model='61'/>
<vendor name='Intel'/>
@@ -1098,6 +1394,66 @@
<feature name='xsave'/>
</model>
+ <model name='Broadwell-IBRS'>
+ <signature family='6' model='61'/>
+ <vendor name='Intel'/>
+ <feature name='3dnowprefetch'/>
+ <feature name='adx'/>
+ <feature name='aes'/>
+ <feature name='apic'/>
+ <feature name='avx'/>
+ <feature name='avx2'/>
+ <feature name='bmi1'/>
+ <feature name='bmi2'/>
+ <feature name='clflush'/>
+ <feature name='cmov'/>
+ <feature name='cx16'/>
+ <feature name='cx8'/>
+ <feature name='de'/>
+ <feature name='erms'/>
+ <feature name='fma'/>
+ <feature name='fpu'/>
+ <feature name='fsgsbase'/>
+ <feature name='fxsr'/>
+ <feature name='hle'/>
+ <feature name='invpcid'/>
+ <feature name='lahf_lm'/>
+ <feature name='lm'/>
+ <feature name='mca'/>
+ <feature name='mce'/>
+ <feature name='mmx'/>
+ <feature name='movbe'/>
+ <feature name='msr'/>
+ <feature name='mtrr'/>
+ <feature name='nx'/>
+ <feature name='pae'/>
+ <feature name='pat'/>
+ <feature name='pcid'/>
+ <feature name='pclmuldq'/>
+ <feature name='pge'/>
+ <feature name='pni'/>
+ <feature name='popcnt'/>
+ <feature name='pse'/>
+ <feature name='pse36'/>
+ <feature name='rdseed'/>
+ <feature name='rdtscp'/>
+ <feature name='rtm'/>
+ <feature name='sep'/>
+ <feature name='smap'/>
+ <feature name='smep'/>
+ <feature name='sse'/>
+ <feature name='sse2'/>
+ <feature name='sse4.1'/>
+ <feature name='sse4.2'/>
+ <feature name='ssse3'/>
+ <feature name='syscall'/>
+ <feature name='tsc'/>
+ <feature name='tsc-deadline'/>
+ <feature name='x2apic'/>
+ <feature name='xsave'/>
+ <feature name='spec-ctrl'/>
+ </model>
+
<!-- AMD CPUs -->
<model name='athlon'>
<vendor name='AMD'/>
