File 0064-docs-recommend-use-of-md-clear-feat.patch of Package qemu-linux-user
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Wed, 15 May 2019 15:10:11 +0100
Subject: docs: recommend use of md-clear feature on all Intel CPUs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Update x86 CPU model guidance to recommend that the md-clear feature is
manually enabled with all Intel CPU models, when supported by the host
microcode.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20190515141011.5315-3-berrange@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit 2c7e82a30774730100da9dbe68d2360459030d91)
[BR: BSC#1111331 BSC#1138534 CVE-2018-12126 CVE-2018-12127
CVE-2018-12130 CVE-2019-11091]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
docs/qemu-cpu-models.texi | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi
index 1935f98c63bd22ad6ec0747e9415..5cb3d8b939bee357a6a1f44de087 100644
--- a/docs/qemu-cpu-models.texi
+++ b/docs/qemu-cpu-models.texi
@@ -189,6 +189,18 @@ Not included by default in any Intel CPU model.
Should be explicitly turned on for all Intel CPU models.
Note that not all CPU hardware will support this feature.
+
+@item @code{md-clear}
+
+Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
+CVE-2019-11091) fixes.
+
+Not included by default in any Intel CPU model.
+
+Must be explicitly turned on for all Intel CPU models.
+
+Requires the host CPU microcode to support this feature before it
+can be used for guest CPUs.
@end table