5:05 p.m.
This provides the libvirt part of the mitigations for the speculative
store buffer bypass vulnerabilities on the x86 platform[1], and is
the companion of the kernel patches merged in:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit...
And QEMU patches posted at
https://lists.gnu.org/archive/html/qemu-devel/2018-05/msg04795.html
[1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
https://access.redhat.com/security/vulnerabilities/ssbd
Daniel P. Berrangé (2):
cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
src/cpu/cpu_map.xml | 6 ++++++
1 file changed, 6 insertions(+)
--
2.17.0
5:05 p.m.
New subject: [libvirt] [PATCH 1/2] cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
New microcode introduces the "Speculative Store Bypass Disable"
CPUID feature bit. This needs to be exposed to guest OS to allow
them to protect against CVE-2018-3639.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/cpu/cpu_map.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
index 00a43b172c..245aec3309 100644
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.xml
@@ -298,6 +298,9 @@
<feature name='spec-ctrl'>
<cpuid eax_in='0x07' ecx_in='0x00'
edx='0x04000000'/>
</feature>
+ <feature name='ssbd'>
+ <cpuid eax_in='0x07' ecx_in='0x00'
edx='0x80000000'/>
+ </feature>
<!-- Processor Extended State Enumeration sub leaf 1 -->
<feature name='xsaveopt'>
--
2.17.0
5:05 p.m.
New subject: [libvirt] [PATCH 2/2] cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
Some AMD processors only support a non-architectural means of
enabling Speculative Store Bypass Disable. To allow simplified
handling in virtual environments, hypervisors will expose an
architectural definition through CPUID bit 0x80000008_EBX[25].
This needs to be exposed to guest OS running on AMD x86 hosts to
allow them to protect against CVE-2018-3639.
Note that since this CPUID bit won't be present in the host CPUID
results on physical hosts, it will not be enabled automatically
in guests configured with "host-model" CPU unless using QEMU
version >= 2.9.0. Thus for older versions of QEMU, this feature
must be manually enabled using policy=force. Guests using the
"host-passthrough" CPU mode do not need special handling.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/cpu/cpu_map.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
index 245aec3309..96daa0f9af 100644
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.xml
@@ -433,6 +433,9 @@
<feature name='ibpb'>
<cpuid eax_in='0x80000008' ebx='0x00001000'/>
</feature>
+ <feature name='virt-ssbd'>
+ <cpuid eax_in='0x80000008' ebx='0x02000000'/>
+ </feature>
<!-- models -->
<model name='486'>
--
2.17.0
2:23 a.m.
On Mon, May 21, 2018 at 23:05:06 +0100, Daniel P. Berrangé wrote:
This provides the libvirt part of the mitigations for the
speculative
store buffer bypass vulnerabilities on the x86 platform[1], and is
the companion of the kernel patches merged in:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit...
And QEMU patches posted at
https://lists.gnu.org/archive/html/qemu-devel/2018-05/msg04795.html
[1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
https://access.redhat.com/security/vulnerabilities/ssbd
Daniel P. Berrangé (2):
cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
src/cpu/cpu_map.xml | 6 ++++++
1 file changed, 6 insertions(+)
Both patches
Reviewed-by: Jiri Denemark <jdenemar(a)redhat.com>
I'll push both patches as soon as the QEMU part is merged.
Jirka
2:27 a.m.
On Mon, May 21, 2018 at 11:05:06PM +0100, Daniel P. Berrangé wrote:
This provides the libvirt part of the mitigations for the
speculative
store buffer bypass vulnerabilities on the x86 platform[1], and is
the companion of the kernel patches merged in:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit...
And QEMU patches posted at
https://lists.gnu.org/archive/html/qemu-devel/2018-05/msg04795.html
[1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
https://access.redhat.com/security/vulnerabilities/ssbd
Daniel P. Berrangé (2):
cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
src/cpu/cpu_map.xml | 6 ++++++
1 file changed, 6 insertions(+)
Both changes:
Reveiwed-by: Kashyap Chamarthy <kchamart(a)redhat.com>
--
/kashyap
2352
days inactive
2355
days old
4 comments
3 participants
participants (3)
-
Daniel P. Berrangé -
Jiri Denemark -
Kashyap Chamarthy