5:48 a.m.
CVE-2019-11135
TAA_NO and TSX_CTRL are new IA32_ARCH_CAPABILITIES MSR bits related to
the TSX Asynchronous Abort (TAA) vulnerability. See [1] and [2] for
details about the issue and mitigations.
[1]
https://software.intel.com/security-software-guidance/insights/deep-dive-...
[2] https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abor...
Jiri Denemark (2):
cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR
cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR
src/cpu_map/x86_features.xml | 6 ++++++
1 file changed, 6 insertions(+)
--
2.24.1
5:48 a.m.
New subject: [libvirt] [PATCH 1/2] cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR
CVE-2019-11135
CPUs with TAA_NO bit of IA32_ARCH_CAPABILITIES MSR set to 1 are not
vulnerable to TSX Asynchronous Abort and passing this bit to a guest
may avoid unnecessary mitigations.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/cpu_map/x86_features.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 2bed1e0372..d1180ed26d 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x86_features.xml
@@ -502,4 +502,7 @@
<feature name='mds-no'>
<msr index='0x10a' edx='0x00000000' eax='0x00000020'/>
</feature>
+ <feature name='taa-no'>
+ <msr index='0x10a' edx='0x00000000' eax='0x00000100'/>
+ </feature>
</cpus>
--
2.24.1
5:48 a.m.
New subject: [libvirt] [PATCH 2/2] cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR
CVE-2019-11135
When TSX_CTRL bit of IA32_ARCH_CAPABILITIES MSR is set to 1, the CPU
supports IA32_TSX_CTRL MSR which can be used to disable and/or mask TSX.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/cpu_map/x86_features.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index d1180ed26d..b42b490160 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x86_features.xml
@@ -502,6 +502,9 @@
<feature name='mds-no'>
<msr index='0x10a' edx='0x00000000' eax='0x00000020'/>
</feature>
+ <feature name='tsx-ctrl'>
+ <msr index='0x10a' edx='0x00000000' eax='0x00000080'/>
+ </feature>
<feature name='taa-no'>
<msr index='0x10a' edx='0x00000000' eax='0x00000100'/>
</feature>
--
2.24.1
6:05 a.m.
On Fri, Dec 13, 2019 at 12:48:31PM +0100, Jiri Denemark wrote:
CVE-2019-11135
TAA_NO and TSX_CTRL are new IA32_ARCH_CAPABILITIES MSR bits related to
the TSX Asynchronous Abort (TAA) vulnerability. See [1] and [2] for
details about the issue and mitigations.
[1]
https://software.intel.com/security-software-guidance/insights/deep-dive-...
[2] https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abor...
Jiri Denemark (2):
cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR
cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR
src/cpu_map/x86_features.xml | 6 ++++++
1 file changed, 6 insertions(+)
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Jano
1806
days inactive
1806
days old
3 comments
2 participants
participants (2)
-
Jiri Denemark -
Ján Tomko