x86 MDS feature flags

md-clear and mds-no feature flags, for detection and mitigation of MDS vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091). -----BEGIN PGP SIGNATURE----- iQIcBAABCAAGBQJc5EajAAoJECgHk2+YTcWmvoUP/Ryg1Wa2oKjmGYfbfS4pR3cT 5hCCdElgJ/Orf8L08/UgHceBzwhwWTFFpnAVGH1CNrKIJnjpq/JbrD9JbCQ8snSB 7sgKTNPWPe10gwxfgKRhdA/vPe7daB6LOCNVYoTKlOh4KcjhtWkVIQJfBj9jTYnq e9Pp9q66W6s/thmTklqkM1LGLALajl8WSp0hfRuYbYcWEEcxnhie3WlrlFL7y+Vq TagN5+IdMqpxYV7fBymNKKq7pt1gWvxtVycLYkM8H+xImyH9uRaUPZbQAniLfVsX sBKfWYp/bu/Pm6ddKU3eR1jd4yxKuPnUAR+B8RB1wC4I8n2v4Tv4AS07irDFnUfj 1XLZorQcDBU4D1i+p4T4j/R/0aKrVdSI/JuM3Lg4mB84otpk3eLJCr5OoJvctz/b fVFXL3h+oMPHe3+QZO8WmsfG8//Oa7G/wIpg4j0MYZezaKahqlYqya+e5IdAQgoQ bamWFeHvCGSIUDdpp1ZJ2N+ich21ZgL3IP9ZL9jK5NDuFAGFGQ9oX9+5M2yv/UfK 0PPhiFG0Yi4g1L/0/usFWInWUqM+ANF+LLbTTEAPVA0y8JrBFU10/WPJGjFmCdno UrSc2Br6A/ifYlEVVxmqShWX3c2Gd3/9+IHEbd7B4X0C80GVvE8LDIvlPaXA4yKQ E2Dz7fr0lyGzwaY5P4/b =nmYz -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging x86 MDS feature flags md-clear and mds-no feature flags, for detection and mitigation of MDS vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091). # gpg: Signature made Tue 21 May 2019 19:42:43 BST # gpg: using RSA key 2807936F984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full] # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * remotes/ehabkost/tags/x86-next-pull-request: target/i386: add MDS-NO feature docs: recommend use of md-clear feature on all Intel CPUs target/i386: define md-clear bit Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-05-21 19:56:47 +01:00 · 2019-05-21 19:56:47 +01:00 · 542ad0eb95
commit 542ad0eb95
parent a4f667b671 20140a82c6
2 changed files with 14 additions and 2 deletions
--- a/docs/qemu-cpu-models.texi
+++ b/docs/qemu-cpu-models.texi
@ -200,6 +200,18 @@ Not included by default in any Intel CPU model.
 Should be explicitly turned on for all Intel CPU models.

 Note that not all CPU hardware will support this feature.
+
+@item @code{md-clear}
+
+Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
+CVE-2019-11091) fixes.
+
+Not included by default in any Intel CPU model.
+
+Must be explicitly turned on for all Intel CPU models.
+
+Requires the host CPU microcode to support this feature before it
+can be used for guest CPUs.
@end table


--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@ -1077,7 +1077,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
        .feat_names = {
            NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
            NULL, NULL, NULL, NULL,
-            NULL, NULL, NULL, NULL,
+            NULL, NULL, "md-clear", NULL,
            NULL, NULL, NULL, NULL,
            NULL, NULL, NULL, NULL,
            NULL, NULL, NULL, NULL,
@ -1184,7 +1184,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
        .type = MSR_FEATURE_WORD,
        .feat_names = {
            "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
-            "ssb-no", NULL, NULL, NULL,
+            "ssb-no", "mds-no", NULL, NULL,
            NULL, NULL, NULL, NULL,
            NULL, NULL, NULL, NULL,
            NULL, NULL, NULL, NULL,