From ff87044456775053ad487635804d7ab49d476cf7 Mon Sep 17 00:00:00 2001 Message-Id: <ff87044456775053ad487635804d7ab49d476cf7@dist-git> From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com> Date: Thu, 10 May 2018 09:06:15 +0200 Subject: [PATCH] cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit New microcode introduces the "Speculative Store Bypass Disable" CPUID feature bit. This needs to be exposed to guest OS to allow them to protect against CVE-2018-3639. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> (no upstream commit yet) Conflicts: src/cpu/cpu_map.xml - stibp and arch-facilities features pushed for Spectre do not exist upstream Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> --- src/cpu/cpu_map.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml index 4d786f1e0a..cee3541d24 100644 --- a/src/cpu/cpu_map.xml +++ b/src/cpu/cpu_map.xml @@ -301,6 +301,9 @@ <feature name='avx512-4fmaps'> <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/> </feature> + <feature name='ssbd'> + <cpuid eax_in='0x07' ecx_in='0x00' edx='0x80000000'/> + </feature> <!-- Processor Extended State Enumeration sub leaf 1 --> <feature name='xsaveopt'> -- 2.17.0