[libvirt] [PATCH 00/17] CPU models and features for Spectre, CVE-2017-5715

Jiri Denemark posted 17 patches 6 years, 2 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/cover.1515534925.git.jdenemar@redhat.com
src/cpu/cpu_map.xml                                | 622 ++++++++++++++++++
tests/cputest.c                                    |   5 +
.../x86_64-cpuid-Core-i7-5600U-ibrs-disabled.xml   |   6 +
.../x86_64-cpuid-Core-i7-5600U-ibrs-enabled.xml    |   8 +
.../x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml      |  29 +
.../x86_64-cpuid-Core-i7-5600U-ibrs-host.xml       |  30 +
.../x86_64-cpuid-Core-i7-5600U-ibrs-json.xml       |  15 +
.../x86_64-cpuid-Core-i7-5600U-ibrs.json           | 525 +++++++++++++++
.../x86_64-cpuid-Core-i7-5600U-ibrs.xml            |  41 ++
...86_64-cpuid-EPYC-7601-32-Core-ibpb-disabled.xml |   7 +
...x86_64-cpuid-EPYC-7601-32-Core-ibpb-enabled.xml |   9 +
.../x86_64-cpuid-EPYC-7601-32-Core-ibpb-guest.xml  |  17 +
.../x86_64-cpuid-EPYC-7601-32-Core-ibpb-host.xml   |  17 +
.../x86_64-cpuid-EPYC-7601-32-Core-ibpb-json.xml   |  12 +
.../x86_64-cpuid-EPYC-7601-32-Core-ibpb.json       | 722 ++++++++++++++++++++
.../x86_64-cpuid-EPYC-7601-32-Core-ibpb.xml        |  54 ++
.../x86_64-cpuid-Xeon-E5-2609-v3-disabled.xml      |   6 +
.../x86_64-cpuid-Xeon-E5-2609-v3-enabled.xml       |   8 +
.../x86_64-cpuid-Xeon-E5-2609-v3-guest.xml         |  31 +
.../x86_64-cpuid-Xeon-E5-2609-v3-host.xml          |  32 +
.../x86_64-cpuid-Xeon-E5-2609-v3-json.xml          |  14 +
.../cputestdata/x86_64-cpuid-Xeon-E5-2609-v3.json  | 726 +++++++++++++++++++++
tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3.xml |  37 ++
.../x86_64-cpuid-Xeon-E5-2623-v4-disabled.xml      |   7 +
.../x86_64-cpuid-Xeon-E5-2623-v4-enabled.xml       |   8 +
.../x86_64-cpuid-Xeon-E5-2623-v4-guest.xml         |  30 +
.../x86_64-cpuid-Xeon-E5-2623-v4-host.xml          |  34 +
.../x86_64-cpuid-Xeon-E5-2623-v4-json.xml          |  11 +
.../cputestdata/x86_64-cpuid-Xeon-E5-2623-v4.json  | 662 +++++++++++++++++++
tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4.xml |  43 ++
.../x86_64-cpuid-Xeon-Gold-5115-disabled.xml       |   8 +
.../x86_64-cpuid-Xeon-Gold-5115-enabled.xml        |   8 +
.../x86_64-cpuid-Xeon-Gold-5115-guest.xml          |  29 +
.../x86_64-cpuid-Xeon-Gold-5115-host.xml           |  30 +
.../x86_64-cpuid-Xeon-Gold-5115-json.xml           |   8 +
tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115.json | 614 +++++++++++++++++
tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115.xml  |  54 ++
37 files changed, 4519 insertions(+)
create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-disabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-enabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-host.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-json.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs.json
create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-disabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-enabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-guest.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-host.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-json.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb.json
create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-disabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-enabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-guest.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-host.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-json.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3.json
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-disabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-enabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-guest.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-host.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-json.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4.json
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-disabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-enabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-guest.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-host.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-json.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115.json
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115.xml
[libvirt] [PATCH 00/17] CPU models and features for Spectre, CVE-2017-5715
Posted by Jiri Denemark 6 years, 2 months ago
This is the libvirt's part of the changes related to CVE-2017-5715. The
new models can be used to pass the protective CPU features to guests.
But remember, the host CPU microcode, host kernel, QEMU, and libvirt all
need to be updated for this to be any useful.

Based on a patch from Paolo Bonzini.

See QEMU patches from Eduardo for more details:
https://patchew.org/QEMU/20180109154519.25634-1-ehabkost@redhat.com/

Jiri Denemark (16):
  cputest: Add data for Intel(R) Xeon(R) CPU E5-2609 v3
  cputest: Add data for Intel(R) Xeon(R) CPU E5-2623 v4
  cputest: Add data for Intel(R) Xeon(R) Gold 5115 CPU
  cputest: Add data for updated AMD EPYC 7601 32-Core Processor
  cputest: Add data for updated Intel(R) Core(TM) i7-5600U CPU
  cpu: Add Nehalem-IBRS CPU model
  cpu: Add Westmere-IBRS CPU model
  cpu: Add SandyBridge-IBRS CPU model
  cpu: Add IvyBridge-IBRS CPU model
  cpu: Add Haswell-noTSX-IBRS CPU model
  cpu: Add Haswell-IBRS CPU model
  cpu: Add Broadwell-noTSX-IBRS CPU model
  cpu: Add Broadwell-IBRS CPU model
  cpu: Add Skylake-Client-IBRS CPU model
  cpu: Add Skylake-Server-IBRS CPU model
  cpu: Add EPYC-IBPB CPU model

Paolo Bonzini (1):
  cpu: add CPU features for indirect branch prediction protection

 src/cpu/cpu_map.xml                                | 622 ++++++++++++++++++
 tests/cputest.c                                    |   5 +
 .../x86_64-cpuid-Core-i7-5600U-ibrs-disabled.xml   |   6 +
 .../x86_64-cpuid-Core-i7-5600U-ibrs-enabled.xml    |   8 +
 .../x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml      |  29 +
 .../x86_64-cpuid-Core-i7-5600U-ibrs-host.xml       |  30 +
 .../x86_64-cpuid-Core-i7-5600U-ibrs-json.xml       |  15 +
 .../x86_64-cpuid-Core-i7-5600U-ibrs.json           | 525 +++++++++++++++
 .../x86_64-cpuid-Core-i7-5600U-ibrs.xml            |  41 ++
 ...86_64-cpuid-EPYC-7601-32-Core-ibpb-disabled.xml |   7 +
 ...x86_64-cpuid-EPYC-7601-32-Core-ibpb-enabled.xml |   9 +
 .../x86_64-cpuid-EPYC-7601-32-Core-ibpb-guest.xml  |  17 +
 .../x86_64-cpuid-EPYC-7601-32-Core-ibpb-host.xml   |  17 +
 .../x86_64-cpuid-EPYC-7601-32-Core-ibpb-json.xml   |  12 +
 .../x86_64-cpuid-EPYC-7601-32-Core-ibpb.json       | 722 ++++++++++++++++++++
 .../x86_64-cpuid-EPYC-7601-32-Core-ibpb.xml        |  54 ++
 .../x86_64-cpuid-Xeon-E5-2609-v3-disabled.xml      |   6 +
 .../x86_64-cpuid-Xeon-E5-2609-v3-enabled.xml       |   8 +
 .../x86_64-cpuid-Xeon-E5-2609-v3-guest.xml         |  31 +
 .../x86_64-cpuid-Xeon-E5-2609-v3-host.xml          |  32 +
 .../x86_64-cpuid-Xeon-E5-2609-v3-json.xml          |  14 +
 .../cputestdata/x86_64-cpuid-Xeon-E5-2609-v3.json  | 726 +++++++++++++++++++++
 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3.xml |  37 ++
 .../x86_64-cpuid-Xeon-E5-2623-v4-disabled.xml      |   7 +
 .../x86_64-cpuid-Xeon-E5-2623-v4-enabled.xml       |   8 +
 .../x86_64-cpuid-Xeon-E5-2623-v4-guest.xml         |  30 +
 .../x86_64-cpuid-Xeon-E5-2623-v4-host.xml          |  34 +
 .../x86_64-cpuid-Xeon-E5-2623-v4-json.xml          |  11 +
 .../cputestdata/x86_64-cpuid-Xeon-E5-2623-v4.json  | 662 +++++++++++++++++++
 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4.xml |  43 ++
 .../x86_64-cpuid-Xeon-Gold-5115-disabled.xml       |   8 +
 .../x86_64-cpuid-Xeon-Gold-5115-enabled.xml        |   8 +
 .../x86_64-cpuid-Xeon-Gold-5115-guest.xml          |  29 +
 .../x86_64-cpuid-Xeon-Gold-5115-host.xml           |  30 +
 .../x86_64-cpuid-Xeon-Gold-5115-json.xml           |   8 +
 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115.json | 614 +++++++++++++++++
 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115.xml  |  54 ++
 37 files changed, 4519 insertions(+)
 create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-disabled.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-enabled.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-host.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-json.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs.json
 create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-disabled.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-enabled.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-guest.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-host.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-json.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb.json
 create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-disabled.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-enabled.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-guest.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-host.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-json.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3.json
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-disabled.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-enabled.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-guest.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-host.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-json.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4.json
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-disabled.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-enabled.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-guest.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-host.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-json.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115.json
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115.xml

-- 
2.15.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 00/17] CPU models and features for Spectre, CVE-2017-5715
Posted by Pavel Hrdina 6 years, 2 months ago
On Tue, Jan 09, 2018 at 11:45:13PM +0100, Jiri Denemark wrote:
> This is the libvirt's part of the changes related to CVE-2017-5715. The
> new models can be used to pass the protective CPU features to guests.
> But remember, the host CPU microcode, host kernel, QEMU, and libvirt all
> need to be updated for this to be any useful.
> 
> Based on a patch from Paolo Bonzini.
> 
> See QEMU patches from Eduardo for more details:
> https://patchew.org/QEMU/20180109154519.25634-1-ehabkost@redhat.com/

I guess that you will wait with pushing until the QEMU patches are
accepted and pushed as well.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 00/17] CPU models and features for Spectre, CVE-2017-5715
Posted by Jiri Denemark 6 years, 2 months ago
On Wed, Jan 10, 2018 at 10:52:29 +0100, Pavel Hrdina wrote:
> On Tue, Jan 09, 2018 at 11:45:13PM +0100, Jiri Denemark wrote:
> > This is the libvirt's part of the changes related to CVE-2017-5715. The
> > new models can be used to pass the protective CPU features to guests.
> > But remember, the host CPU microcode, host kernel, QEMU, and libvirt all
> > need to be updated for this to be any useful.
> > 
> > Based on a patch from Paolo Bonzini.
> > 
> > See QEMU patches from Eduardo for more details:
> > https://patchew.org/QEMU/20180109154519.25634-1-ehabkost@redhat.com/
> 
> I guess that you will wait with pushing until the QEMU patches are
> accepted and pushed as well.
> 
> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

Thanks. All QEMU patches except for EPYC-IBPB CPU model are queued in
Eduardo's x86-next and a pull request is coming soon. I pushed the first
16 patches, i.e., without EPYC-IBPB.

Jirka

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 00/17] CPU models and features for Spectre, CVE-2017-5715
Posted by Jiri Denemark 6 years, 2 months ago
On Wed, Jan 17, 2018 at 17:07:22 +0100, Jiri Denemark wrote:
> On Wed, Jan 10, 2018 at 10:52:29 +0100, Pavel Hrdina wrote:
> > On Tue, Jan 09, 2018 at 11:45:13PM +0100, Jiri Denemark wrote:
> > > This is the libvirt's part of the changes related to CVE-2017-5715. The
> > > new models can be used to pass the protective CPU features to guests.
> > > But remember, the host CPU microcode, host kernel, QEMU, and libvirt all
> > > need to be updated for this to be any useful.
> > > 
> > > Based on a patch from Paolo Bonzini.
> > > 
> > > See QEMU patches from Eduardo for more details:
> > > https://patchew.org/QEMU/20180109154519.25634-1-ehabkost@redhat.com/
> > 
> > I guess that you will wait with pushing until the QEMU patches are
> > accepted and pushed as well.
> > 
> > Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
> 
> Thanks. All QEMU patches except for EPYC-IBPB CPU model are queued in
> Eduardo's x86-next and a pull request is coming soon. I pushed the first
> 16 patches, i.e., without EPYC-IBPB.

The EPYC-IBPB model was included in the pull request sent by Eduardo.

Pushing now.

Jirka

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 00/17] CPU models and features for Spectre, CVE-2017-5715
Posted by Daniel P. Berrange 6 years, 2 months ago
On Tue, Jan 09, 2018 at 11:45:13PM +0100, Jiri Denemark wrote:
> This is the libvirt's part of the changes related to CVE-2017-5715. The
> new models can be used to pass the protective CPU features to guests.
> But remember, the host CPU microcode, host kernel, QEMU, and libvirt all
> need to be updated for this to be any useful.
> 
> Based on a patch from Paolo Bonzini.

You likely also want this pre-requisite series for libvirt:

  https://www.redhat.com/archives/libvir-list/2018-January/msg00114.html

This ensures libvirt's cache of QEMU CPU model info is updated when the
host CPU microcode changes. Without that patch, libvirt might not pick
up the changed QEMU CPU models if the microcode update RPM was installed
after the updated QEMU RPM.

> 
> See QEMU patches from Eduardo for more details:
> https://patchew.org/QEMU/20180109154519.25634-1-ehabkost@redhat.com/
> 
> Jiri Denemark (16):
>   cputest: Add data for Intel(R) Xeon(R) CPU E5-2609 v3
>   cputest: Add data for Intel(R) Xeon(R) CPU E5-2623 v4
>   cputest: Add data for Intel(R) Xeon(R) Gold 5115 CPU
>   cputest: Add data for updated AMD EPYC 7601 32-Core Processor
>   cputest: Add data for updated Intel(R) Core(TM) i7-5600U CPU
>   cpu: Add Nehalem-IBRS CPU model
>   cpu: Add Westmere-IBRS CPU model
>   cpu: Add SandyBridge-IBRS CPU model
>   cpu: Add IvyBridge-IBRS CPU model
>   cpu: Add Haswell-noTSX-IBRS CPU model
>   cpu: Add Haswell-IBRS CPU model
>   cpu: Add Broadwell-noTSX-IBRS CPU model
>   cpu: Add Broadwell-IBRS CPU model
>   cpu: Add Skylake-Client-IBRS CPU model
>   cpu: Add Skylake-Server-IBRS CPU model
>   cpu: Add EPYC-IBPB CPU model
> 
> Paolo Bonzini (1):
>   cpu: add CPU features for indirect branch prediction protection
> 
>  src/cpu/cpu_map.xml                                | 622 ++++++++++++++++++
>  tests/cputest.c                                    |   5 +
>  .../x86_64-cpuid-Core-i7-5600U-ibrs-disabled.xml   |   6 +
>  .../x86_64-cpuid-Core-i7-5600U-ibrs-enabled.xml    |   8 +
>  .../x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml      |  29 +
>  .../x86_64-cpuid-Core-i7-5600U-ibrs-host.xml       |  30 +
>  .../x86_64-cpuid-Core-i7-5600U-ibrs-json.xml       |  15 +
>  .../x86_64-cpuid-Core-i7-5600U-ibrs.json           | 525 +++++++++++++++
>  .../x86_64-cpuid-Core-i7-5600U-ibrs.xml            |  41 ++
>  ...86_64-cpuid-EPYC-7601-32-Core-ibpb-disabled.xml |   7 +
>  ...x86_64-cpuid-EPYC-7601-32-Core-ibpb-enabled.xml |   9 +
>  .../x86_64-cpuid-EPYC-7601-32-Core-ibpb-guest.xml  |  17 +
>  .../x86_64-cpuid-EPYC-7601-32-Core-ibpb-host.xml   |  17 +
>  .../x86_64-cpuid-EPYC-7601-32-Core-ibpb-json.xml   |  12 +
>  .../x86_64-cpuid-EPYC-7601-32-Core-ibpb.json       | 722 ++++++++++++++++++++
>  .../x86_64-cpuid-EPYC-7601-32-Core-ibpb.xml        |  54 ++
>  .../x86_64-cpuid-Xeon-E5-2609-v3-disabled.xml      |   6 +
>  .../x86_64-cpuid-Xeon-E5-2609-v3-enabled.xml       |   8 +
>  .../x86_64-cpuid-Xeon-E5-2609-v3-guest.xml         |  31 +
>  .../x86_64-cpuid-Xeon-E5-2609-v3-host.xml          |  32 +
>  .../x86_64-cpuid-Xeon-E5-2609-v3-json.xml          |  14 +
>  .../cputestdata/x86_64-cpuid-Xeon-E5-2609-v3.json  | 726 +++++++++++++++++++++
>  tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3.xml |  37 ++
>  .../x86_64-cpuid-Xeon-E5-2623-v4-disabled.xml      |   7 +
>  .../x86_64-cpuid-Xeon-E5-2623-v4-enabled.xml       |   8 +
>  .../x86_64-cpuid-Xeon-E5-2623-v4-guest.xml         |  30 +
>  .../x86_64-cpuid-Xeon-E5-2623-v4-host.xml          |  34 +
>  .../x86_64-cpuid-Xeon-E5-2623-v4-json.xml          |  11 +
>  .../cputestdata/x86_64-cpuid-Xeon-E5-2623-v4.json  | 662 +++++++++++++++++++
>  tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4.xml |  43 ++
>  .../x86_64-cpuid-Xeon-Gold-5115-disabled.xml       |   8 +
>  .../x86_64-cpuid-Xeon-Gold-5115-enabled.xml        |   8 +
>  .../x86_64-cpuid-Xeon-Gold-5115-guest.xml          |  29 +
>  .../x86_64-cpuid-Xeon-Gold-5115-host.xml           |  30 +
>  .../x86_64-cpuid-Xeon-Gold-5115-json.xml           |   8 +
>  tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115.json | 614 +++++++++++++++++
>  tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115.xml  |  54 ++
>  37 files changed, 4519 insertions(+)
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-disabled.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-enabled.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-guest.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-host.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs-json.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs.json
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Core-i7-5600U-ibrs.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-disabled.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-enabled.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-guest.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-host.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb-json.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb.json
>  create mode 100644 tests/cputestdata/x86_64-cpuid-EPYC-7601-32-Core-ibpb.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-disabled.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-enabled.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-guest.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-host.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3-json.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3.json
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2609-v3.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-disabled.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-enabled.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-guest.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-host.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4-json.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4.json
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E5-2623-v4.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-disabled.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-enabled.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-guest.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-host.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115-json.xml
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115.json
>  create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-Gold-5115.xml
> 
> -- 
> 2.15.1
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 00/17] CPU models and features for Spectre, CVE-2017-5715
Posted by Jiri Denemark 6 years, 2 months ago
On Wed, Jan 10, 2018 at 11:22:12 +0000, Daniel P. Berrange wrote:
> On Tue, Jan 09, 2018 at 11:45:13PM +0100, Jiri Denemark wrote:
> > This is the libvirt's part of the changes related to CVE-2017-5715. The
> > new models can be used to pass the protective CPU features to guests.
> > But remember, the host CPU microcode, host kernel, QEMU, and libvirt all
> > need to be updated for this to be any useful.
> > 
> > Based on a patch from Paolo Bonzini.
> 
> You likely also want this pre-requisite series for libvirt:
> 
>   https://www.redhat.com/archives/libvir-list/2018-January/msg00114.html
> 
> This ensures libvirt's cache of QEMU CPU model info is updated when the
> host CPU microcode changes. Without that patch, libvirt might not pick
> up the changed QEMU CPU models if the microcode update RPM was installed
> after the updated QEMU RPM.

Oh yes, I wanted to mention this, but I forgot to do so :(

You may also need some patches from another series (which I've just
pushed):

https://www.redhat.com/archives/libvir-list/2018-January/msg00237.html

The first patch is needed for all the new tests to pass.

And the third patch is needed if the new CPU models are defined via
inheritance rather than from scratch. This is not an issue for the
patches in this series, but some downstreams might have decided to do
just that.

Jirka

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list