[libvirt] [PATCH 0/2] Mitigation for Microarchitectural Data Sampling CPU flaws

Jiri Denemark posted 2 patches 6 days ago
Failed in applying to current master (apply log)
src/cpu_map/x86_features.xml                  |   3 +
tests/cputest.c                               |   1 +
.../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml |   7 +
.../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml  |   8 +
.../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml    |  29 +
.../x86_64-cpuid-Xeon-E3-1225-v5-host.xml     |  30 +
.../x86_64-cpuid-Xeon-E3-1225-v5-json.xml     |  12 +
.../x86_64-cpuid-Xeon-E3-1225-v5.json         | 652 ++++++++++++++++++
.../x86_64-cpuid-Xeon-E3-1225-v5.sig          |   4 +
.../x86_64-cpuid-Xeon-E3-1225-v5.xml          |  47 ++
.../x86_64-cpuid-Xeon-Platinum-8268-guest.xml |   1 +
.../x86_64-cpuid-Xeon-Platinum-8268-host.xml  |   1 +
12 files changed, 795 insertions(+)
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml

[libvirt] [PATCH 0/2] Mitigation for Microarchitectural Data Sampling CPU flaws

Posted by Jiri Denemark 6 days ago
This series introduces the libvirt side of mitigations for
Microarchitectural Data Sampling microprocessor flaws (CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) which were
published earlier today.

To protect your system against possible attacks exploiting these flaws
updates to the CPU microcode, Linux kernel, and virtualization stack
(QEMU, libvirt, and higher management apps) are required.

See https://access.redhat.com/security/vulnerabilities/mds for more
details and additional links.


Both patches have already been pushed.


Jiri Denemark (2):
  cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5
  cpu_map: Define md-clear CPUID bit

 src/cpu_map/x86_features.xml                  |   3 +
 tests/cputest.c                               |   1 +
 .../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml |   7 +
 .../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml  |   8 +
 .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml    |  29 +
 .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml     |  30 +
 .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml     |  12 +
 .../x86_64-cpuid-Xeon-E3-1225-v5.json         | 652 ++++++++++++++++++
 .../x86_64-cpuid-Xeon-E3-1225-v5.sig          |   4 +
 .../x86_64-cpuid-Xeon-E3-1225-v5.xml          |  47 ++
 .../x86_64-cpuid-Xeon-Platinum-8268-guest.xml |   1 +
 .../x86_64-cpuid-Xeon-Platinum-8268-host.xml  |   1 +
 12 files changed, 795 insertions(+)
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
 create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml

-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 0/2] Mitigation for Microarchitectural Data Sampling CPU flaws

Posted by Daniel P. Berrangé 6 days ago
On Tue, May 14, 2019 at 08:03:48PM +0200, Jiri Denemark wrote:
> This series introduces the libvirt side of mitigations for
> Microarchitectural Data Sampling microprocessor flaws (CVE-2018-12126,
> CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) which were
> published earlier today.
> 
> To protect your system against possible attacks exploiting these flaws
> updates to the CPU microcode, Linux kernel, and virtualization stack
> (QEMU, libvirt, and higher management apps) are required.
> 
> See https://access.redhat.com/security/vulnerabilities/mds for more
> details and additional links.
> 
> 
> Both patches have already been pushed.

FYI I have pushed cherry picks to v4.7-maint, v5.1-maint, and v5.3-maint
which are the versions we have in active Fedora use.

I'll see about getting them backported to further maint branches as we
have patches from RHEL that should apply fairly easily to quite a few
other maint branches upstream.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list