This provides the QEMU part of the mitigations for the speculative
store buffer bypass vulnerabilities on the x86 platform[1], and is
the companion of the kernel patches merged in:

  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b78ce4a34b761c7fe13520de822984019ff1a8f

[1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
    https://access.redhat.com/security/vulnerabilities/ssbd

Daniel P. Berrangé (1):
  i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639)

Konrad Rzeszutek Wilk (2):
  i386: define the AMD 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
  i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639)

 target/i386/cpu.c     |  4 ++--
 target/i386/cpu.h     |  3 +++
 target/i386/kvm.c     | 16 ++++++++++++++--
 target/i386/machine.c | 20 ++++++++++++++++++++
 4 files changed, 39 insertions(+), 4 deletions(-)

-- 
2.17.0

On Mon, May 21, 2018 at 10:54:21PM +0100, Daniel P. Berrangé wrote:
> This provides the QEMU part of the mitigations for the speculative
> store buffer bypass vulnerabilities on the x86 platform[1], and is
> the companion of the kernel patches merged in:
> 
>   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b78ce4a34b761c7fe13520de822984019ff1a8f
> 
> [1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
>     https://access.redhat.com/security/vulnerabilities/ssbd

Queued, but reordered patch 2 and patch 3 so the flag can't be
enabled without the corresponding MSR migration code being
available.

-- 
Eduardo