x86/cpu: add "md-clear" feature for MDS security flaws

[Qemu-devel] [PATCH 0/2] x86/cpu: add "md-clear" feature for MDS security flaws

Daniel P. Berrangé posted 2 patches 4 years, 11 months ago

Download series mbox

Test asan passed

Test docker-mingw@fedora passed

Test docker-clang@ubuntu passed

Test checkpatch passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20190515141011.5315-1-berrange@redhat.com

Maintainers: Eduardo Habkost <ehabkost@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, Richard Henderson <rth@twiddle.net>

docs/qemu-cpu-models.texi | 12 ++++++++++++
target/i386/cpu.c         |  2 +-
2 files changed, 13 insertions(+), 1 deletion(-)

Expand all Fold all

[Qemu-devel] [PATCH 0/2] x86/cpu: add "md-clear" feature for MDS security flaws

Posted by Daniel P. Berrangé 4 years, 11 months ago

This patch series provides the new "md-clear" feature that is used
for mitigation with CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
CVE-2019-11091.

Assuming you have the updated microcode and kernel to support the
md-clear feature, then using "-cpu host" will expose the new
feature to guests. For named CPU models, it must be explicitly
added eg "-cpu Haswell,+md-clear"

The first patch from Paolo is what most distros will already be
shipping with their security updates for this issue.

Daniel P. Berrangé (1):
  docs: recommend use of md-clear feature on all Intel CPUs

Paolo Bonzini (1):
  target/i386: define md-clear bit

 docs/qemu-cpu-models.texi | 12 ++++++++++++
 target/i386/cpu.c         |  2 +-
 2 files changed, 13 insertions(+), 1 deletion(-)

-- 
2.21.0