[libvirt] [PATCH] cpu: add 'amd-ssbd' and 'amd-no-ssb' CPU features (CVE-2018-3639)
Kashyap Chamarthy
kchamart at redhat.com
Thu Jun 14 15:16:10 UTC 2018
On Thu, Jun 14, 2018 at 11:48:41AM +0100, Daniel P. Berrangé wrote:
> AMD x86 CPUs have two separate ways to mitigate the Speculative Store
> Bypass hardware flaw. In current processors only non-architectural MSRs
> are available, and so hypervisors must expose a virtualized MSR and CPU
> flag "virt-ssbd" (CPUID Function 8000_0008, EBX[25]=1).
>
> In future processors AMD will provide an architectural MSR, indicated by
> existance of the CPUID Function 8000_0008, EBX[24]=1, to which QEMU has
> given the name "amd-ssbd".
>
> The "amd-ssbd" flag should be used in preference to "virt-ssbd", if it
> is available, since it provides improved performance. For virtual
> machine configuration, both should be exposed when available, to allow
> for maximal guest OS compatibility as not all guests yet support both.
>
> If future processes are not vulnerable to the flaw, this will be
> indicated by the existance of CPUID Function 8000_0008, EBX[26]=1,
> to which QEMU has given the name "amd-no-ssb".
>
> See also 124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf
> from:
>
> https://bugzilla.kernel.org/show_bug.cgi?id=199889
>
> Note that neither amd-ssbd or amd-no-ssb will be reported by the kernel
> in /proc/cpuinfo. It knows about these CPUID bits and does the right thing,
> but doesn't report their existance as distinct flags in /proc/cpuinfo.
>
> Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
> ---
> src/cpu/cpu_map.xml | 6 ++++++
> 1 file changed, 6 insertions(+)
FWIW:
Reviewed-by: Kashyap Chamarthy <kchamart at redhat.com>
[...]
--
/kashyap
More information about the libvir-list
mailing list