[libvirt] [PATCH] cpu: add 'amd-ssbd' and 'amd-no-ssb' CPU features (CVE-2018-3639)

[Jiri Denemark]

On Thu, Jun 14, 2018 at 11:48:41 +0100, Daniel P. Berrangé wrote:
> AMD x86 CPUs have two separate ways to mitigate the Speculative Store
> Bypass hardware flaw. In current processors only non-architectural MSRs
> are available, and so hypervisors must expose a virtualized MSR and CPU
> flag "virt-ssbd" (CPUID Function 8000_0008, EBX[25]=1).
> 
> In future processors AMD will provide an architectural MSR, indicated by
> existance of the CPUID Function 8000_0008, EBX[24]=1, to which QEMU has
> given the name "amd-ssbd".
> 
> The "amd-ssbd" flag should be used in preference to "virt-ssbd", if it
> is available, since it provides improved performance. For virtual
> machine configuration, both should be exposed when available, to allow
> for maximal guest OS compatibility as not all guests yet support both.
> 
> If future processes are not vulnerable to the flaw, this will be
> indicated by the existance of CPUID Function 8000_0008, EBX[26]=1,
> to which QEMU has given the name "amd-no-ssb".
> 
> See also 124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf
> from:
> 
>   https://bugzilla.kernel.org/show_bug.cgi?id=199889
> 
> Note that neither amd-ssbd or amd-no-ssb will be reported by the kernel
> in /proc/cpuinfo. It knows about these CPUID bits and does the right thing,
> but doesn't report their existance as distinct flags in /proc/cpuinfo.
> 
> Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>

Eduardo pushed the QEMU part into his x86-next queue, but he didn't send
a pull request yet. I think it's a good idea to wait until the patch
lands in QEMU master before pushing this patch.

Reviewed-by: Jiri Denemark <jdenemar at redhat.com>