[0/2] x86/cpu: add "md-clear" feature for MDS security flaws
mbox series

Message ID 20190515141011.5315-1-berrange@redhat.com
Headers show
Series
  • x86/cpu: add "md-clear" feature for MDS security flaws
Related show

Message

Daniel P. Berrangé May 15, 2019, 2:10 p.m. UTC
This patch series provides the new "md-clear" feature that is used
for mitigation with CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
CVE-2019-11091.

Assuming you have the updated microcode and kernel to support the
md-clear feature, then using "-cpu host" will expose the new
feature to guests. For named CPU models, it must be explicitly
added eg "-cpu Haswell,+md-clear"

The first patch from Paolo is what most distros will already be
shipping with their security updates for this issue.

Daniel P. Berrangé (1):
  docs: recommend use of md-clear feature on all Intel CPUs

Paolo Bonzini (1):
  target/i386: define md-clear bit

 docs/qemu-cpu-models.texi | 12 ++++++++++++
 target/i386/cpu.c         |  2 +-
 2 files changed, 13 insertions(+), 1 deletion(-)