amend "x86/Intel: Mitigations for GPZ SP4 - Speculative Store Bypass"

This is part of CVE-2018-3639 / XSA-263.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/tools/libxc/xc_cpufeature.h b/tools/libxc/xc_cpufeature.h
index 8a3fac07dbb878e67f0a324a9836c93280dc4d3b..eb24c535619500c9f13695323989eb91a10c421b 100644 (file)
--- a/tools/libxc/xc_cpufeature.h
+++ b/tools/libxc/xc_cpufeature.h
@@ -147,5 +147,6 @@
 /* Intel-defined CPU features, CPUID level 0x00000007:0 (edx) */
 #define X86_FEATURE_IBRSB       26 /* IBRS and IBPB support (used by Intel) */
 #define X86_FEATURE_STIBP       27 /* STIBP */
+#define X86_FEATURE_SSBD        31 /* MSR_SPEC_CTRL.SSBD available */
 
 #endif /* __LIBXC_CPUFEATURE_H */

diff --git a/tools/libxc/xc_cpuid_x86.c b/tools/libxc/xc_cpuid_x86.c
index 454be0be7e585dd22d70b9290e451f49b4751348..26cd47506521b25a982fcbce3d5e1d9f3eb8ba22 100644 (file)
--- a/tools/libxc/xc_cpuid_x86.c
+++ b/tools/libxc/xc_cpuid_x86.c
@@ -369,7 +369,8 @@ static void xc_cpuid_hvm_policy(
                         bitmaskof(X86_FEATURE_SMAP) |
                         bitmaskof(X86_FEATURE_FSGSBASE));
             regs[3] &= (bitmaskof(X86_FEATURE_IBRSB) |
-                        bitmaskof(X86_FEATURE_STIBP));
+                        bitmaskof(X86_FEATURE_STIBP) |
+                        bitmaskof(X86_FEATURE_SSBD));
         } else
             regs[1] = regs[3] = 0;
         regs[0] = regs[2] = 0;
@@ -512,7 +513,8 @@ static void xc_cpuid_pv_policy(
                         bitmaskof(X86_FEATURE_ADX)  |
                         bitmaskof(X86_FEATURE_FSGSBASE));
             regs[3] &= (bitmaskof(X86_FEATURE_IBRSB) |
-                        bitmaskof(X86_FEATURE_STIBP));
+                        bitmaskof(X86_FEATURE_STIBP) |
+                        bitmaskof(X86_FEATURE_SSBD));
         }
         else
             regs[1] = regs[3] = 0;