This is part of XSA-273 / CVE-2018-3646.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
/* Intel-defined CPU features, CPUID level 0x00000007:0 (edx) */
#define X86_FEATURE_IBRSB 26 /* IBRS and IBPB support (used by Intel) */
#define X86_FEATURE_STIBP 27 /* STIBP */
+#define X86_FEATURE_L1D_FLUSH 28 /* MSR_FLUSH_CMD and L1D flush. */
#define X86_FEATURE_SSBD 31 /* MSR_SPEC_CTRL.SSBD available */
#endif /* __LIBXC_CPUFEATURE_H */
bitmaskof(X86_FEATURE_FSGSBASE));
regs[3] &= (bitmaskof(X86_FEATURE_IBRSB) |
bitmaskof(X86_FEATURE_STIBP) |
+ bitmaskof(X86_FEATURE_L1D_FLUSH) |
bitmaskof(X86_FEATURE_SSBD));
} else
regs[1] = regs[3] = 0;
if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) )
*edx &= ~(cpufeat_mask(X86_FEATURE_IBRSB) |
cpufeat_mask(X86_FEATURE_SSBD));
+ if ( !boot_cpu_has(X86_FEATURE_L1D_FLUSH) )
+ *edx &= ~cpufeat_mask(X86_FEATURE_L1D_FLUSH);
/*
* Override STIBP to match IBRS. Guests can safely use STIBP
if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) )
d &= ~(cpufeat_mask(X86_FEATURE_IBRSB) |
cpufeat_mask(X86_FEATURE_SSBD));
+ d &= ~cpufeat_mask(X86_FEATURE_L1D_FLUSH);
/*
* Override STIBP to match IBRS. Guests can safely use STIBP
projects / xen.git / commitdiff