From: Daniel P. Berrangé <berrange@redhat.com>
Date: Mon, 21 May 2018 22:05:07 +0000 (+0100)
Subject: cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=1dbca2eccad58d91a5fd33962854f1a653638182;p=libvirt.git

cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)

New microcode introduces the "Speculative Store Bypass Disable"
CPUID feature bit. This needs to be exposed to guest OS to allow
them to protect against CVE-2018-3639.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---

diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
index 00a43b172c..245aec3309 100644
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.xml
@@ -298,6 +298,9 @@
     <feature name='spec-ctrl'>
       <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
     </feature>
+    <feature name='ssbd'>
+      <cpuid eax_in='0x07' ecx_in='0x00' edx='0x80000000'/>
+    </feature>
 
     <!-- Processor Extended State Enumeration sub leaf 1 -->
     <feature name='xsaveopt'>