Re: [PATCH] i386: define the 'flush_l1d' CPUID feature bit (CVE-2018-364

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] i386: define the 'flush_l1d' CPUID feature bit (CVE-2018-364

From:	Paolo Bonzini
Subject:	Re: [PATCH] i386: define the 'flush_l1d' CPUID feature bit (CVE-2018-3646)
Date:	Tue, 12 Nov 2019 11:15:54 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0

On 12/11/19 10:51, Daniel P. Berrangé wrote:
> On Tue, Nov 12, 2019 at 03:50:43AM +0000, Kyle Copperfield via wrote:
>> New microcode introduces the "Flush L1D Cache" CPUID feature bit.
>> This needs to be exposed to guest OS to allow them to protect against
>> CVE-2018-3646.
> 
> My understanding was that this is only required in the L0 hypervisor,
> not the guests or nested hypervisors, which is why QEMU hadn't already
> exposed this feature when L1TF first went public.
> 
> Copying Paolo for a definitive answer on that though....

Correct; in fact in addition to this patch you would have to patch KVM
to allow guest writes to MSR_IA32_FLUSH_CMD.

Paolo

> 
>>
>> Signed-off-by: Kyle Copperfield <address@hidden>
>> ---
>>  docs/qemu-cpu-models.texi | 7 +++++++
>>  target/i386/cpu.c         | 2 +-
>>  2 files changed, 8 insertions(+), 1 deletion(-)
>>
>> diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi
>> index f88a1def0d..1b5349d86a 100644
>> --- a/docs/qemu-cpu-models.texi
>> +++ b/docs/qemu-cpu-models.texi
>> @@ -180,6 +180,13 @@ Must be explicitly turned on for all Intel CPU models.
>>  Requires the host CPU microcode to support this feature before it
>>  can be used for guest CPUs.
>>  
>> +@item @code{flush_l1d}
>> +
>> +Required to enable strong Foreshadow-NG (VMM) (CVE-2018-3646) fixes in
>> +guests.
>> +
>> +Requires the host CPU microcode to support this feature before it
>> +can be used for guest CPUs.
>>  
>>  @item @code{ssbd}
>>  
>> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
>> index a624163ac2..1fb6d677e2 100644
>> --- a/target/i386/cpu.c
>> +++ b/target/i386/cpu.c
>> @@ -1083,7 +1083,7 @@ static FeatureWordInfo 
>> feature_word_info[FEATURE_WORDS] = {
>>              NULL, NULL, NULL /* pconfig */, NULL,
>>              NULL, NULL, NULL, NULL,
>>              NULL, NULL, "spec-ctrl", "stibp",
>> -            NULL, "arch-capabilities", "core-capability", "ssbd",
>> +            "flush_l1d", "arch-capabilities", "core-capability", "ssbd",
>>          },
>>          .cpuid = {
>>              .eax = 7,
>> -- 
>> 2.24.0
>>
>>
> 
> Regards,
> Daniel
>

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] i386: define the 'flush_l1d' CPUID feature bit (CVE-2018-3646), Kyle Copperfield, 2019/11/11
- Re: [PATCH] i386: define the 'flush_l1d' CPUID feature bit (CVE-2018-3646), Daniel P . Berrangé, 2019/11/12
  - Re: [PATCH] i386: define the 'flush_l1d' CPUID feature bit (CVE-2018-3646), Paolo Bonzini <=
- Re: [PATCH] i386: define the 'flush_l1d' CPUID feature bit (CVE-2018-3646), no-reply, 2019/11/12

Prev by Date: Re: [PULL 11/14] vfio: unplug failover primary device before migration
Next by Date: Re: [PULL 20/39] hw/i386: Introduce the microvm machine type
Previous by thread: Re: [PATCH] i386: define the 'flush_l1d' CPUID feature bit (CVE-2018-3646)
Next by thread: Re: [PATCH] i386: define the 'flush_l1d' CPUID feature bit (CVE-2018-3646)
Index(es):
- Date
- Thread