cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)

Closes: #929154

cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)
b811e38a · Salvatore Bonaccorso · b9935e51 · b811e38a · b811e38a
Commit b811e38a authored 6 years ago by Salvatore Bonaccorso
--- a/debian/patches/cpu_map-Define-md-clear-CPUID-bit.patch
+++ b/debian/patches/cpu_map-Define-md-clear-CPUID-bit.patch
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 5 Apr 2019 15:11:20 +0200
+Subject: cpu_map: Define md-clear CPUID bit
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Origin: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
+Bug-Debian: https://bugs.debian.org/929154
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12126
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12127
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12130
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11091
+
+CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+
+The bit is set when microcode provides the mechanism to invoke a flush
+of various exploitable CPU buffers by invoking the VERW instruction.
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/cpu_map/x86_features.xml                                | 3 +++
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml  | 2 +-
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml    | 1 +
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml     | 1 +
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml     | 1 +
+ tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml | 1 +
+ tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml  | 1 +
+ 7 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
+index efcc10b1aebd..370807f88e5f 100644
+--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x86_features.xml
+@@ -320,6 +320,9 @@
+   <feature name='avx512-4fmaps'>
+     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
+   </feature>
+  <feature name='md-clear'> <!-- md_clear -->
+    <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
+  </feature>
+   <feature name='pconfig'>
+     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/>
+   </feature>
+-- 
+2.20.1
+
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -21,3 +21,4 @@ security-aa-helper-nvidia-rules-for-gl-devices.patch
 security-aa-helper-gl-devices-in-sysfs-at-arbitrary-depth.patch
 api-disallow-virDomainGetHostname-for-read-only-connectio.patch
 remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
+cpu_map-Define-md-clear-CPUID-bit.patch