From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Paolo Bonzini" <pbonzini@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Richard Henderson" <rth@twiddle.net>
Subject: [Qemu-devel] [PATCH 0/2] x86/cpu: add "md-clear" feature for MDS security flaws
Date: Wed, 15 May 2019 15:10:09 +0100 [thread overview]
Message-ID: <20190515141011.5315-1-berrange@redhat.com> (raw)
This patch series provides the new "md-clear" feature that is used
for mitigation with CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
CVE-2019-11091.
Assuming you have the updated microcode and kernel to support the
md-clear feature, then using "-cpu host" will expose the new
feature to guests. For named CPU models, it must be explicitly
added eg "-cpu Haswell,+md-clear"
The first patch from Paolo is what most distros will already be
shipping with their security updates for this issue.
Daniel P. Berrangé (1):
docs: recommend use of md-clear feature on all Intel CPUs
Paolo Bonzini (1):
target/i386: define md-clear bit
docs/qemu-cpu-models.texi | 12 ++++++++++++
target/i386/cpu.c | 2 +-
2 files changed, 13 insertions(+), 1 deletion(-)
--
2.21.0
next reply other threads:[~2019-05-15 14:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-15 14:10 Daniel P. Berrangé [this message]
2019-05-15 14:10 ` [Qemu-devel] [PATCH 1/2] target/i386: define md-clear bit Daniel P. Berrangé
2019-05-15 14:10 ` [Qemu-devel] [PATCH 2/2] docs: recommend use of md-clear feature on all Intel CPUs Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190515141011.5315-1-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=ehabkost@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.