diff options
Diffstat (limited to 'external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch')
-rw-r--r-- | external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch | 116 |
1 files changed, 0 insertions, 116 deletions
diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch deleted file mode 100644 index b39e8662..00000000 --- a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch +++ /dev/null @@ -1,116 +0,0 @@ -From c811c618c114c4a6493ede602bdca22d33c1972a Mon Sep 17 00:00:00 2001 -From: Jiri Denemark <jdenemar@redhat.com> -Date: Tue, 9 Apr 2019 12:35:52 +0200 -Subject: [PATCH 04/11] cpu_map: Define md-clear CPUID bit -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 - -The bit is set when microcode provides the mechanism to invoke a flush -of various exploitable CPU buffers by invoking the VERW instruction. - -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> -Signed-off-by: Jiri Denemark <jdenemar@redhat.com> -Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> -(cherry picked from commit 538d873571d7a682852dc1d70e5f4478f4d64e85) - -Conflicts: - src/cpu_map/x86_features.xml - - missing pconfig feature - - tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml - tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml - - test data missing downstream - - tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml - tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml - - intel-pt feature is missing - - stibp feature is missing - -Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> - -Upstream-Status: Backport - -CVE: CVE-2018-12126 -CVE: CVE-2018-12127 -CVE: CVE-2018-12130 -CVE: CVE-2019-11091 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - src/cpu_map/x86_features.xml | 3 +++ - tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 2 +- - tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 1 + - tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 1 + - tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 1 + - 5 files changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml -index 109c653..c8ae540 100644 ---- a/src/cpu_map/x86_features.xml -+++ b/src/cpu_map/x86_features.xml -@@ -290,6 +290,9 @@ - <feature name='avx512-4fmaps'> - <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/> - </feature> -+ <feature name='md-clear'> <!-- md_clear --> -+ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/> -+ </feature> - <feature name='spec-ctrl'> - <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/> - </feature> -diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml -index 0deca9f..74763a4 100644 ---- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml -+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml -@@ -2,7 +2,7 @@ - <cpudata arch='x86'> - <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/> - <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> -- <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/> -+ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/> - <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> - <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/> - </cpudata> -diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml -index 993db80..29c1fdb 100644 ---- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml -+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml -@@ -19,6 +19,7 @@ - <feature policy='require' name='osxsave'/> - <feature policy='require' name='tsc_adjust'/> - <feature policy='require' name='clflushopt'/> -+ <feature policy='require' name='md-clear'/> - <feature policy='require' name='ssbd'/> - <feature policy='require' name='xsaves'/> - <feature policy='require' name='pdpe1gb'/> -diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml -index 074a39b..2003ca9 100644 ---- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml -+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml -@@ -20,6 +20,7 @@ - <feature name='osxsave'/> - <feature name='tsc_adjust'/> - <feature name='clflushopt'/> -+ <feature name='md-clear'/> - <feature name='ssbd'/> - <feature name='xsaves'/> - <feature name='pdpe1gb'/> -diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml -index 1984bd4..d6529c5 100644 ---- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml -+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml -@@ -5,6 +5,7 @@ - <feature policy='require' name='hypervisor'/> - <feature policy='require' name='tsc_adjust'/> - <feature policy='require' name='clflushopt'/> -+ <feature policy='require' name='md-clear'/> - <feature policy='require' name='ssbd'/> - <feature policy='require' name='pdpe1gb'/> - </cpu> --- -2.7.4 - |