* Mon Apr 15 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-22.el8
- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1687578] - kvm-i386-Make-arch_capabilities-migratable.patch [bz#1687578] - Resolves: bz#1687578 (Incorrect CVE vulnerabilities reported on Cascade Lake cpus)
This commit is contained in:
Danilo C. L. de Paula
parent
797ce578a4
commit
dfe0f20048
|
|
@ -0,0 +1,42 @@
|
|||
From f906636aa5024f6e64e2a1802b2eca448085d06a Mon Sep 17 00:00:00 2001
|
||||
From: Eduardo Habkost <ehabkost@redhat.com>
|
||||
Date: Wed, 10 Apr 2019 20:50:03 +0100
|
||||
Subject: [PATCH 2/2] i386: Make arch_capabilities migratable
|
||||
|
||||
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
|
||||
Message-id: <20190410205003.18916-3-ehabkost@redhat.com>
|
||||
Patchwork-id: 85551
|
||||
O-Subject: [RHEL-AV-8.0.1 qemu-kvm PATCH 2/2] i386: Make arch_capabilities migratable
|
||||
Bugzilla: 1687578
|
||||
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
|
||||
|
||||
Now that kvm_arch_get_supported_cpuid() will only return
|
||||
arch_capabilities if QEMU is able to initialize the MSR properly,
|
||||
we know that the feature is safely migratable.
|
||||
|
||||
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
Message-Id: <20190125220606.4864-3-ehabkost@redhat.com>
|
||||
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
(cherry picked from commit 014018e19b3c54dd1bf5072bc912ceffea40abe8)
|
||||
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
---
|
||||
target/i386/cpu.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
|
||||
index c115572..d92c128 100644
|
||||
--- a/target/i386/cpu.c
|
||||
+++ b/target/i386/cpu.c
|
||||
@@ -1088,7 +1088,6 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
|
||||
.reg = R_EDX,
|
||||
},
|
||||
.tcg_features = TCG_7_0_EDX_FEATURES,
|
||||
- .unmigratable_flags = CPUID_7_0_EDX_ARCH_CAPABILITIES,
|
||||
},
|
||||
[FEAT_8000_0007_EDX] = {
|
||||
.type = CPUID_FEATURE_WORD,
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
From 03f812fa6ea821f5d1c968ab6fc0fb92054f9a1b Mon Sep 17 00:00:00 2001
|
||||
From: Eduardo Habkost <ehabkost@redhat.com>
|
||||
Date: Wed, 10 Apr 2019 20:50:02 +0100
|
||||
Subject: [PATCH 1/2] i386: kvm: Disable arch_capabilities if MSR can't be set
|
||||
|
||||
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
|
||||
Message-id: <20190410205003.18916-2-ehabkost@redhat.com>
|
||||
Patchwork-id: 85550
|
||||
O-Subject: [RHEL-AV-8.0.1 qemu-kvm PATCH 1/2] i386: kvm: Disable arch_capabilities if MSR can't be set
|
||||
Bugzilla: 1687578
|
||||
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
|
||||
|
||||
KVM has two bugs in the handling of MSR_IA32_ARCH_CAPABILITIES:
|
||||
|
||||
1) Linux commit commit 1eaafe91a0df ("kvm: x86: IA32_ARCH_CAPABILITIES
|
||||
is always supported") makes GET_SUPPORTED_CPUID return
|
||||
arch_capabilities even if running on SVM. This makes "-cpu
|
||||
host,migratable=off" incorrectly expose arch_capabilities on CPUID on
|
||||
AMD hosts (where the MSR is not emulated by KVM).
|
||||
|
||||
2) KVM_GET_MSR_INDEX_LIST does not return MSR_IA32_ARCH_CAPABILITIES if
|
||||
the MSR is not supported by the host CPU. This makes QEMU not
|
||||
initialize the MSR properly at kvm_put_msrs() on those hosts.
|
||||
|
||||
Work around both bugs on the QEMU side, by checking if the MSR
|
||||
was returned by KVM_GET_MSR_INDEX_LIST before returning the
|
||||
feature flag on kvm_arch_get_supported_cpuid().
|
||||
|
||||
This has the unfortunate side effect of making arch_capabilities
|
||||
unavailable on hosts without hardware support for the MSR until bug #2
|
||||
is fixed on KVM, but I can't see another way to work around bug #1
|
||||
without that side effect.
|
||||
|
||||
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
Message-Id: <20190125220606.4864-2-ehabkost@redhat.com>
|
||||
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
(cherry picked from commit 485b1d256bcb0874bcde0223727c159b6837e6f8)
|
||||
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
---
|
||||
target/i386/kvm.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
|
||||
index 0c9a5e4..720948a 100644
|
||||
--- a/target/i386/kvm.c
|
||||
+++ b/target/i386/kvm.c
|
||||
@@ -389,6 +389,15 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
|
||||
if (host_tsx_blacklisted()) {
|
||||
ret &= ~(CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_HLE);
|
||||
}
|
||||
+ } else if (function == 7 && index == 0 && reg == R_EDX) {
|
||||
+ /*
|
||||
+ * Linux v4.17-v4.20 incorrectly return ARCH_CAPABILITIES on SVM hosts.
|
||||
+ * We can detect the bug by checking if MSR_IA32_ARCH_CAPABILITIES is
|
||||
+ * returned by KVM_GET_MSR_INDEX_LIST.
|
||||
+ */
|
||||
+ if (!has_msr_arch_capabs) {
|
||||
+ ret &= ~CPUID_7_0_EDX_ARCH_CAPABILITIES;
|
||||
+ }
|
||||
} else if (function == 0x80000001 && reg == R_ECX) {
|
||||
/*
|
||||
* It's safe to enable TOPOEXT even if it's not returned by
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
|
|
@ -69,7 +69,7 @@ Obsoletes: %1-rhev
|
|||
Summary: QEMU is a machine emulator and virtualizer
|
||||
Name: qemu-kvm
|
||||
Version: 3.1.0
|
||||
Release: 21%{?dist}
|
||||
Release: 22%{?dist}
|
||||
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
|
||||
Epoch: 15
|
||||
License: GPLv2 and GPLv2+ and CC-BY
|
||||
|
|
@ -237,6 +237,10 @@ Patch76: kvm-hostmem-file-reject-invalid-pmem-file-sizes.patch
|
|||
Patch77: kvm-iotests-Fix-test-200-on-s390x-without-virtio-pci.patch
|
||||
# For bz#1652572 - QEMU core dumped if stop nfs service during migration
|
||||
Patch78: kvm-block-file-posix-do-not-fail-on-unlock-bytes.patch
|
||||
# For bz#1687578 - Incorrect CVE vulnerabilities reported on Cascade Lake cpus
|
||||
Patch79: kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch
|
||||
# For bz#1687578 - Incorrect CVE vulnerabilities reported on Cascade Lake cpus
|
||||
Patch80: kvm-i386-Make-arch_capabilities-migratable.patch
|
||||
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: glib2-devel
|
||||
|
|
@ -1135,6 +1139,12 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Apr 15 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-22.el8
|
||||
- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1687578]
|
||||
- kvm-i386-Make-arch_capabilities-migratable.patch [bz#1687578]
|
||||
- Resolves: bz#1687578
|
||||
(Incorrect CVE vulnerabilities reported on Cascade Lake cpus)
|
||||
|
||||
* Thu Apr 11 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-21.el8
|
||||
- kvm-Remove-7-qcow2-and-luks-iotests-that-are-taking-25-s.patch [bz#1683473]
|
||||
- kvm-spapr-fix-out-of-bounds-write-in-spapr_populate_drme.patch [bz#1674438]
|
||||
|
|
|
|||
Loading…
Reference in New Issue