diff --git a/kvm-i386-Make-arch_capabilities-migratable.patch b/kvm-i386-Make-arch_capabilities-migratable.patch new file mode 100644 index 0000000..afcc947 --- /dev/null +++ b/kvm-i386-Make-arch_capabilities-migratable.patch @@ -0,0 +1,42 @@ +From f906636aa5024f6e64e2a1802b2eca448085d06a Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Wed, 10 Apr 2019 20:50:03 +0100 +Subject: [PATCH 2/2] i386: Make arch_capabilities migratable + +RH-Author: Eduardo Habkost +Message-id: <20190410205003.18916-3-ehabkost@redhat.com> +Patchwork-id: 85551 +O-Subject: [RHEL-AV-8.0.1 qemu-kvm PATCH 2/2] i386: Make arch_capabilities migratable +Bugzilla: 1687578 +RH-Acked-by: Paolo Bonzini +RH-Acked-by: Igor Mammedov + +Now that kvm_arch_get_supported_cpuid() will only return +arch_capabilities if QEMU is able to initialize the MSR properly, +we know that the feature is safely migratable. + +Signed-off-by: Eduardo Habkost +Message-Id: <20190125220606.4864-3-ehabkost@redhat.com> +Signed-off-by: Eduardo Habkost +(cherry picked from commit 014018e19b3c54dd1bf5072bc912ceffea40abe8) +Signed-off-by: Eduardo Habkost +Signed-off-by: Danilo C. L. de Paula +--- + target/i386/cpu.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index c115572..d92c128 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1088,7 +1088,6 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .reg = R_EDX, + }, + .tcg_features = TCG_7_0_EDX_FEATURES, +- .unmigratable_flags = CPUID_7_0_EDX_ARCH_CAPABILITIES, + }, + [FEAT_8000_0007_EDX] = { + .type = CPUID_FEATURE_WORD, +-- +1.8.3.1 + diff --git a/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch b/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch new file mode 100644 index 0000000..ce9be0b --- /dev/null +++ b/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch @@ -0,0 +1,68 @@ +From 03f812fa6ea821f5d1c968ab6fc0fb92054f9a1b Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Wed, 10 Apr 2019 20:50:02 +0100 +Subject: [PATCH 1/2] i386: kvm: Disable arch_capabilities if MSR can't be set + +RH-Author: Eduardo Habkost +Message-id: <20190410205003.18916-2-ehabkost@redhat.com> +Patchwork-id: 85550 +O-Subject: [RHEL-AV-8.0.1 qemu-kvm PATCH 1/2] i386: kvm: Disable arch_capabilities if MSR can't be set +Bugzilla: 1687578 +RH-Acked-by: Dr. David Alan Gilbert +RH-Acked-by: Paolo Bonzini +RH-Acked-by: Igor Mammedov + +KVM has two bugs in the handling of MSR_IA32_ARCH_CAPABILITIES: + +1) Linux commit commit 1eaafe91a0df ("kvm: x86: IA32_ARCH_CAPABILITIES + is always supported") makes GET_SUPPORTED_CPUID return + arch_capabilities even if running on SVM. This makes "-cpu + host,migratable=off" incorrectly expose arch_capabilities on CPUID on + AMD hosts (where the MSR is not emulated by KVM). + +2) KVM_GET_MSR_INDEX_LIST does not return MSR_IA32_ARCH_CAPABILITIES if + the MSR is not supported by the host CPU. This makes QEMU not + initialize the MSR properly at kvm_put_msrs() on those hosts. + +Work around both bugs on the QEMU side, by checking if the MSR +was returned by KVM_GET_MSR_INDEX_LIST before returning the +feature flag on kvm_arch_get_supported_cpuid(). + +This has the unfortunate side effect of making arch_capabilities +unavailable on hosts without hardware support for the MSR until bug #2 +is fixed on KVM, but I can't see another way to work around bug #1 +without that side effect. + +Signed-off-by: Eduardo Habkost +Message-Id: <20190125220606.4864-2-ehabkost@redhat.com> +Signed-off-by: Eduardo Habkost +(cherry picked from commit 485b1d256bcb0874bcde0223727c159b6837e6f8) +Signed-off-by: Eduardo Habkost +Signed-off-by: Danilo C. L. de Paula +--- + target/i386/kvm.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/target/i386/kvm.c b/target/i386/kvm.c +index 0c9a5e4..720948a 100644 +--- a/target/i386/kvm.c ++++ b/target/i386/kvm.c +@@ -389,6 +389,15 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function, + if (host_tsx_blacklisted()) { + ret &= ~(CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_HLE); + } ++ } else if (function == 7 && index == 0 && reg == R_EDX) { ++ /* ++ * Linux v4.17-v4.20 incorrectly return ARCH_CAPABILITIES on SVM hosts. ++ * We can detect the bug by checking if MSR_IA32_ARCH_CAPABILITIES is ++ * returned by KVM_GET_MSR_INDEX_LIST. ++ */ ++ if (!has_msr_arch_capabs) { ++ ret &= ~CPUID_7_0_EDX_ARCH_CAPABILITIES; ++ } + } else if (function == 0x80000001 && reg == R_ECX) { + /* + * It's safe to enable TOPOEXT even if it's not returned by +-- +1.8.3.1 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 9ed199c..9a4c503 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -69,7 +69,7 @@ Obsoletes: %1-rhev Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 3.1.0 -Release: 21%{?dist} +Release: 22%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 15 License: GPLv2 and GPLv2+ and CC-BY @@ -237,6 +237,10 @@ Patch76: kvm-hostmem-file-reject-invalid-pmem-file-sizes.patch Patch77: kvm-iotests-Fix-test-200-on-s390x-without-virtio-pci.patch # For bz#1652572 - QEMU core dumped if stop nfs service during migration Patch78: kvm-block-file-posix-do-not-fail-on-unlock-bytes.patch +# For bz#1687578 - Incorrect CVE vulnerabilities reported on Cascade Lake cpus +Patch79: kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch +# For bz#1687578 - Incorrect CVE vulnerabilities reported on Cascade Lake cpus +Patch80: kvm-i386-Make-arch_capabilities-migratable.patch BuildRequires: zlib-devel BuildRequires: glib2-devel @@ -1135,6 +1139,12 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %changelog +* Mon Apr 15 2019 Danilo Cesar Lemes de Paula - 3.1.0-22.el8 +- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1687578] +- kvm-i386-Make-arch_capabilities-migratable.patch [bz#1687578] +- Resolves: bz#1687578 + (Incorrect CVE vulnerabilities reported on Cascade Lake cpus) + * Thu Apr 11 2019 Danilo Cesar Lemes de Paula - 3.1.0-21.el8 - kvm-Remove-7-qcow2-and-luks-iotests-that-are-taking-25-s.patch [bz#1683473] - kvm-spapr-fix-out-of-bounds-write-in-spapr_populate_drme.patch [bz#1674438]