From 3dcc8d3ba2d00a25dbf2d45eb612b62059e85a18 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Mon, 15 Jan 2018 15:00:23 +0100 Subject: [PATCH] merge SPEC_CTRL MSR and -IBRS CPU model patches Signed-off-by: Wolfgang Bumiller --- ...arget-i386-disable-LINT0-after-reset.patch | 4 +- ...io-serial-fix-segfault-on-disconnect.patch | 4 +- ...ys-store-SCSIRequest-into-MegasasCmd.patch | 4 +- ...k-len-against-dhcp-options-array-end.patch | 4 +- ...-IDE-Do-not-flush-empty-CDROM-drives.patch | 4 +- ...map-add-bitmap_copy_and_clear_atomic.patch | 4 +- ...rt-getting-and-using-a-dirty-bitmap-.patch | 5 +- ...-add-vga_scanline_invalidated-helper.patch | 4 +- ...vga-make-display-updates-thread-safe.patch | 4 +- ...ix-display-update-region-calculation.patch | 4 +- ...update-region-calculation-split-scre.patch | 5 +- ...-pointers-to-vga_draw_line-functions.patch | 4 +- ...date-multiboot-header-address-values.patch | 4 +- ...descriptor-counting-in-virtqueue_pop.patch | 4 +- ...017-15119-Reject-options-larger-than.patch | 5 +- ...ation-Update-memory-map-in-post_load.patch | 4 +- .../0017-vga-drop-line_offset-variable.patch | 4 +- ...a-handle-cirrus-vbe-mode-wraparounds.patch | 4 +- .../extra/0019-vga-add-ram_addr_t-cast.patch | 4 +- ...fix-region-checks-in-wraparound-case.patch | 4 +- ...tput-buffer-size-from-websocket-GSou.patch | 5 +- ..._malloc0-to-allocate-space-for-xattr.patch | 4 +- ...-access-in-mode4and5-write-functions.patch | 4 +- ...-check-VirtQueue-Vring-object-is-set.patch | 4 +- ...-block-gluster-glfs_lseek-workaround.patch | 4 +- ...add-support-for-PREALLOC_MODE_FALLOC.patch | 4 +- ...host_vendor_fms-in-max_x86_cpu_initf.patch | 39 ++ ...-i386-Define-CPUID_MODEL_ID_SZ-macro.patch | 40 ++ ...t-use-x86_cpu_load_def-on-max-CPU-mo.patch | 92 ++++ ...CPUDefinition-model_id-to-const-char.patch | 85 +++ ...1-i386-Add-support-for-SPEC_CTRL-MSR.patch | 135 +++++ .../0032-i386-Add-spec-ctrl-CPUID-bit.patch | 41 ++ ...EAT_8000_0008_EBX-CPUID-feature-word.patch | 83 +++ ...ew-IBRS-versions-of-Intel-CPU-models.patch | 518 ++++++++++++++++++ debian/patches/series | 8 + 35 files changed, 1093 insertions(+), 56 deletions(-) create mode 100644 debian/patches/extra/0027-target-i386-Use-host_vendor_fms-in-max_x86_cpu_initf.patch create mode 100644 debian/patches/extra/0028-target-i386-Define-CPUID_MODEL_ID_SZ-macro.patch create mode 100644 debian/patches/extra/0029-target-i386-Don-t-use-x86_cpu_load_def-on-max-CPU-mo.patch create mode 100644 debian/patches/extra/0030-i386-Change-X86CPUDefinition-model_id-to-const-char.patch create mode 100644 debian/patches/extra/0031-i386-Add-support-for-SPEC_CTRL-MSR.patch create mode 100644 debian/patches/extra/0032-i386-Add-spec-ctrl-CPUID-bit.patch create mode 100644 debian/patches/extra/0033-i386-Add-FEAT_8000_0008_EBX-CPUID-feature-word.patch create mode 100644 debian/patches/extra/0034-i386-Add-new-IBRS-versions-of-Intel-CPU-models.patch diff --git a/debian/patches/extra/0001-Revert-target-i386-disable-LINT0-after-reset.patch b/debian/patches/extra/0001-Revert-target-i386-disable-LINT0-after-reset.patch index abe6034..09714dd 100644 --- a/debian/patches/extra/0001-Revert-target-i386-disable-LINT0-after-reset.patch +++ b/debian/patches/extra/0001-Revert-target-i386-disable-LINT0-after-reset.patch @@ -1,7 +1,7 @@ -From c2835302a557437ef22944902da17686247edd35 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Mon, 4 Jul 2016 15:02:26 +0200 -Subject: [PATCH 01/23] Revert "target-i386: disable LINT0 after reset" +Subject: [PATCH] Revert "target-i386: disable LINT0 after reset" This reverts commit b8eb5512fd8a115f164edbbe897cdf8884920ccb. --- diff --git a/debian/patches/extra/0002-virtio-serial-fix-segfault-on-disconnect.patch b/debian/patches/extra/0002-virtio-serial-fix-segfault-on-disconnect.patch index 3f0db76..05ed7e8 100644 --- a/debian/patches/extra/0002-virtio-serial-fix-segfault-on-disconnect.patch +++ b/debian/patches/extra/0002-virtio-serial-fix-segfault-on-disconnect.patch @@ -1,7 +1,7 @@ -From 7ea086a97a09774c9ac8f0df236a0acb01dfc1ef Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Fri, 2 Jun 2017 10:54:24 +0100 -Subject: [PATCH 02/23] virtio-serial: fix segfault on disconnect +Subject: [PATCH] virtio-serial: fix segfault on disconnect Since commit d4c19cdeeb2f1e474bc426a6da261f1d7346eb5b ("virtio-serial: add missing virtio_detach_element() call") the following commands may diff --git a/debian/patches/extra/0003-megasas-always-store-SCSIRequest-into-MegasasCmd.patch b/debian/patches/extra/0003-megasas-always-store-SCSIRequest-into-MegasasCmd.patch index 2f0eb41..bd2755a 100644 --- a/debian/patches/extra/0003-megasas-always-store-SCSIRequest-into-MegasasCmd.patch +++ b/debian/patches/extra/0003-megasas-always-store-SCSIRequest-into-MegasasCmd.patch @@ -1,7 +1,7 @@ -From 8a6382046bb0a71f1deb7b7ca3954662353f3f65 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 1 Jun 2017 17:26:14 +0200 -Subject: [PATCH 03/23] megasas: always store SCSIRequest* into MegasasCmd +Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd This ensures that the request is unref'ed properly, and avoids a segmentation fault in the new qtest testcase that is added. diff --git a/debian/patches/extra/0004-slirp-check-len-against-dhcp-options-array-end.patch b/debian/patches/extra/0004-slirp-check-len-against-dhcp-options-array-end.patch index 2af6141..2832d63 100644 --- a/debian/patches/extra/0004-slirp-check-len-against-dhcp-options-array-end.patch +++ b/debian/patches/extra/0004-slirp-check-len-against-dhcp-options-array-end.patch @@ -1,7 +1,7 @@ -From 76d3fb511849efb8bcd8690cd008a46408fac6dd Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Mon, 17 Jul 2017 17:33:26 +0530 -Subject: [PATCH 04/23] slirp: check len against dhcp options array end +Subject: [PATCH] slirp: check len against dhcp options array end While parsing dhcp options string in 'dhcp_decode', if an options' length 'len' appeared towards the end of 'bp_vend' array, ensuing diff --git a/debian/patches/extra/0005-IDE-Do-not-flush-empty-CDROM-drives.patch b/debian/patches/extra/0005-IDE-Do-not-flush-empty-CDROM-drives.patch index 808336f..86f970c 100644 --- a/debian/patches/extra/0005-IDE-Do-not-flush-empty-CDROM-drives.patch +++ b/debian/patches/extra/0005-IDE-Do-not-flush-empty-CDROM-drives.patch @@ -1,7 +1,7 @@ -From 1c0ba3702859ca6affc1a3f9cad3d35ccc4773ed Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 9 Aug 2017 17:02:11 +0100 -Subject: [PATCH 05/23] IDE: Do not flush empty CDROM drives +Subject: [PATCH] IDE: Do not flush empty CDROM drives The block backend changed in a way that flushing empty CDROM drives now crashes. Amend IDE to avoid doing so until the root problem can be diff --git a/debian/patches/extra/0006-bitmap-add-bitmap_copy_and_clear_atomic.patch b/debian/patches/extra/0006-bitmap-add-bitmap_copy_and_clear_atomic.patch index b211f24..cd584a2 100644 --- a/debian/patches/extra/0006-bitmap-add-bitmap_copy_and_clear_atomic.patch +++ b/debian/patches/extra/0006-bitmap-add-bitmap_copy_and_clear_atomic.patch @@ -1,7 +1,7 @@ -From 14a318bd04ab27f0f8f5dbe5aba53a817f85e016 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 21 Apr 2017 11:16:24 +0200 -Subject: [PATCH 06/23] bitmap: add bitmap_copy_and_clear_atomic +Subject: [PATCH] bitmap: add bitmap_copy_and_clear_atomic Signed-off-by: Gerd Hoffmann Message-id: 20170421091632.30900-2-kraxel@redhat.com diff --git a/debian/patches/extra/0007-memory-add-support-getting-and-using-a-dirty-bitmap-.patch b/debian/patches/extra/0007-memory-add-support-getting-and-using-a-dirty-bitmap-.patch index d6298a8..8b202fb 100644 --- a/debian/patches/extra/0007-memory-add-support-getting-and-using-a-dirty-bitmap-.patch +++ b/debian/patches/extra/0007-memory-add-support-getting-and-using-a-dirty-bitmap-.patch @@ -1,8 +1,7 @@ -From 2628973e5f8a50f3b308395fa8a33b8f4fdc9024 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 21 Apr 2017 11:16:25 +0200 -Subject: [PATCH 07/23] memory: add support getting and using a dirty bitmap - copy. +Subject: [PATCH] memory: add support getting and using a dirty bitmap copy. This patch adds support for getting and using a local copy of the dirty bitmap. diff --git a/debian/patches/extra/0008-vga-add-vga_scanline_invalidated-helper.patch b/debian/patches/extra/0008-vga-add-vga_scanline_invalidated-helper.patch index 98c5a66..78227ee 100644 --- a/debian/patches/extra/0008-vga-add-vga_scanline_invalidated-helper.patch +++ b/debian/patches/extra/0008-vga-add-vga_scanline_invalidated-helper.patch @@ -1,7 +1,7 @@ -From 248536e4a93b254fc38aa369f76e828c9ce9b45e Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 21 Apr 2017 11:16:26 +0200 -Subject: [PATCH 08/23] vga: add vga_scanline_invalidated helper +Subject: [PATCH] vga: add vga_scanline_invalidated helper Add vga_scanline_invalidated helper to check whenever a scanline was invalidated. Add a sanity check to fix OOB read access for display diff --git a/debian/patches/extra/0009-vga-make-display-updates-thread-safe.patch b/debian/patches/extra/0009-vga-make-display-updates-thread-safe.patch index 920bfc2..6c1edf8 100644 --- a/debian/patches/extra/0009-vga-make-display-updates-thread-safe.patch +++ b/debian/patches/extra/0009-vga-make-display-updates-thread-safe.patch @@ -1,7 +1,7 @@ -From 54b1106d9a24dadae42c4f4c25b4fa2560183f5b Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 21 Apr 2017 11:16:27 +0200 -Subject: [PATCH 09/23] vga: make display updates thread safe. +Subject: [PATCH] vga: make display updates thread safe. The vga code clears the dirty bits *after* reading the framebuffer memory. So if the guest framebuffer updates hits the race window diff --git a/debian/patches/extra/0010-vga-fix-display-update-region-calculation.patch b/debian/patches/extra/0010-vga-fix-display-update-region-calculation.patch index 5c0f5eb..96f35ee 100644 --- a/debian/patches/extra/0010-vga-fix-display-update-region-calculation.patch +++ b/debian/patches/extra/0010-vga-fix-display-update-region-calculation.patch @@ -1,7 +1,7 @@ -From acd029e2a9b9ea93997fcb19c6cd71d6dd6c9cb6 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 9 May 2017 12:48:39 +0200 -Subject: [PATCH 10/23] vga: fix display update region calculation +Subject: [PATCH] vga: fix display update region calculation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/debian/patches/extra/0011-vga-fix-display-update-region-calculation-split-scre.patch b/debian/patches/extra/0011-vga-fix-display-update-region-calculation-split-scre.patch index f445eec..9ad4652 100644 --- a/debian/patches/extra/0011-vga-fix-display-update-region-calculation-split-scre.patch +++ b/debian/patches/extra/0011-vga-fix-display-update-region-calculation-split-scre.patch @@ -1,8 +1,7 @@ -From b8aa853672ab9e94821a43b6cb2a51d24cb2be8c Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 1 Sep 2017 14:57:38 +0200 -Subject: [PATCH 11/23] vga: fix display update region calculation (split - screen) +Subject: [PATCH] vga: fix display update region calculation (split screen) vga display update mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used. This can trigger an diff --git a/debian/patches/extra/0012-vga-stop-passing-pointers-to-vga_draw_line-functions.patch b/debian/patches/extra/0012-vga-stop-passing-pointers-to-vga_draw_line-functions.patch index d8de930..12395c4 100644 --- a/debian/patches/extra/0012-vga-stop-passing-pointers-to-vga_draw_line-functions.patch +++ b/debian/patches/extra/0012-vga-stop-passing-pointers-to-vga_draw_line-functions.patch @@ -1,7 +1,7 @@ -From 51b08381408f248b1149c0177a90f61f703b8432 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 1 Sep 2017 14:57:39 +0200 -Subject: [PATCH 12/23] vga: stop passing pointers to vga_draw_line* functions +Subject: [PATCH] vga: stop passing pointers to vga_draw_line* functions Instead pass around the address (aka offset into vga memory). Add vga_read_* helper functions which apply vbe_size_mask to diff --git a/debian/patches/extra/0013-multiboot-validate-multiboot-header-address-values.patch b/debian/patches/extra/0013-multiboot-validate-multiboot-header-address-values.patch index 4930d34..37d12af 100644 --- a/debian/patches/extra/0013-multiboot-validate-multiboot-header-address-values.patch +++ b/debian/patches/extra/0013-multiboot-validate-multiboot-header-address-values.patch @@ -1,7 +1,7 @@ -From 158e47c5a3ebe4b67d35b7c1e8fecad258e735db Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Thu, 7 Sep 2017 12:02:56 +0530 -Subject: [PATCH 13/23] multiboot: validate multiboot header address values +Subject: [PATCH] multiboot: validate multiboot header address values While loading kernel via multiboot-v1 image, (flags & 0x00010000) indicates that multiboot header contains valid addresses to load diff --git a/debian/patches/extra/0014-virtio-fix-descriptor-counting-in-virtqueue_pop.patch b/debian/patches/extra/0014-virtio-fix-descriptor-counting-in-virtqueue_pop.patch index ba7d352..526e67f 100644 --- a/debian/patches/extra/0014-virtio-fix-descriptor-counting-in-virtqueue_pop.patch +++ b/debian/patches/extra/0014-virtio-fix-descriptor-counting-in-virtqueue_pop.patch @@ -1,7 +1,7 @@ -From 5cd576814744853a855ab64400e2d8d9c0b7bb0e Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Wed, 20 Sep 2017 08:09:33 +0200 -Subject: [PATCH 14/23] virtio: fix descriptor counting in virtqueue_pop +Subject: [PATCH] virtio: fix descriptor counting in virtqueue_pop While changing the s/g list allocation, commit 3b3b0628 also changed the descriptor counting to count iovec entries diff --git a/debian/patches/extra/0015-nbd-server-CVE-2017-15119-Reject-options-larger-than.patch b/debian/patches/extra/0015-nbd-server-CVE-2017-15119-Reject-options-larger-than.patch index 05eda0e..4f966dc 100644 --- a/debian/patches/extra/0015-nbd-server-CVE-2017-15119-Reject-options-larger-than.patch +++ b/debian/patches/extra/0015-nbd-server-CVE-2017-15119-Reject-options-larger-than.patch @@ -1,8 +1,7 @@ -From 93b7498c9e8adcd51c70f8df88b9228658b43595 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Wed, 29 Nov 2017 09:39:55 +0100 -Subject: [PATCH 15/23] nbd/server: CVE-2017-15119 Reject options larger than - 32M +Subject: [PATCH] nbd/server: CVE-2017-15119 Reject options larger than 32M Backported-from: fdad35ef6c58 --- diff --git a/debian/patches/extra/0016-vga-migration-Update-memory-map-in-post_load.patch b/debian/patches/extra/0016-vga-migration-Update-memory-map-in-post_load.patch index 88fdbad..5941926 100644 --- a/debian/patches/extra/0016-vga-migration-Update-memory-map-in-post_load.patch +++ b/debian/patches/extra/0016-vga-migration-Update-memory-map-in-post_load.patch @@ -1,7 +1,7 @@ -From 8b2be8e3f9c1ca9f78b1c87ead13f54fbd98198a Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" Date: Fri, 4 Aug 2017 12:33:29 +0100 -Subject: [PATCH 16/23] vga/migration: Update memory map in post_load +Subject: [PATCH] vga/migration: Update memory map in post_load After migration the chain4 alias mapping added by 80763888 (in 2011) might be missing, since there's no call to vga_update_memory_access diff --git a/debian/patches/extra/0017-vga-drop-line_offset-variable.patch b/debian/patches/extra/0017-vga-drop-line_offset-variable.patch index d3ac294..d441d02 100644 --- a/debian/patches/extra/0017-vga-drop-line_offset-variable.patch +++ b/debian/patches/extra/0017-vga-drop-line_offset-variable.patch @@ -1,7 +1,7 @@ -From 3a1728b97f64e3ed4efc827bce7ff917ea5b6dd1 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 10 Oct 2017 16:13:21 +0200 -Subject: [PATCH 17/23] vga: drop line_offset variable +Subject: [PATCH] vga: drop line_offset variable Signed-off-by: Gerd Hoffmann --- diff --git a/debian/patches/extra/0018-vga-handle-cirrus-vbe-mode-wraparounds.patch b/debian/patches/extra/0018-vga-handle-cirrus-vbe-mode-wraparounds.patch index 2792925..9fe31bb 100644 --- a/debian/patches/extra/0018-vga-handle-cirrus-vbe-mode-wraparounds.patch +++ b/debian/patches/extra/0018-vga-handle-cirrus-vbe-mode-wraparounds.patch @@ -1,7 +1,7 @@ -From b63830cd6f59a87ef9bdb4f466ce8f4bd2ff5315 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 10 Oct 2017 16:13:22 +0200 -Subject: [PATCH 18/23] vga: handle cirrus vbe mode wraparounds. +Subject: [PATCH] vga: handle cirrus vbe mode wraparounds. Commit "3d90c62548 vga: stop passing pointers to vga_draw_line* functions" is incomplete. It doesn't handle the case that the vga diff --git a/debian/patches/extra/0019-vga-add-ram_addr_t-cast.patch b/debian/patches/extra/0019-vga-add-ram_addr_t-cast.patch index 85f800b..bc89a7e 100644 --- a/debian/patches/extra/0019-vga-add-ram_addr_t-cast.patch +++ b/debian/patches/extra/0019-vga-add-ram_addr_t-cast.patch @@ -1,7 +1,7 @@ -From 918868b77c7a04d3e2aa7bbc7f9255dafe75f709 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 10 Oct 2017 16:13:23 +0200 -Subject: [PATCH 19/23] vga: add ram_addr_t cast +Subject: [PATCH] vga: add ram_addr_t cast Reported by Coverity. diff --git a/debian/patches/extra/0020-vga-fix-region-checks-in-wraparound-case.patch b/debian/patches/extra/0020-vga-fix-region-checks-in-wraparound-case.patch index c1e1e99..371403d 100644 --- a/debian/patches/extra/0020-vga-fix-region-checks-in-wraparound-case.patch +++ b/debian/patches/extra/0020-vga-fix-region-checks-in-wraparound-case.patch @@ -1,7 +1,7 @@ -From 3c51ccd7bb43dd763a1ff3112b8a0cd7e145ca4f Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 30 Oct 2017 11:28:30 +0100 -Subject: [PATCH 20/23] vga: fix region checks in wraparound case +Subject: [PATCH] vga: fix region checks in wraparound case Cc: "Dr. David Alan Gilbert" Signed-off-by: Gerd Hoffmann diff --git a/debian/patches/extra/0021-io-monitor-encoutput-buffer-size-from-websocket-GSou.patch b/debian/patches/extra/0021-io-monitor-encoutput-buffer-size-from-websocket-GSou.patch index 5520544..3a9e498 100644 --- a/debian/patches/extra/0021-io-monitor-encoutput-buffer-size-from-websocket-GSou.patch +++ b/debian/patches/extra/0021-io-monitor-encoutput-buffer-size-from-websocket-GSou.patch @@ -1,8 +1,7 @@ -From 89a1271a7687018cdbf2b7f92cf3d50d079e100e Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Mon, 9 Oct 2017 14:43:42 +0100 -Subject: [PATCH 21/23] io: monitor encoutput buffer size from websocket - GSource +Subject: [PATCH] io: monitor encoutput buffer size from websocket GSource The websocket GSource is monitoring the size of the rawoutput buffer to determine if the channel can accepts more writes. diff --git a/debian/patches/extra/0022-9pfs-use-g_malloc0-to-allocate-space-for-xattr.patch b/debian/patches/extra/0022-9pfs-use-g_malloc0-to-allocate-space-for-xattr.patch index 6f8b99d..649a77a 100644 --- a/debian/patches/extra/0022-9pfs-use-g_malloc0-to-allocate-space-for-xattr.patch +++ b/debian/patches/extra/0022-9pfs-use-g_malloc0-to-allocate-space-for-xattr.patch @@ -1,7 +1,7 @@ -From 184640d2552895d967214e90e23e005d6657b145 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Mon, 16 Oct 2017 14:21:59 +0200 -Subject: [PATCH 22/23] 9pfs: use g_malloc0 to allocate space for xattr +Subject: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr 9p back-end first queries the size of an extended attribute, allocates space for it via g_malloc() and then retrieves its diff --git a/debian/patches/extra/0023-cirrus-fix-oob-access-in-mode4and5-write-functions.patch b/debian/patches/extra/0023-cirrus-fix-oob-access-in-mode4and5-write-functions.patch index d2bad88..789998c 100644 --- a/debian/patches/extra/0023-cirrus-fix-oob-access-in-mode4and5-write-functions.patch +++ b/debian/patches/extra/0023-cirrus-fix-oob-access-in-mode4and5-write-functions.patch @@ -1,7 +1,7 @@ -From b162e22e5f0c1081efeec646999616ce1a7e3875 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Wed, 11 Oct 2017 10:43:14 +0200 -Subject: [PATCH 23/23] cirrus: fix oob access in mode4and5 write functions +Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions Move dst calculation into the loop, so we apply the mask on each interation and will not overflow vga memory. diff --git a/debian/patches/extra/0024-virtio-check-VirtQueue-Vring-object-is-set.patch b/debian/patches/extra/0024-virtio-check-VirtQueue-Vring-object-is-set.patch index ae7afc3..84c046a 100644 --- a/debian/patches/extra/0024-virtio-check-VirtQueue-Vring-object-is-set.patch +++ b/debian/patches/extra/0024-virtio-check-VirtQueue-Vring-object-is-set.patch @@ -1,7 +1,7 @@ -From 537048fe17ab94242908536adcb638ec274a3f53 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Wed, 29 Nov 2017 23:14:27 +0530 -Subject: [PATCH 1/2] virtio: check VirtQueue Vring object is set +Subject: [PATCH] virtio: check VirtQueue Vring object is set A guest could attempt to use an uninitialised VirtQueue object or unset Vring.align leading to a arithmetic exception. Add check diff --git a/debian/patches/extra/0025-block-gluster-glfs_lseek-workaround.patch b/debian/patches/extra/0025-block-gluster-glfs_lseek-workaround.patch index 566e00f..e42c1fd 100644 --- a/debian/patches/extra/0025-block-gluster-glfs_lseek-workaround.patch +++ b/debian/patches/extra/0025-block-gluster-glfs_lseek-workaround.patch @@ -1,7 +1,7 @@ -From 3a2be75872e6670a81410ecb175a447be45cfd15 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Jeff Cody Date: Tue, 23 May 2017 13:27:50 -0400 -Subject: [PATCH 1/2] block/gluster: glfs_lseek() workaround +Subject: [PATCH] block/gluster: glfs_lseek() workaround On current released versions of glusterfs, glfs_lseek() will sometimes return invalid values for SEEK_DATA or SEEK_HOLE. For SEEK_DATA and diff --git a/debian/patches/extra/0026-gluster-add-support-for-PREALLOC_MODE_FALLOC.patch b/debian/patches/extra/0026-gluster-add-support-for-PREALLOC_MODE_FALLOC.patch index d6609bb..f794745 100644 --- a/debian/patches/extra/0026-gluster-add-support-for-PREALLOC_MODE_FALLOC.patch +++ b/debian/patches/extra/0026-gluster-add-support-for-PREALLOC_MODE_FALLOC.patch @@ -1,7 +1,7 @@ -From ca3e533f0335aa248e10f9f5a715dc5b8ec7e442 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Sun, 28 May 2017 12:01:14 +0530 -Subject: [PATCH 2/2] gluster: add support for PREALLOC_MODE_FALLOC +Subject: [PATCH] gluster: add support for PREALLOC_MODE_FALLOC Add missing support for "preallocation=falloc" to the Gluster block driver. This change bases its logic on that of block/file-posix.c and diff --git a/debian/patches/extra/0027-target-i386-Use-host_vendor_fms-in-max_x86_cpu_initf.patch b/debian/patches/extra/0027-target-i386-Use-host_vendor_fms-in-max_x86_cpu_initf.patch new file mode 100644 index 0000000..3cc2f0a --- /dev/null +++ b/debian/patches/extra/0027-target-i386-Use-host_vendor_fms-in-max_x86_cpu_initf.patch @@ -0,0 +1,39 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Wed, 12 Jul 2017 13:20:56 -0300 +Subject: [PATCH] target/i386: Use host_vendor_fms() in max_x86_cpu_initfn() + +The existing code duplicated the logic in host_vendor_fms(), so +reuse the helper function instead. + +Signed-off-by: Eduardo Habkost +Message-Id: <20170712162058.10538-3-ehabkost@redhat.com> +Reviewed-by: Igor Mammedov +Signed-off-by: Eduardo Habkost +--- + target/i386/cpu.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 4b3bfb3802..1affd3bb5b 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1592,13 +1592,8 @@ static void max_x86_cpu_initfn(Object *obj) + X86CPUDefinition host_cpudef = { }; + uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0; + +- host_cpuid(0x0, 0, &eax, &ebx, &ecx, &edx); +- x86_cpu_vendor_words2str(host_cpudef.vendor, ebx, edx, ecx); +- +- host_cpuid(0x1, 0, &eax, &ebx, &ecx, &edx); +- host_cpudef.family = ((eax >> 8) & 0x0F) + ((eax >> 20) & 0xFF); +- host_cpudef.model = ((eax >> 4) & 0x0F) | ((eax & 0xF0000) >> 12); +- host_cpudef.stepping = eax & 0x0F; ++ host_vendor_fms(host_cpudef.vendor, &host_cpudef.family, ++ &host_cpudef.model, &host_cpudef.stepping); + + cpu_x86_fill_model_id(host_cpudef.model_id); + +-- +2.11.0 + diff --git a/debian/patches/extra/0028-target-i386-Define-CPUID_MODEL_ID_SZ-macro.patch b/debian/patches/extra/0028-target-i386-Define-CPUID_MODEL_ID_SZ-macro.patch new file mode 100644 index 0000000..f46cb61 --- /dev/null +++ b/debian/patches/extra/0028-target-i386-Define-CPUID_MODEL_ID_SZ-macro.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Wed, 12 Jul 2017 13:20:57 -0300 +Subject: [PATCH] target/i386: Define CPUID_MODEL_ID_SZ macro + +Document cpu_x86_fill_model_id() and define CPUID_MODEL_ID_SZ to +help callers use the right buffer size. + +Signed-off-by: Eduardo Habkost +Message-Id: <20170712162058.10538-4-ehabkost@redhat.com> +Signed-off-by: Eduardo Habkost +--- + target/i386/cpu.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 1affd3bb5b..54832dd591 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1541,6 +1541,17 @@ static bool lmce_supported(void) + return !!(mce_cap & MCG_LMCE_P); + } + ++#define CPUID_MODEL_ID_SZ 48 ++ ++/** ++ * cpu_x86_fill_model_id: ++ * Get CPUID model ID string from host CPU. ++ * ++ * @str should have at least CPUID_MODEL_ID_SZ bytes ++ * ++ * The function does NOT add a null terminator to the string ++ * automatically. ++ */ + static int cpu_x86_fill_model_id(char *str) + { + uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0; +-- +2.11.0 + diff --git a/debian/patches/extra/0029-target-i386-Don-t-use-x86_cpu_load_def-on-max-CPU-mo.patch b/debian/patches/extra/0029-target-i386-Don-t-use-x86_cpu_load_def-on-max-CPU-mo.patch new file mode 100644 index 0000000..d8f9bfa --- /dev/null +++ b/debian/patches/extra/0029-target-i386-Don-t-use-x86_cpu_load_def-on-max-CPU-mo.patch @@ -0,0 +1,92 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Wed, 12 Jul 2017 13:20:58 -0300 +Subject: [PATCH] target/i386: Don't use x86_cpu_load_def() on "max" CPU model + +When commit 0bacd8b3046f ('i386: Don't set CPUClass::cpu_def on +"max" model') removed the CPUClass::cpu_def field, we kept using +the x86_cpu_load_def() helper directly in max_x86_cpu_initfn(), +emulating the previous behavior when CPUClass::cpu_def was set. + +However, x86_cpu_load_def() is intended to help initialization of +CPU models from the builtin_x86_defs table, and does lots of +other steps that are not necessary for "max". + +One of the things x86_cpu_load_def() do is to set the properties +listed at tcg_default_props/kvm_default_props. We must not do +that on the "max" CPU model, otherwise under KVM we will +incorrectly report all KVM features as always available, and the +"svm" feature as always unavailable. The latter caused the bug +reported at: + + https://bugzilla.redhat.com/show_bug.cgi?id=1467599 + ("Unable to start domain: the CPU is incompatible with host CPU: + Host CPU does not provide required features: svm") + +Replace x86_cpu_load_def() with simple object_property_set*() +calls. In addition to fixing the above bug, this makes the KVM +branch in max_x86_cpu_initfn() very similar to the existing TCG +branch. + +For reference, the full list of steps performed by +x86_cpu_load_def() is: + +* Setting min-level and min-xlevel. Already done by + max_x86_cpu_initfn(). +* Setting family/model/stepping/model-id. Done by the code added + to max_x86_cpu_initfn() in this patch. +* Copying def->features. Wrong because "-cpu max" features need to + be calculated at realize time. This was not a problem in the + current code because host_cpudef.features was all zeroes. +* x86_cpu_apply_props() calls. This causes the bug above, and + shouldn't be done. +* Setting CPUID_EXT_HYPERVISOR. Not needed because it is already + reported by x86_cpu_get_supported_feature_word(), and because + "-cpu max" features need to be calculated at realize time. +* Setting CPU vendor to host CPU vendor if on KVM mode. + Redundant, because max_x86_cpu_initfn() already sets it to the + host CPU vendor. + +Signed-off-by: Eduardo Habkost +Message-Id: <20170712162058.10538-5-ehabkost@redhat.com> +Reviewed-by: Igor Mammedov +Signed-off-by: Eduardo Habkost +--- + target/i386/cpu.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 54832dd591..3d53cb4c86 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1600,15 +1600,21 @@ static void max_x86_cpu_initfn(Object *obj) + cpu->max_features = true; + + if (kvm_enabled()) { +- X86CPUDefinition host_cpudef = { }; +- uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0; ++ char vendor[CPUID_VENDOR_SZ + 1] = { 0 }; ++ char model_id[CPUID_MODEL_ID_SZ + 1] = { 0 }; ++ int family, model, stepping; + +- host_vendor_fms(host_cpudef.vendor, &host_cpudef.family, +- &host_cpudef.model, &host_cpudef.stepping); ++ host_vendor_fms(vendor, &family, &model, &stepping); + +- cpu_x86_fill_model_id(host_cpudef.model_id); ++ cpu_x86_fill_model_id(model_id); + +- x86_cpu_load_def(cpu, &host_cpudef, &error_abort); ++ object_property_set_str(OBJECT(cpu), vendor, "vendor", &error_abort); ++ object_property_set_int(OBJECT(cpu), family, "family", &error_abort); ++ object_property_set_int(OBJECT(cpu), model, "model", &error_abort); ++ object_property_set_int(OBJECT(cpu), stepping, "stepping", ++ &error_abort); ++ object_property_set_str(OBJECT(cpu), model_id, "model-id", ++ &error_abort); + + env->cpuid_min_level = + kvm_arch_get_supported_cpuid(s, 0x0, 0, R_EAX); +-- +2.11.0 + diff --git a/debian/patches/extra/0030-i386-Change-X86CPUDefinition-model_id-to-const-char.patch b/debian/patches/extra/0030-i386-Change-X86CPUDefinition-model_id-to-const-char.patch new file mode 100644 index 0000000..0db5d5d --- /dev/null +++ b/debian/patches/extra/0030-i386-Change-X86CPUDefinition-model_id-to-const-char.patch @@ -0,0 +1,85 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Tue, 9 Jan 2018 13:45:13 -0200 +Subject: [PATCH] i386: Change X86CPUDefinition::model_id to const char* + +It is valid to have a 48-character model ID on CPUID, however the +definition of X86CPUDefinition::model_id is char[48], which can +make the compiler drop the null terminator from the string. + +If a CPU model happens to have 48 bytes on model_id, "-cpu help" +will print garbage and the object_property_set_str() call at +x86_cpu_load_def() will read data outside the model_id array. + +We could increase the array size to 49, but this would mean the +compiler would not issue a warning if a 49-char string is used by +mistake for model_id. + +To make things simpler, simply change model_id to be const char*, +and validate the string length using an assert() on +x86_cpu_cpudef_class_init. + +Reported-by: "Dr. David Alan Gilbert" +Signed-off-by: Eduardo Habkost +--- + target/i386/cpu.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 3d53cb4c86..c673521016 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -753,7 +753,7 @@ struct X86CPUDefinition { + int model; + int stepping; + FeatureWordArray features; +- char model_id[48]; ++ const char *model_id; + }; + + static X86CPUDefinition builtin_x86_defs[] = { +@@ -922,6 +922,7 @@ static X86CPUDefinition builtin_x86_defs[] = { + .features[FEAT_1_EDX] = + I486_FEATURES, + .xlevel = 0, ++ .model_id = "", + }, + { + .name = "pentium", +@@ -933,6 +934,7 @@ static X86CPUDefinition builtin_x86_defs[] = { + .features[FEAT_1_EDX] = + PENTIUM_FEATURES, + .xlevel = 0, ++ .model_id = "", + }, + { + .name = "pentium2", +@@ -944,6 +946,7 @@ static X86CPUDefinition builtin_x86_defs[] = { + .features[FEAT_1_EDX] = + PENTIUM2_FEATURES, + .xlevel = 0, ++ .model_id = "", + }, + { + .name = "pentium3", +@@ -955,6 +958,7 @@ static X86CPUDefinition builtin_x86_defs[] = { + .features[FEAT_1_EDX] = + PENTIUM3_FEATURES, + .xlevel = 0, ++ .model_id = "", + }, + { + .name = "athlon", +@@ -2617,6 +2621,9 @@ static void x86_register_cpudef_type(X86CPUDefinition *def) + * they shouldn't be set on the CPU model table. + */ + assert(!(def->features[FEAT_8000_0001_EDX] & CPUID_EXT2_AMD_ALIASES)); ++ /* catch mistakes instead of silently truncating model_id when too long */ ++ assert(def->model_id && strlen(def->model_id) <= 48); ++ + + type_register(&ti); + g_free(typename); +-- +2.11.0 + diff --git a/debian/patches/extra/0031-i386-Add-support-for-SPEC_CTRL-MSR.patch b/debian/patches/extra/0031-i386-Add-support-for-SPEC_CTRL-MSR.patch new file mode 100644 index 0000000..2a6f6d6 --- /dev/null +++ b/debian/patches/extra/0031-i386-Add-support-for-SPEC_CTRL-MSR.patch @@ -0,0 +1,135 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 9 Jan 2018 13:45:14 -0200 +Subject: [PATCH] i386: Add support for SPEC_CTRL MSR + +Signed-off-by: Eduardo Habkost +--- + target/i386/cpu.h | 3 +++ + target/i386/kvm.c | 15 +++++++++++++++ + target/i386/machine.c | 20 ++++++++++++++++++++ + 3 files changed, 38 insertions(+) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index c4602ca80d..cc322d6b39 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -333,6 +333,7 @@ + #define MSR_IA32_APICBASE_BASE (0xfffffU<<12) + #define MSR_IA32_FEATURE_CONTROL 0x0000003a + #define MSR_TSC_ADJUST 0x0000003b ++#define MSR_IA32_SPEC_CTRL 0x48 + #define MSR_IA32_TSCDEADLINE 0x6e0 + + #define FEATURE_CONTROL_LOCKED (1<<0) +@@ -1080,6 +1081,8 @@ typedef struct CPUX86State { + + uint32_t pkru; + ++ uint64_t spec_ctrl; ++ + /* End of state preserved by INIT (dummy marker). */ + struct {} end_init_save; + +diff --git a/target/i386/kvm.c b/target/i386/kvm.c +index 55865dbee0..9f83c79338 100644 +--- a/target/i386/kvm.c ++++ b/target/i386/kvm.c +@@ -89,6 +89,7 @@ static bool has_msr_hv_runtime; + static bool has_msr_hv_synic; + static bool has_msr_hv_stimer; + static bool has_msr_xss; ++static bool has_msr_spec_ctrl; + + static bool has_msr_architectural_pmu; + static uint32_t num_architectural_pmu_counters; +@@ -1140,6 +1141,10 @@ static int kvm_get_supported_msrs(KVMState *s) + has_msr_hv_stimer = true; + continue; + } ++ if (kvm_msr_list->indices[i] == MSR_IA32_SPEC_CTRL) { ++ has_msr_spec_ctrl = true; ++ continue; ++ } + } + } + +@@ -1667,6 +1672,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level) + if (has_msr_xss) { + kvm_msr_entry_add(cpu, MSR_IA32_XSS, env->xss); + } ++ if (has_msr_spec_ctrl) { ++ kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, env->spec_ctrl); ++ } + #ifdef TARGET_X86_64 + if (lm_capable_kernel) { + kvm_msr_entry_add(cpu, MSR_CSTAR, env->cstar); +@@ -1675,6 +1683,7 @@ static int kvm_put_msrs(X86CPU *cpu, int level) + kvm_msr_entry_add(cpu, MSR_LSTAR, env->lstar); + } + #endif ++ + /* + * The following MSRs have side effects on the guest or are too heavy + * for normal writeback. Limit them to reset or full state updates. +@@ -2081,6 +2090,9 @@ static int kvm_get_msrs(X86CPU *cpu) + if (has_msr_xss) { + kvm_msr_entry_add(cpu, MSR_IA32_XSS, 0); + } ++ if (has_msr_spec_ctrl) { ++ kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, 0); ++ } + + + if (!env->tsc_valid) { +@@ -2430,6 +2442,9 @@ static int kvm_get_msrs(X86CPU *cpu) + env->mtrr_var[MSR_MTRRphysIndex(index)].base = msrs[i].data; + } + break; ++ case MSR_IA32_SPEC_CTRL: ++ env->spec_ctrl = msrs[i].data; ++ break; + } + } + +diff --git a/target/i386/machine.c b/target/i386/machine.c +index 78ae2f986b..8c0d5437fa 100644 +--- a/target/i386/machine.c ++++ b/target/i386/machine.c +@@ -927,6 +927,25 @@ static const VMStateDescription vmstate_mcg_ext_ctl = { + } + }; + ++static bool spec_ctrl_needed(void *opaque) ++{ ++ X86CPU *cpu = opaque; ++ CPUX86State *env = &cpu->env; ++ ++ return env->spec_ctrl != 0; ++} ++ ++static const VMStateDescription vmstate_spec_ctrl = { ++ .name = "cpu/spec_ctrl", ++ .version_id = 1, ++ .minimum_version_id = 1, ++ .needed = spec_ctrl_needed, ++ .fields = (VMStateField[]){ ++ VMSTATE_UINT64(env.spec_ctrl, X86CPU), ++ VMSTATE_END_OF_LIST() ++ } ++}; ++ + VMStateDescription vmstate_x86_cpu = { + .name = "cpu", + .version_id = 12, +@@ -1053,6 +1072,7 @@ VMStateDescription vmstate_x86_cpu = { + #ifdef TARGET_X86_64 + &vmstate_pkru, + #endif ++ &vmstate_spec_ctrl, + &vmstate_mcg_ext_ctl, + NULL + } +-- +2.11.0 + diff --git a/debian/patches/extra/0032-i386-Add-spec-ctrl-CPUID-bit.patch b/debian/patches/extra/0032-i386-Add-spec-ctrl-CPUID-bit.patch new file mode 100644 index 0000000..254d17a --- /dev/null +++ b/debian/patches/extra/0032-i386-Add-spec-ctrl-CPUID-bit.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Tue, 9 Jan 2018 13:45:15 -0200 +Subject: [PATCH] i386: Add spec-ctrl CPUID bit + +Add the feature name and a CPUID_7_0_EDX_SPEC_CTRL macro. + +Signed-off-by: Eduardo Habkost +--- + target/i386/cpu.c | 2 +- + target/i386/cpu.h | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index c673521016..faf1ff6dcc 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -460,7 +460,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, +- NULL, NULL, NULL, NULL, ++ NULL, NULL, "spec-ctrl", NULL, + NULL, NULL, NULL, NULL, + }, + .cpuid_eax = 7, +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index cc322d6b39..71261f4819 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -640,6 +640,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + + #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */ + #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */ ++#define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */ + + #define CPUID_XSAVE_XSAVEOPT (1U << 0) + #define CPUID_XSAVE_XSAVEC (1U << 1) +-- +2.11.0 + diff --git a/debian/patches/extra/0033-i386-Add-FEAT_8000_0008_EBX-CPUID-feature-word.patch b/debian/patches/extra/0033-i386-Add-FEAT_8000_0008_EBX-CPUID-feature-word.patch new file mode 100644 index 0000000..27b98fe --- /dev/null +++ b/debian/patches/extra/0033-i386-Add-FEAT_8000_0008_EBX-CPUID-feature-word.patch @@ -0,0 +1,83 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Tue, 9 Jan 2018 13:45:16 -0200 +Subject: [PATCH] i386: Add FEAT_8000_0008_EBX CPUID feature word + +Add the new feature word and the "ibpb" feature flag. + +Based on a patch by Paolo Bonzini. + +Signed-off-by: Eduardo Habkost +--- + target/i386/cpu.c | 19 ++++++++++++++++++- + target/i386/cpu.h | 3 +++ + 2 files changed, 21 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index faf1ff6dcc..eee365b78d 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -484,6 +484,22 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .tcg_features = TCG_APM_FEATURES, + .unmigratable_flags = CPUID_APM_INVTSC, + }, ++ [FEAT_8000_0008_EBX] = { ++ .feat_names = { ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ "ibpb", NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ }, ++ .cpuid_eax = 0x80000008, ++ .cpuid_reg = R_EBX, ++ .tcg_features = 0, ++ .unmigratable_flags = 0, ++ }, + [FEAT_XSAVE] = { + .feat_names = { + "xsaveopt", "xsavec", "xgetbv1", "xsaves", +@@ -2984,7 +3000,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, + } else { + *eax = cpu->phys_bits; + } +- *ebx = 0; ++ *ebx = env->features[FEAT_8000_0008_EBX]; + *ecx = 0; + *edx = 0; + if (cs->nr_cores * cs->nr_threads > 1) { +@@ -3440,6 +3456,7 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error **errp) + x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_EDX); + x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_ECX); + x86_cpu_adjust_feat_level(cpu, FEAT_8000_0007_EDX); ++ x86_cpu_adjust_feat_level(cpu, FEAT_8000_0008_EBX); + x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX); + x86_cpu_adjust_feat_level(cpu, FEAT_SVM); + x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE); +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 71261f4819..1ebee91930 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -452,6 +452,7 @@ typedef enum FeatureWord { + FEAT_8000_0001_EDX, /* CPUID[8000_0001].EDX */ + FEAT_8000_0001_ECX, /* CPUID[8000_0001].ECX */ + FEAT_8000_0007_EDX, /* CPUID[8000_0007].EDX */ ++ FEAT_8000_0008_EBX, /* CPUID[8000_0008].EBX */ + FEAT_C000_0001_EDX, /* CPUID[C000_0001].EDX */ + FEAT_KVM, /* CPUID[4000_0001].EAX (KVM_CPUID_FEATURES) */ + FEAT_HYPERV_EAX, /* CPUID[4000_0003].EAX */ +@@ -642,6 +643,8 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */ + #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */ + ++#define CPUID_8000_0008_EBX_IBPB (1U << 12) /* Indirect Branch Prediction Barrier */ ++ + #define CPUID_XSAVE_XSAVEOPT (1U << 0) + #define CPUID_XSAVE_XSAVEC (1U << 1) + #define CPUID_XSAVE_XGETBV1 (1U << 2) +-- +2.11.0 + diff --git a/debian/patches/extra/0034-i386-Add-new-IBRS-versions-of-Intel-CPU-models.patch b/debian/patches/extra/0034-i386-Add-new-IBRS-versions-of-Intel-CPU-models.patch new file mode 100644 index 0000000..54e2835 --- /dev/null +++ b/debian/patches/extra/0034-i386-Add-new-IBRS-versions-of-Intel-CPU-models.patch @@ -0,0 +1,518 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Tue, 9 Jan 2018 13:45:17 -0200 +Subject: [PATCH] i386: Add new -IBRS versions of Intel CPU models + +The new MSR IA32_SPEC_CTRL MSR was introduced by a recent Intel +microcode updated and can be used by OSes to mitigate +CVE-2017-5715. Unfortunately we can't change the existing CPU +models without breaking existing setups, so users need to +explicitly update their VM configuration to use the new *-IBRS +CPU model if they want to expose IBRS to guests. + +The new CPU models are simple copies of the existing CPU models, +with just CPUID_7_0_EDX_SPEC_CTRL added and model_id updated. + +Cc: Jiri Denemark +Signed-off-by: Eduardo Habkost +--- + target/i386/cpu.c | 427 +++++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 426 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index eee365b78d..e4a2d5a012 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1085,6 +1085,31 @@ static X86CPUDefinition builtin_x86_defs[] = { + .model_id = "Intel Core i7 9xx (Nehalem Class Core i7)", + }, + { ++ .name = "Nehalem-IBRS", ++ .level = 11, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 26, ++ .stepping = 3, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_POPCNT | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 | ++ CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_SSE3, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_LAHF_LM, ++ .xlevel = 0x80000008, ++ .model_id = "Intel Core i7 9xx (Nehalem Core i7, IBRS update)", ++ }, ++ { + .name = "Westmere", + .level = 11, + .vendor = CPUID_VENDOR_INTEL, +@@ -1111,6 +1136,34 @@ static X86CPUDefinition builtin_x86_defs[] = { + .model_id = "Westmere E56xx/L56xx/X56xx (Nehalem-C)", + }, + { ++ .name = "Westmere-IBRS", ++ .level = 11, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 44, ++ .stepping = 1, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AES | CPUID_EXT_POPCNT | CPUID_EXT_SSE42 | ++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | ++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_LAHF_LM, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .xlevel = 0x80000008, ++ .model_id = "Westmere E56xx/L56xx/X56xx (IBRS update)", ++ }, ++ { + .name = "SandyBridge", + .level = 0xd, + .vendor = CPUID_VENDOR_INTEL, +@@ -1142,6 +1195,39 @@ static X86CPUDefinition builtin_x86_defs[] = { + .model_id = "Intel Xeon E312xx (Sandy Bridge)", + }, + { ++ .name = "SandyBridge-IBRS", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 42, ++ .stepping = 1, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES | ++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT | ++ CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 | ++ CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ | ++ CPUID_EXT_SSE3, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX | ++ CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_LAHF_LM, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL, ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .xlevel = 0x80000008, ++ .model_id = "Intel Xeon E312xx (Sandy Bridge, IBRS update)", ++ }, ++ { + .name = "IvyBridge", + .level = 0xd, + .vendor = CPUID_VENDOR_INTEL, +@@ -1176,6 +1262,42 @@ static X86CPUDefinition builtin_x86_defs[] = { + .model_id = "Intel Xeon E3-12xx v2 (Ivy Bridge)", + }, + { ++ .name = "IvyBridge-IBRS", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 58, ++ .stepping = 9, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES | ++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT | ++ CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 | ++ CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ | ++ CPUID_EXT_SSE3 | CPUID_EXT_F16C | CPUID_EXT_RDRAND, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_SMEP | ++ CPUID_7_0_EBX_ERMS, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX | ++ CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_LAHF_LM, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL, ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .xlevel = 0x80000008, ++ .model_id = "Intel Xeon E3-12xx v2 (Ivy Bridge, IBRS)", ++ }, ++ { + .name = "Haswell-noTSX", + .level = 0xd, + .vendor = CPUID_VENDOR_INTEL, +@@ -1210,7 +1332,46 @@ static X86CPUDefinition builtin_x86_defs[] = { + CPUID_6_EAX_ARAT, + .xlevel = 0x80000008, + .model_id = "Intel Core Processor (Haswell, no TSX)", +- }, { ++ }, ++ { ++ .name = "Haswell-noTSX-IBRS", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 60, ++ .stepping = 1, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES | ++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | ++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | ++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 | ++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE | ++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX | ++ CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | ++ CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP | ++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID, ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .xlevel = 0x80000008, ++ .model_id = "Intel Core Processor (Haswell, no TSX, IBRS)", ++ }, ++ { + .name = "Haswell", + .level = 0xd, + .vendor = CPUID_VENDOR_INTEL, +@@ -1248,6 +1409,45 @@ static X86CPUDefinition builtin_x86_defs[] = { + .model_id = "Intel Core Processor (Haswell)", + }, + { ++ .name = "Haswell-IBRS", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 60, ++ .stepping = 4, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES | ++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | ++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | ++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 | ++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE | ++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX | ++ CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | ++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP | ++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID | ++ CPUID_7_0_EBX_RTM, ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .xlevel = 0x80000008, ++ .model_id = "Intel Core Processor (Haswell, IBRS)", ++ }, ++ { + .name = "Broadwell-noTSX", + .level = 0xd, + .vendor = CPUID_VENDOR_INTEL, +@@ -1286,6 +1486,46 @@ static X86CPUDefinition builtin_x86_defs[] = { + .model_id = "Intel Core Processor (Broadwell, no TSX)", + }, + { ++ .name = "Broadwell-noTSX-IBRS", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 61, ++ .stepping = 2, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES | ++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | ++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | ++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 | ++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE | ++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX | ++ CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | ++ CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP | ++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID | ++ CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | ++ CPUID_7_0_EBX_SMAP, ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .xlevel = 0x80000008, ++ .model_id = "Intel Core Processor (Broadwell, no TSX, IBRS)", ++ }, ++ { + .name = "Broadwell", + .level = 0xd, + .vendor = CPUID_VENDOR_INTEL, +@@ -1324,6 +1564,46 @@ static X86CPUDefinition builtin_x86_defs[] = { + .model_id = "Intel Core Processor (Broadwell)", + }, + { ++ .name = "Broadwell-IBRS", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 61, ++ .stepping = 2, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES | ++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | ++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | ++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 | ++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE | ++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX | ++ CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | ++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP | ++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID | ++ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | ++ CPUID_7_0_EBX_SMAP, ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .xlevel = 0x80000008, ++ .model_id = "Intel Core Processor (Broadwell, IBRS)", ++ }, ++ { + .name = "Skylake-Client", + .level = 0xd, + .vendor = CPUID_VENDOR_INTEL, +@@ -1369,6 +1649,151 @@ static X86CPUDefinition builtin_x86_defs[] = { + .model_id = "Intel Core Processor (Skylake)", + }, + { ++ .name = "Skylake-Client-IBRS", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 94, ++ .stepping = 3, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES | ++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | ++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | ++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 | ++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE | ++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX | ++ CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | ++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP | ++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID | ++ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | ++ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_MPX, ++ /* Missing: XSAVES (not supported by some Linux versions, ++ * including v4.1 to v4.12). ++ * KVM doesn't yet expose any XSAVES state save component, ++ * and the only one defined in Skylake (processor tracing) ++ * probably will block migration anyway. ++ */ ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | ++ CPUID_XSAVE_XGETBV1, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .xlevel = 0x80000008, ++ .model_id = "Intel Core Processor (Skylake, IBRS)", ++ }, ++ { ++ .name = "Skylake-Server", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 85, ++ .stepping = 4, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES | ++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | ++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | ++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 | ++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE | ++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP | ++ CPUID_EXT2_NX | CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | ++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP | ++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID | ++ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | ++ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_CLWB | ++ CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ | ++ CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD | ++ CPUID_7_0_EBX_AVX512VL, ++ /* Missing: XSAVES (not supported by some Linux versions, ++ * including v4.1 to v4.12). ++ * KVM doesn't yet expose any XSAVES state save component, ++ * and the only one defined in Skylake (processor tracing) ++ * probably will block migration anyway. ++ */ ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | ++ CPUID_XSAVE_XGETBV1, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .xlevel = 0x80000008, ++ .model_id = "Intel Xeon Processor (Skylake)", ++ }, ++ { ++ .name = "Skylake-Server-IBRS", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 85, ++ .stepping = 4, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES | ++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | ++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | ++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 | ++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE | ++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP | ++ CPUID_EXT2_NX | CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | ++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP | ++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID | ++ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | ++ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_CLWB | ++ CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ | ++ CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD | ++ CPUID_7_0_EBX_AVX512VL, ++ /* Missing: XSAVES (not supported by some Linux versions, ++ * including v4.1 to v4.12). ++ * KVM doesn't yet expose any XSAVES state save component, ++ * and the only one defined in Skylake (processor tracing) ++ * probably will block migration anyway. ++ */ ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | ++ CPUID_XSAVE_XGETBV1, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .xlevel = 0x80000008, ++ .model_id = "Intel Xeon Processor (Skylake, IBRS)", ++ }, ++ { + .name = "Opteron_G1", + .level = 5, + .vendor = CPUID_VENDOR_AMD, +-- +2.11.0 + diff --git a/debian/patches/series b/debian/patches/series index c44620c..167bd80 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -53,3 +53,11 @@ extra/0023-cirrus-fix-oob-access-in-mode4and5-write-functions.patch extra/0024-virtio-check-VirtQueue-Vring-object-is-set.patch extra/0025-block-gluster-glfs_lseek-workaround.patch extra/0026-gluster-add-support-for-PREALLOC_MODE_FALLOC.patch +extra/0027-target-i386-Use-host_vendor_fms-in-max_x86_cpu_initf.patch +extra/0028-target-i386-Define-CPUID_MODEL_ID_SZ-macro.patch +extra/0029-target-i386-Don-t-use-x86_cpu_load_def-on-max-CPU-mo.patch +extra/0030-i386-Change-X86CPUDefinition-model_id-to-const-char.patch +extra/0031-i386-Add-support-for-SPEC_CTRL-MSR.patch +extra/0032-i386-Add-spec-ctrl-CPUID-bit.patch +extra/0033-i386-Add-FEAT_8000_0008_EBX-CPUID-feature-word.patch +extra/0034-i386-Add-new-IBRS-versions-of-Intel-CPU-models.patch