git.proxmox.com Git - pve-qemu.git/commit

]> git.proxmox.com Git - pve-qemu.git/commit

author	Oguz Bektas <o.bektas@proxmox.com>
	Mon, 3 Jun 2019 13:17:10 +0000 (15:17 +0200)
committer	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Wed, 5 Jun 2019 12:21:44 +0000 (14:21 +0200)
commit	9be61fa466f07d7ea99403969f05da9f5c5cedef
tree	f60bbffde32bf251953da22a5f0dc57be623d541	tree
parent	7951909dadca03687ed7314b5c63a4926bfaac3b	commit \| diff

add fixes for intel MDS CVEs

fixes for:
* CVE-2018-12126
* CVE-2018-12127
* CVE-2018-12130
* CVE-2019-11091

adds the md-clear cpuflag.

Not included by default in any Intel CPU model.

Must be explicitly turned on for all Intel CPU models.

Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>

debian/patches/extra/0003-kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch	[new file with mode: 0644]	blob
debian/patches/extra/0004-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch	[new file with mode: 0644]	blob
debian/patches/extra/0005-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch	[new file with mode: 0644]	blob
debian/patches/extra/0006-x86-Data-structure-changes-to-support-MSR-based-feat.patch	[new file with mode: 0644]	blob
debian/patches/extra/0007-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch	[new file with mode: 0644]	blob
debian/patches/extra/0008-target-i386-add-MDS-NO-feature.patch	[new file with mode: 0644]	blob
debian/patches/extra/0009-target-i386-define-md-clear-bit.patch	[new file with mode: 0644]	blob
debian/patches/series		diff \| blob \| blame \| history

QEMU for PVE

RSS Atom