-From c2835302a557437ef22944902da17686247edd35 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 4 Jul 2016 15:02:26 +0200
-Subject: [PATCH 01/23] Revert "target-i386: disable LINT0 after reset"
+Subject: [PATCH] Revert "target-i386: disable LINT0 after reset"
This reverts commit b8eb5512fd8a115f164edbbe897cdf8884920ccb.
---
-From 7ea086a97a09774c9ac8f0df236a0acb01dfc1ef Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Fri, 2 Jun 2017 10:54:24 +0100
-Subject: [PATCH 02/23] virtio-serial: fix segfault on disconnect
+Subject: [PATCH] virtio-serial: fix segfault on disconnect
Since commit d4c19cdeeb2f1e474bc426a6da261f1d7346eb5b ("virtio-serial:
add missing virtio_detach_element() call") the following commands may
-From 8a6382046bb0a71f1deb7b7ca3954662353f3f65 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 1 Jun 2017 17:26:14 +0200
-Subject: [PATCH 03/23] megasas: always store SCSIRequest* into MegasasCmd
+Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd
This ensures that the request is unref'ed properly, and avoids a
segmentation fault in the new qtest testcase that is added.
-From 76d3fb511849efb8bcd8690cd008a46408fac6dd Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Mon, 17 Jul 2017 17:33:26 +0530
-Subject: [PATCH 04/23] slirp: check len against dhcp options array end
+Subject: [PATCH] slirp: check len against dhcp options array end
While parsing dhcp options string in 'dhcp_decode', if an options'
length 'len' appeared towards the end of 'bp_vend' array, ensuing
-From 1c0ba3702859ca6affc1a3f9cad3d35ccc4773ed Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 9 Aug 2017 17:02:11 +0100
-Subject: [PATCH 05/23] IDE: Do not flush empty CDROM drives
+Subject: [PATCH] IDE: Do not flush empty CDROM drives
The block backend changed in a way that flushing empty CDROM drives now
crashes. Amend IDE to avoid doing so until the root problem can be
-From 14a318bd04ab27f0f8f5dbe5aba53a817f85e016 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 21 Apr 2017 11:16:24 +0200
-Subject: [PATCH 06/23] bitmap: add bitmap_copy_and_clear_atomic
+Subject: [PATCH] bitmap: add bitmap_copy_and_clear_atomic
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170421091632.30900-2-kraxel@redhat.com
-From 2628973e5f8a50f3b308395fa8a33b8f4fdc9024 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 21 Apr 2017 11:16:25 +0200
-Subject: [PATCH 07/23] memory: add support getting and using a dirty bitmap
- copy.
+Subject: [PATCH] memory: add support getting and using a dirty bitmap copy.
This patch adds support for getting and using a local copy of the dirty
bitmap.
-From 248536e4a93b254fc38aa369f76e828c9ce9b45e Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 21 Apr 2017 11:16:26 +0200
-Subject: [PATCH 08/23] vga: add vga_scanline_invalidated helper
+Subject: [PATCH] vga: add vga_scanline_invalidated helper
Add vga_scanline_invalidated helper to check whenever a scanline was
invalidated. Add a sanity check to fix OOB read access for display
-From 54b1106d9a24dadae42c4f4c25b4fa2560183f5b Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 21 Apr 2017 11:16:27 +0200
-Subject: [PATCH 09/23] vga: make display updates thread safe.
+Subject: [PATCH] vga: make display updates thread safe.
The vga code clears the dirty bits *after* reading the framebuffer
memory. So if the guest framebuffer updates hits the race window
-From acd029e2a9b9ea93997fcb19c6cd71d6dd6c9cb6 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 9 May 2017 12:48:39 +0200
-Subject: [PATCH 10/23] vga: fix display update region calculation
+Subject: [PATCH] vga: fix display update region calculation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-From b8aa853672ab9e94821a43b6cb2a51d24cb2be8c Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 1 Sep 2017 14:57:38 +0200
-Subject: [PATCH 11/23] vga: fix display update region calculation (split
- screen)
+Subject: [PATCH] vga: fix display update region calculation (split screen)
vga display update mis-calculated the region for the dirty bitmap
snapshot in case split screen mode is used. This can trigger an
-From 51b08381408f248b1149c0177a90f61f703b8432 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 1 Sep 2017 14:57:39 +0200
-Subject: [PATCH 12/23] vga: stop passing pointers to vga_draw_line* functions
+Subject: [PATCH] vga: stop passing pointers to vga_draw_line* functions
Instead pass around the address (aka offset into vga memory).
Add vga_read_* helper functions which apply vbe_size_mask to
-From 158e47c5a3ebe4b67d35b7c1e8fecad258e735db Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 7 Sep 2017 12:02:56 +0530
-Subject: [PATCH 13/23] multiboot: validate multiboot header address values
+Subject: [PATCH] multiboot: validate multiboot header address values
While loading kernel via multiboot-v1 image, (flags & 0x00010000)
indicates that multiboot header contains valid addresses to load
-From 5cd576814744853a855ab64400e2d8d9c0b7bb0e Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 20 Sep 2017 08:09:33 +0200
-Subject: [PATCH 14/23] virtio: fix descriptor counting in virtqueue_pop
+Subject: [PATCH] virtio: fix descriptor counting in virtqueue_pop
While changing the s/g list allocation, commit 3b3b0628
also changed the descriptor counting to count iovec entries
-From 93b7498c9e8adcd51c70f8df88b9228658b43595 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 29 Nov 2017 09:39:55 +0100
-Subject: [PATCH 15/23] nbd/server: CVE-2017-15119 Reject options larger than
- 32M
+Subject: [PATCH] nbd/server: CVE-2017-15119 Reject options larger than 32M
Backported-from: fdad35ef6c58
---
-From 8b2be8e3f9c1ca9f78b1c87ead13f54fbd98198a Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Date: Fri, 4 Aug 2017 12:33:29 +0100
-Subject: [PATCH 16/23] vga/migration: Update memory map in post_load
+Subject: [PATCH] vga/migration: Update memory map in post_load
After migration the chain4 alias mapping added by 80763888 (in 2011)
might be missing, since there's no call to vga_update_memory_access
-From 3a1728b97f64e3ed4efc827bce7ff917ea5b6dd1 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 10 Oct 2017 16:13:21 +0200
-Subject: [PATCH 17/23] vga: drop line_offset variable
+Subject: [PATCH] vga: drop line_offset variable
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
-From b63830cd6f59a87ef9bdb4f466ce8f4bd2ff5315 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 10 Oct 2017 16:13:22 +0200
-Subject: [PATCH 18/23] vga: handle cirrus vbe mode wraparounds.
+Subject: [PATCH] vga: handle cirrus vbe mode wraparounds.
Commit "3d90c62548 vga: stop passing pointers to vga_draw_line*
functions" is incomplete. It doesn't handle the case that the vga
-From 918868b77c7a04d3e2aa7bbc7f9255dafe75f709 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 10 Oct 2017 16:13:23 +0200
-Subject: [PATCH 19/23] vga: add ram_addr_t cast
+Subject: [PATCH] vga: add ram_addr_t cast
Reported by Coverity.
-From 3c51ccd7bb43dd763a1ff3112b8a0cd7e145ca4f Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 30 Oct 2017 11:28:30 +0100
-Subject: [PATCH 20/23] vga: fix region checks in wraparound case
+Subject: [PATCH] vga: fix region checks in wraparound case
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-From 89a1271a7687018cdbf2b7f92cf3d50d079e100e Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 9 Oct 2017 14:43:42 +0100
-Subject: [PATCH 21/23] io: monitor encoutput buffer size from websocket
- GSource
+Subject: [PATCH] io: monitor encoutput buffer size from websocket GSource
The websocket GSource is monitoring the size of the rawoutput
buffer to determine if the channel can accepts more writes.
-From 184640d2552895d967214e90e23e005d6657b145 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Mon, 16 Oct 2017 14:21:59 +0200
-Subject: [PATCH 22/23] 9pfs: use g_malloc0 to allocate space for xattr
+Subject: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr
9p back-end first queries the size of an extended attribute,
allocates space for it via g_malloc() and then retrieves its
-From b162e22e5f0c1081efeec646999616ce1a7e3875 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 11 Oct 2017 10:43:14 +0200
-Subject: [PATCH 23/23] cirrus: fix oob access in mode4and5 write functions
+Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions
Move dst calculation into the loop, so we apply the mask on each
interation and will not overflow vga memory.
-From 537048fe17ab94242908536adcb638ec274a3f53 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed, 29 Nov 2017 23:14:27 +0530
-Subject: [PATCH 1/2] virtio: check VirtQueue Vring object is set
+Subject: [PATCH] virtio: check VirtQueue Vring object is set
A guest could attempt to use an uninitialised VirtQueue object
or unset Vring.align leading to a arithmetic exception. Add check
-From 3a2be75872e6670a81410ecb175a447be45cfd15 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeff Cody <jcody@redhat.com>
Date: Tue, 23 May 2017 13:27:50 -0400
-Subject: [PATCH 1/2] block/gluster: glfs_lseek() workaround
+Subject: [PATCH] block/gluster: glfs_lseek() workaround
On current released versions of glusterfs, glfs_lseek() will sometimes
return invalid values for SEEK_DATA or SEEK_HOLE. For SEEK_DATA and
-From ca3e533f0335aa248e10f9f5a715dc5b8ec7e442 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@redhat.com>
Date: Sun, 28 May 2017 12:01:14 +0530
-Subject: [PATCH 2/2] gluster: add support for PREALLOC_MODE_FALLOC
+Subject: [PATCH] gluster: add support for PREALLOC_MODE_FALLOC
Add missing support for "preallocation=falloc" to the Gluster block
driver. This change bases its logic on that of block/file-posix.c and
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 12 Jul 2017 13:20:56 -0300
+Subject: [PATCH] target/i386: Use host_vendor_fms() in max_x86_cpu_initfn()
+
+The existing code duplicated the logic in host_vendor_fms(), so
+reuse the helper function instead.
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Message-Id: <20170712162058.10538-3-ehabkost@redhat.com>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+---
+ target/i386/cpu.c | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 4b3bfb3802..1affd3bb5b 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1592,13 +1592,8 @@ static void max_x86_cpu_initfn(Object *obj)
+ X86CPUDefinition host_cpudef = { };
+ uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0;
+
+- host_cpuid(0x0, 0, &eax, &ebx, &ecx, &edx);
+- x86_cpu_vendor_words2str(host_cpudef.vendor, ebx, edx, ecx);
+-
+- host_cpuid(0x1, 0, &eax, &ebx, &ecx, &edx);
+- host_cpudef.family = ((eax >> 8) & 0x0F) + ((eax >> 20) & 0xFF);
+- host_cpudef.model = ((eax >> 4) & 0x0F) | ((eax & 0xF0000) >> 12);
+- host_cpudef.stepping = eax & 0x0F;
++ host_vendor_fms(host_cpudef.vendor, &host_cpudef.family,
++ &host_cpudef.model, &host_cpudef.stepping);
+
+ cpu_x86_fill_model_id(host_cpudef.model_id);
+
+--
+2.11.0
+
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 12 Jul 2017 13:20:57 -0300
+Subject: [PATCH] target/i386: Define CPUID_MODEL_ID_SZ macro
+
+Document cpu_x86_fill_model_id() and define CPUID_MODEL_ID_SZ to
+help callers use the right buffer size.
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Message-Id: <20170712162058.10538-4-ehabkost@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+---
+ target/i386/cpu.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 1affd3bb5b..54832dd591 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1541,6 +1541,17 @@ static bool lmce_supported(void)
+ return !!(mce_cap & MCG_LMCE_P);
+ }
+
++#define CPUID_MODEL_ID_SZ 48
++
++/**
++ * cpu_x86_fill_model_id:
++ * Get CPUID model ID string from host CPU.
++ *
++ * @str should have at least CPUID_MODEL_ID_SZ bytes
++ *
++ * The function does NOT add a null terminator to the string
++ * automatically.
++ */
+ static int cpu_x86_fill_model_id(char *str)
+ {
+ uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0;
+--
+2.11.0
+
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 12 Jul 2017 13:20:58 -0300
+Subject: [PATCH] target/i386: Don't use x86_cpu_load_def() on "max" CPU model
+
+When commit 0bacd8b3046f ('i386: Don't set CPUClass::cpu_def on
+"max" model') removed the CPUClass::cpu_def field, we kept using
+the x86_cpu_load_def() helper directly in max_x86_cpu_initfn(),
+emulating the previous behavior when CPUClass::cpu_def was set.
+
+However, x86_cpu_load_def() is intended to help initialization of
+CPU models from the builtin_x86_defs table, and does lots of
+other steps that are not necessary for "max".
+
+One of the things x86_cpu_load_def() do is to set the properties
+listed at tcg_default_props/kvm_default_props. We must not do
+that on the "max" CPU model, otherwise under KVM we will
+incorrectly report all KVM features as always available, and the
+"svm" feature as always unavailable. The latter caused the bug
+reported at:
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=1467599
+ ("Unable to start domain: the CPU is incompatible with host CPU:
+ Host CPU does not provide required features: svm")
+
+Replace x86_cpu_load_def() with simple object_property_set*()
+calls. In addition to fixing the above bug, this makes the KVM
+branch in max_x86_cpu_initfn() very similar to the existing TCG
+branch.
+
+For reference, the full list of steps performed by
+x86_cpu_load_def() is:
+
+* Setting min-level and min-xlevel. Already done by
+ max_x86_cpu_initfn().
+* Setting family/model/stepping/model-id. Done by the code added
+ to max_x86_cpu_initfn() in this patch.
+* Copying def->features. Wrong because "-cpu max" features need to
+ be calculated at realize time. This was not a problem in the
+ current code because host_cpudef.features was all zeroes.
+* x86_cpu_apply_props() calls. This causes the bug above, and
+ shouldn't be done.
+* Setting CPUID_EXT_HYPERVISOR. Not needed because it is already
+ reported by x86_cpu_get_supported_feature_word(), and because
+ "-cpu max" features need to be calculated at realize time.
+* Setting CPU vendor to host CPU vendor if on KVM mode.
+ Redundant, because max_x86_cpu_initfn() already sets it to the
+ host CPU vendor.
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Message-Id: <20170712162058.10538-5-ehabkost@redhat.com>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+---
+ target/i386/cpu.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 54832dd591..3d53cb4c86 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1600,15 +1600,21 @@ static void max_x86_cpu_initfn(Object *obj)
+ cpu->max_features = true;
+
+ if (kvm_enabled()) {
+- X86CPUDefinition host_cpudef = { };
+- uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0;
++ char vendor[CPUID_VENDOR_SZ + 1] = { 0 };
++ char model_id[CPUID_MODEL_ID_SZ + 1] = { 0 };
++ int family, model, stepping;
+
+- host_vendor_fms(host_cpudef.vendor, &host_cpudef.family,
+- &host_cpudef.model, &host_cpudef.stepping);
++ host_vendor_fms(vendor, &family, &model, &stepping);
+
+- cpu_x86_fill_model_id(host_cpudef.model_id);
++ cpu_x86_fill_model_id(model_id);
+
+- x86_cpu_load_def(cpu, &host_cpudef, &error_abort);
++ object_property_set_str(OBJECT(cpu), vendor, "vendor", &error_abort);
++ object_property_set_int(OBJECT(cpu), family, "family", &error_abort);
++ object_property_set_int(OBJECT(cpu), model, "model", &error_abort);
++ object_property_set_int(OBJECT(cpu), stepping, "stepping",
++ &error_abort);
++ object_property_set_str(OBJECT(cpu), model_id, "model-id",
++ &error_abort);
+
+ env->cpuid_min_level =
+ kvm_arch_get_supported_cpuid(s, 0x0, 0, R_EAX);
+--
+2.11.0
+
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Tue, 9 Jan 2018 13:45:13 -0200
+Subject: [PATCH] i386: Change X86CPUDefinition::model_id to const char*
+
+It is valid to have a 48-character model ID on CPUID, however the
+definition of X86CPUDefinition::model_id is char[48], which can
+make the compiler drop the null terminator from the string.
+
+If a CPU model happens to have 48 bytes on model_id, "-cpu help"
+will print garbage and the object_property_set_str() call at
+x86_cpu_load_def() will read data outside the model_id array.
+
+We could increase the array size to 49, but this would mean the
+compiler would not issue a warning if a 49-char string is used by
+mistake for model_id.
+
+To make things simpler, simply change model_id to be const char*,
+and validate the string length using an assert() on
+x86_cpu_cpudef_class_init.
+
+Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+---
+ target/i386/cpu.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 3d53cb4c86..c673521016 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -753,7 +753,7 @@ struct X86CPUDefinition {
+ int model;
+ int stepping;
+ FeatureWordArray features;
+- char model_id[48];
++ const char *model_id;
+ };
+
+ static X86CPUDefinition builtin_x86_defs[] = {
+@@ -922,6 +922,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ .features[FEAT_1_EDX] =
+ I486_FEATURES,
+ .xlevel = 0,
++ .model_id = "",
+ },
+ {
+ .name = "pentium",
+@@ -933,6 +934,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ .features[FEAT_1_EDX] =
+ PENTIUM_FEATURES,
+ .xlevel = 0,
++ .model_id = "",
+ },
+ {
+ .name = "pentium2",
+@@ -944,6 +946,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ .features[FEAT_1_EDX] =
+ PENTIUM2_FEATURES,
+ .xlevel = 0,
++ .model_id = "",
+ },
+ {
+ .name = "pentium3",
+@@ -955,6 +958,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ .features[FEAT_1_EDX] =
+ PENTIUM3_FEATURES,
+ .xlevel = 0,
++ .model_id = "",
+ },
+ {
+ .name = "athlon",
+@@ -2617,6 +2621,9 @@ static void x86_register_cpudef_type(X86CPUDefinition *def)
+ * they shouldn't be set on the CPU model table.
+ */
+ assert(!(def->features[FEAT_8000_0001_EDX] & CPUID_EXT2_AMD_ALIASES));
++ /* catch mistakes instead of silently truncating model_id when too long */
++ assert(def->model_id && strlen(def->model_id) <= 48);
++
+
+ type_register(&ti);
+ g_free(typename);
+--
+2.11.0
+
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 9 Jan 2018 13:45:14 -0200
+Subject: [PATCH] i386: Add support for SPEC_CTRL MSR
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+---
+ target/i386/cpu.h | 3 +++
+ target/i386/kvm.c | 15 +++++++++++++++
+ target/i386/machine.c | 20 ++++++++++++++++++++
+ 3 files changed, 38 insertions(+)
+
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index c4602ca80d..cc322d6b39 100644
+--- a/target/i386/cpu.h
++++ b/target/i386/cpu.h
+@@ -333,6 +333,7 @@
+ #define MSR_IA32_APICBASE_BASE (0xfffffU<<12)
+ #define MSR_IA32_FEATURE_CONTROL 0x0000003a
+ #define MSR_TSC_ADJUST 0x0000003b
++#define MSR_IA32_SPEC_CTRL 0x48
+ #define MSR_IA32_TSCDEADLINE 0x6e0
+
+ #define FEATURE_CONTROL_LOCKED (1<<0)
+@@ -1080,6 +1081,8 @@ typedef struct CPUX86State {
+
+ uint32_t pkru;
+
++ uint64_t spec_ctrl;
++
+ /* End of state preserved by INIT (dummy marker). */
+ struct {} end_init_save;
+
+diff --git a/target/i386/kvm.c b/target/i386/kvm.c
+index 55865dbee0..9f83c79338 100644
+--- a/target/i386/kvm.c
++++ b/target/i386/kvm.c
+@@ -89,6 +89,7 @@ static bool has_msr_hv_runtime;
+ static bool has_msr_hv_synic;
+ static bool has_msr_hv_stimer;
+ static bool has_msr_xss;
++static bool has_msr_spec_ctrl;
+
+ static bool has_msr_architectural_pmu;
+ static uint32_t num_architectural_pmu_counters;
+@@ -1140,6 +1141,10 @@ static int kvm_get_supported_msrs(KVMState *s)
+ has_msr_hv_stimer = true;
+ continue;
+ }
++ if (kvm_msr_list->indices[i] == MSR_IA32_SPEC_CTRL) {
++ has_msr_spec_ctrl = true;
++ continue;
++ }
+ }
+ }
+
+@@ -1667,6 +1672,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
+ if (has_msr_xss) {
+ kvm_msr_entry_add(cpu, MSR_IA32_XSS, env->xss);
+ }
++ if (has_msr_spec_ctrl) {
++ kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, env->spec_ctrl);
++ }
+ #ifdef TARGET_X86_64
+ if (lm_capable_kernel) {
+ kvm_msr_entry_add(cpu, MSR_CSTAR, env->cstar);
+@@ -1675,6 +1683,7 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
+ kvm_msr_entry_add(cpu, MSR_LSTAR, env->lstar);
+ }
+ #endif
++
+ /*
+ * The following MSRs have side effects on the guest or are too heavy
+ * for normal writeback. Limit them to reset or full state updates.
+@@ -2081,6 +2090,9 @@ static int kvm_get_msrs(X86CPU *cpu)
+ if (has_msr_xss) {
+ kvm_msr_entry_add(cpu, MSR_IA32_XSS, 0);
+ }
++ if (has_msr_spec_ctrl) {
++ kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, 0);
++ }
+
+
+ if (!env->tsc_valid) {
+@@ -2430,6 +2442,9 @@ static int kvm_get_msrs(X86CPU *cpu)
+ env->mtrr_var[MSR_MTRRphysIndex(index)].base = msrs[i].data;
+ }
+ break;
++ case MSR_IA32_SPEC_CTRL:
++ env->spec_ctrl = msrs[i].data;
++ break;
+ }
+ }
+
+diff --git a/target/i386/machine.c b/target/i386/machine.c
+index 78ae2f986b..8c0d5437fa 100644
+--- a/target/i386/machine.c
++++ b/target/i386/machine.c
+@@ -927,6 +927,25 @@ static const VMStateDescription vmstate_mcg_ext_ctl = {
+ }
+ };
+
++static bool spec_ctrl_needed(void *opaque)
++{
++ X86CPU *cpu = opaque;
++ CPUX86State *env = &cpu->env;
++
++ return env->spec_ctrl != 0;
++}
++
++static const VMStateDescription vmstate_spec_ctrl = {
++ .name = "cpu/spec_ctrl",
++ .version_id = 1,
++ .minimum_version_id = 1,
++ .needed = spec_ctrl_needed,
++ .fields = (VMStateField[]){
++ VMSTATE_UINT64(env.spec_ctrl, X86CPU),
++ VMSTATE_END_OF_LIST()
++ }
++};
++
+ VMStateDescription vmstate_x86_cpu = {
+ .name = "cpu",
+ .version_id = 12,
+@@ -1053,6 +1072,7 @@ VMStateDescription vmstate_x86_cpu = {
+ #ifdef TARGET_X86_64
+ &vmstate_pkru,
+ #endif
++ &vmstate_spec_ctrl,
+ &vmstate_mcg_ext_ctl,
+ NULL
+ }
+--
+2.11.0
+
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Tue, 9 Jan 2018 13:45:15 -0200
+Subject: [PATCH] i386: Add spec-ctrl CPUID bit
+
+Add the feature name and a CPUID_7_0_EDX_SPEC_CTRL macro.
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+---
+ target/i386/cpu.c | 2 +-
+ target/i386/cpu.h | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index c673521016..faf1ff6dcc 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -460,7 +460,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+- NULL, NULL, NULL, NULL,
++ NULL, NULL, "spec-ctrl", NULL,
+ NULL, NULL, NULL, NULL,
+ },
+ .cpuid_eax = 7,
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index cc322d6b39..71261f4819 100644
+--- a/target/i386/cpu.h
++++ b/target/i386/cpu.h
+@@ -640,6 +640,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
+
+ #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */
+ #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */
++#define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
+
+ #define CPUID_XSAVE_XSAVEOPT (1U << 0)
+ #define CPUID_XSAVE_XSAVEC (1U << 1)
+--
+2.11.0
+
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Tue, 9 Jan 2018 13:45:16 -0200
+Subject: [PATCH] i386: Add FEAT_8000_0008_EBX CPUID feature word
+
+Add the new feature word and the "ibpb" feature flag.
+
+Based on a patch by Paolo Bonzini.
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+---
+ target/i386/cpu.c | 19 ++++++++++++++++++-
+ target/i386/cpu.h | 3 +++
+ 2 files changed, 21 insertions(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index faf1ff6dcc..eee365b78d 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -484,6 +484,22 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ .tcg_features = TCG_APM_FEATURES,
+ .unmigratable_flags = CPUID_APM_INVTSC,
+ },
++ [FEAT_8000_0008_EBX] = {
++ .feat_names = {
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ "ibpb", NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ },
++ .cpuid_eax = 0x80000008,
++ .cpuid_reg = R_EBX,
++ .tcg_features = 0,
++ .unmigratable_flags = 0,
++ },
+ [FEAT_XSAVE] = {
+ .feat_names = {
+ "xsaveopt", "xsavec", "xgetbv1", "xsaves",
+@@ -2984,7 +3000,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ } else {
+ *eax = cpu->phys_bits;
+ }
+- *ebx = 0;
++ *ebx = env->features[FEAT_8000_0008_EBX];
+ *ecx = 0;
+ *edx = 0;
+ if (cs->nr_cores * cs->nr_threads > 1) {
+@@ -3440,6 +3456,7 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error **errp)
+ x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_EDX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_ECX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_8000_0007_EDX);
++ x86_cpu_adjust_feat_level(cpu, FEAT_8000_0008_EBX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_SVM);
+ x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE);
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index 71261f4819..1ebee91930 100644
+--- a/target/i386/cpu.h
++++ b/target/i386/cpu.h
+@@ -452,6 +452,7 @@ typedef enum FeatureWord {
+ FEAT_8000_0001_EDX, /* CPUID[8000_0001].EDX */
+ FEAT_8000_0001_ECX, /* CPUID[8000_0001].ECX */
+ FEAT_8000_0007_EDX, /* CPUID[8000_0007].EDX */
++ FEAT_8000_0008_EBX, /* CPUID[8000_0008].EBX */
+ FEAT_C000_0001_EDX, /* CPUID[C000_0001].EDX */
+ FEAT_KVM, /* CPUID[4000_0001].EAX (KVM_CPUID_FEATURES) */
+ FEAT_HYPERV_EAX, /* CPUID[4000_0003].EAX */
+@@ -642,6 +643,8 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
+ #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */
+ #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
+
++#define CPUID_8000_0008_EBX_IBPB (1U << 12) /* Indirect Branch Prediction Barrier */
++
+ #define CPUID_XSAVE_XSAVEOPT (1U << 0)
+ #define CPUID_XSAVE_XSAVEC (1U << 1)
+ #define CPUID_XSAVE_XGETBV1 (1U << 2)
+--
+2.11.0
+
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Tue, 9 Jan 2018 13:45:17 -0200
+Subject: [PATCH] i386: Add new -IBRS versions of Intel CPU models
+
+The new MSR IA32_SPEC_CTRL MSR was introduced by a recent Intel
+microcode updated and can be used by OSes to mitigate
+CVE-2017-5715. Unfortunately we can't change the existing CPU
+models without breaking existing setups, so users need to
+explicitly update their VM configuration to use the new *-IBRS
+CPU model if they want to expose IBRS to guests.
+
+The new CPU models are simple copies of the existing CPU models,
+with just CPUID_7_0_EDX_SPEC_CTRL added and model_id updated.
+
+Cc: Jiri Denemark <jdenemar@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+---
+ target/i386/cpu.c | 427 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 426 insertions(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index eee365b78d..e4a2d5a012 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1085,6 +1085,31 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ .model_id = "Intel Core i7 9xx (Nehalem Class Core i7)",
+ },
+ {
++ .name = "Nehalem-IBRS",
++ .level = 11,
++ .vendor = CPUID_VENDOR_INTEL,
++ .family = 6,
++ .model = 26,
++ .stepping = 3,
++ .features[FEAT_1_EDX] =
++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
++ CPUID_DE | CPUID_FP87,
++ .features[FEAT_1_ECX] =
++ CPUID_EXT_POPCNT | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
++ CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_SSE3,
++ .features[FEAT_7_0_EDX] =
++ CPUID_7_0_EDX_SPEC_CTRL,
++ .features[FEAT_8000_0001_EDX] =
++ CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
++ .features[FEAT_8000_0001_ECX] =
++ CPUID_EXT3_LAHF_LM,
++ .xlevel = 0x80000008,
++ .model_id = "Intel Core i7 9xx (Nehalem Core i7, IBRS update)",
++ },
++ {
+ .name = "Westmere",
+ .level = 11,
+ .vendor = CPUID_VENDOR_INTEL,
+@@ -1111,6 +1136,34 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ .model_id = "Westmere E56xx/L56xx/X56xx (Nehalem-C)",
+ },
+ {
++ .name = "Westmere-IBRS",
++ .level = 11,
++ .vendor = CPUID_VENDOR_INTEL,
++ .family = 6,
++ .model = 44,
++ .stepping = 1,
++ .features[FEAT_1_EDX] =
++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
++ CPUID_DE | CPUID_FP87,
++ .features[FEAT_1_ECX] =
++ CPUID_EXT_AES | CPUID_EXT_POPCNT | CPUID_EXT_SSE42 |
++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
++ .features[FEAT_8000_0001_EDX] =
++ CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
++ .features[FEAT_8000_0001_ECX] =
++ CPUID_EXT3_LAHF_LM,
++ .features[FEAT_7_0_EDX] =
++ CPUID_7_0_EDX_SPEC_CTRL,
++ .features[FEAT_6_EAX] =
++ CPUID_6_EAX_ARAT,
++ .xlevel = 0x80000008,
++ .model_id = "Westmere E56xx/L56xx/X56xx (IBRS update)",
++ },
++ {
+ .name = "SandyBridge",
+ .level = 0xd,
+ .vendor = CPUID_VENDOR_INTEL,
+@@ -1142,6 +1195,39 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ .model_id = "Intel Xeon E312xx (Sandy Bridge)",
+ },
+ {
++ .name = "SandyBridge-IBRS",
++ .level = 0xd,
++ .vendor = CPUID_VENDOR_INTEL,
++ .family = 6,
++ .model = 42,
++ .stepping = 1,
++ .features[FEAT_1_EDX] =
++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
++ CPUID_DE | CPUID_FP87,
++ .features[FEAT_1_ECX] =
++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
++ CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
++ CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
++ CPUID_EXT_SSE3,
++ .features[FEAT_8000_0001_EDX] =
++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
++ CPUID_EXT2_SYSCALL,
++ .features[FEAT_8000_0001_ECX] =
++ CPUID_EXT3_LAHF_LM,
++ .features[FEAT_7_0_EDX] =
++ CPUID_7_0_EDX_SPEC_CTRL,
++ .features[FEAT_XSAVE] =
++ CPUID_XSAVE_XSAVEOPT,
++ .features[FEAT_6_EAX] =
++ CPUID_6_EAX_ARAT,
++ .xlevel = 0x80000008,
++ .model_id = "Intel Xeon E312xx (Sandy Bridge, IBRS update)",
++ },
++ {
+ .name = "IvyBridge",
+ .level = 0xd,
+ .vendor = CPUID_VENDOR_INTEL,
+@@ -1176,6 +1262,42 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ .model_id = "Intel Xeon E3-12xx v2 (Ivy Bridge)",
+ },
+ {
++ .name = "IvyBridge-IBRS",
++ .level = 0xd,
++ .vendor = CPUID_VENDOR_INTEL,
++ .family = 6,
++ .model = 58,
++ .stepping = 9,
++ .features[FEAT_1_EDX] =
++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
++ CPUID_DE | CPUID_FP87,
++ .features[FEAT_1_ECX] =
++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
++ CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
++ CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
++ CPUID_EXT_SSE3 | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
++ .features[FEAT_7_0_EBX] =
++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_SMEP |
++ CPUID_7_0_EBX_ERMS,
++ .features[FEAT_8000_0001_EDX] =
++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
++ CPUID_EXT2_SYSCALL,
++ .features[FEAT_8000_0001_ECX] =
++ CPUID_EXT3_LAHF_LM,
++ .features[FEAT_7_0_EDX] =
++ CPUID_7_0_EDX_SPEC_CTRL,
++ .features[FEAT_XSAVE] =
++ CPUID_XSAVE_XSAVEOPT,
++ .features[FEAT_6_EAX] =
++ CPUID_6_EAX_ARAT,
++ .xlevel = 0x80000008,
++ .model_id = "Intel Xeon E3-12xx v2 (Ivy Bridge, IBRS)",
++ },
++ {
+ .name = "Haswell-noTSX",
+ .level = 0xd,
+ .vendor = CPUID_VENDOR_INTEL,
+@@ -1210,7 +1332,46 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ CPUID_6_EAX_ARAT,
+ .xlevel = 0x80000008,
+ .model_id = "Intel Core Processor (Haswell, no TSX)",
+- }, {
++ },
++ {
++ .name = "Haswell-noTSX-IBRS",
++ .level = 0xd,
++ .vendor = CPUID_VENDOR_INTEL,
++ .family = 6,
++ .model = 60,
++ .stepping = 1,
++ .features[FEAT_1_EDX] =
++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
++ CPUID_DE | CPUID_FP87,
++ .features[FEAT_1_ECX] =
++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
++ .features[FEAT_8000_0001_EDX] =
++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
++ CPUID_EXT2_SYSCALL,
++ .features[FEAT_8000_0001_ECX] =
++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM,
++ .features[FEAT_7_0_EDX] =
++ CPUID_7_0_EDX_SPEC_CTRL,
++ .features[FEAT_7_0_EBX] =
++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
++ CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID,
++ .features[FEAT_XSAVE] =
++ CPUID_XSAVE_XSAVEOPT,
++ .features[FEAT_6_EAX] =
++ CPUID_6_EAX_ARAT,
++ .xlevel = 0x80000008,
++ .model_id = "Intel Core Processor (Haswell, no TSX, IBRS)",
++ },
++ {
+ .name = "Haswell",
+ .level = 0xd,
+ .vendor = CPUID_VENDOR_INTEL,
+@@ -1248,6 +1409,45 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ .model_id = "Intel Core Processor (Haswell)",
+ },
+ {
++ .name = "Haswell-IBRS",
++ .level = 0xd,
++ .vendor = CPUID_VENDOR_INTEL,
++ .family = 6,
++ .model = 60,
++ .stepping = 4,
++ .features[FEAT_1_EDX] =
++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
++ CPUID_DE | CPUID_FP87,
++ .features[FEAT_1_ECX] =
++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
++ .features[FEAT_8000_0001_EDX] =
++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
++ CPUID_EXT2_SYSCALL,
++ .features[FEAT_8000_0001_ECX] =
++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM,
++ .features[FEAT_7_0_EDX] =
++ CPUID_7_0_EDX_SPEC_CTRL,
++ .features[FEAT_7_0_EBX] =
++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
++ CPUID_7_0_EBX_RTM,
++ .features[FEAT_XSAVE] =
++ CPUID_XSAVE_XSAVEOPT,
++ .features[FEAT_6_EAX] =
++ CPUID_6_EAX_ARAT,
++ .xlevel = 0x80000008,
++ .model_id = "Intel Core Processor (Haswell, IBRS)",
++ },
++ {
+ .name = "Broadwell-noTSX",
+ .level = 0xd,
+ .vendor = CPUID_VENDOR_INTEL,
+@@ -1286,6 +1486,46 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ .model_id = "Intel Core Processor (Broadwell, no TSX)",
+ },
+ {
++ .name = "Broadwell-noTSX-IBRS",
++ .level = 0xd,
++ .vendor = CPUID_VENDOR_INTEL,
++ .family = 6,
++ .model = 61,
++ .stepping = 2,
++ .features[FEAT_1_EDX] =
++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
++ CPUID_DE | CPUID_FP87,
++ .features[FEAT_1_ECX] =
++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
++ .features[FEAT_8000_0001_EDX] =
++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
++ CPUID_EXT2_SYSCALL,
++ .features[FEAT_8000_0001_ECX] =
++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
++ .features[FEAT_7_0_EDX] =
++ CPUID_7_0_EDX_SPEC_CTRL,
++ .features[FEAT_7_0_EBX] =
++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
++ CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
++ CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
++ CPUID_7_0_EBX_SMAP,
++ .features[FEAT_XSAVE] =
++ CPUID_XSAVE_XSAVEOPT,
++ .features[FEAT_6_EAX] =
++ CPUID_6_EAX_ARAT,
++ .xlevel = 0x80000008,
++ .model_id = "Intel Core Processor (Broadwell, no TSX, IBRS)",
++ },
++ {
+ .name = "Broadwell",
+ .level = 0xd,
+ .vendor = CPUID_VENDOR_INTEL,
+@@ -1324,6 +1564,46 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ .model_id = "Intel Core Processor (Broadwell)",
+ },
+ {
++ .name = "Broadwell-IBRS",
++ .level = 0xd,
++ .vendor = CPUID_VENDOR_INTEL,
++ .family = 6,
++ .model = 61,
++ .stepping = 2,
++ .features[FEAT_1_EDX] =
++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
++ CPUID_DE | CPUID_FP87,
++ .features[FEAT_1_ECX] =
++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
++ .features[FEAT_8000_0001_EDX] =
++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
++ CPUID_EXT2_SYSCALL,
++ .features[FEAT_8000_0001_ECX] =
++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
++ .features[FEAT_7_0_EDX] =
++ CPUID_7_0_EDX_SPEC_CTRL,
++ .features[FEAT_7_0_EBX] =
++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
++ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
++ CPUID_7_0_EBX_SMAP,
++ .features[FEAT_XSAVE] =
++ CPUID_XSAVE_XSAVEOPT,
++ .features[FEAT_6_EAX] =
++ CPUID_6_EAX_ARAT,
++ .xlevel = 0x80000008,
++ .model_id = "Intel Core Processor (Broadwell, IBRS)",
++ },
++ {
+ .name = "Skylake-Client",
+ .level = 0xd,
+ .vendor = CPUID_VENDOR_INTEL,
+@@ -1369,6 +1649,151 @@ static X86CPUDefinition builtin_x86_defs[] = {
+ .model_id = "Intel Core Processor (Skylake)",
+ },
+ {
++ .name = "Skylake-Client-IBRS",
++ .level = 0xd,
++ .vendor = CPUID_VENDOR_INTEL,
++ .family = 6,
++ .model = 94,
++ .stepping = 3,
++ .features[FEAT_1_EDX] =
++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
++ CPUID_DE | CPUID_FP87,
++ .features[FEAT_1_ECX] =
++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
++ .features[FEAT_8000_0001_EDX] =
++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
++ CPUID_EXT2_SYSCALL,
++ .features[FEAT_8000_0001_ECX] =
++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
++ .features[FEAT_7_0_EDX] =
++ CPUID_7_0_EDX_SPEC_CTRL,
++ .features[FEAT_7_0_EBX] =
++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
++ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
++ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_MPX,
++ /* Missing: XSAVES (not supported by some Linux versions,
++ * including v4.1 to v4.12).
++ * KVM doesn't yet expose any XSAVES state save component,
++ * and the only one defined in Skylake (processor tracing)
++ * probably will block migration anyway.
++ */
++ .features[FEAT_XSAVE] =
++ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
++ CPUID_XSAVE_XGETBV1,
++ .features[FEAT_6_EAX] =
++ CPUID_6_EAX_ARAT,
++ .xlevel = 0x80000008,
++ .model_id = "Intel Core Processor (Skylake, IBRS)",
++ },
++ {
++ .name = "Skylake-Server",
++ .level = 0xd,
++ .vendor = CPUID_VENDOR_INTEL,
++ .family = 6,
++ .model = 85,
++ .stepping = 4,
++ .features[FEAT_1_EDX] =
++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
++ CPUID_DE | CPUID_FP87,
++ .features[FEAT_1_ECX] =
++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
++ .features[FEAT_8000_0001_EDX] =
++ CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
++ CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
++ .features[FEAT_8000_0001_ECX] =
++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
++ .features[FEAT_7_0_EBX] =
++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
++ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
++ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_CLWB |
++ CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
++ CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
++ CPUID_7_0_EBX_AVX512VL,
++ /* Missing: XSAVES (not supported by some Linux versions,
++ * including v4.1 to v4.12).
++ * KVM doesn't yet expose any XSAVES state save component,
++ * and the only one defined in Skylake (processor tracing)
++ * probably will block migration anyway.
++ */
++ .features[FEAT_XSAVE] =
++ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
++ CPUID_XSAVE_XGETBV1,
++ .features[FEAT_6_EAX] =
++ CPUID_6_EAX_ARAT,
++ .xlevel = 0x80000008,
++ .model_id = "Intel Xeon Processor (Skylake)",
++ },
++ {
++ .name = "Skylake-Server-IBRS",
++ .level = 0xd,
++ .vendor = CPUID_VENDOR_INTEL,
++ .family = 6,
++ .model = 85,
++ .stepping = 4,
++ .features[FEAT_1_EDX] =
++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
++ CPUID_DE | CPUID_FP87,
++ .features[FEAT_1_ECX] =
++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
++ .features[FEAT_8000_0001_EDX] =
++ CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
++ CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
++ .features[FEAT_8000_0001_ECX] =
++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
++ .features[FEAT_7_0_EDX] =
++ CPUID_7_0_EDX_SPEC_CTRL,
++ .features[FEAT_7_0_EBX] =
++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
++ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
++ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_CLWB |
++ CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
++ CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
++ CPUID_7_0_EBX_AVX512VL,
++ /* Missing: XSAVES (not supported by some Linux versions,
++ * including v4.1 to v4.12).
++ * KVM doesn't yet expose any XSAVES state save component,
++ * and the only one defined in Skylake (processor tracing)
++ * probably will block migration anyway.
++ */
++ .features[FEAT_XSAVE] =
++ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
++ CPUID_XSAVE_XGETBV1,
++ .features[FEAT_6_EAX] =
++ CPUID_6_EAX_ARAT,
++ .xlevel = 0x80000008,
++ .model_id = "Intel Xeon Processor (Skylake, IBRS)",
++ },
++ {
+ .name = "Opteron_G1",
+ .level = 5,
+ .vendor = CPUID_VENDOR_AMD,
+--
+2.11.0
+
extra/0024-virtio-check-VirtQueue-Vring-object-is-set.patch
extra/0025-block-gluster-glfs_lseek-workaround.patch
extra/0026-gluster-add-support-for-PREALLOC_MODE_FALLOC.patch
+extra/0027-target-i386-Use-host_vendor_fms-in-max_x86_cpu_initf.patch
+extra/0028-target-i386-Define-CPUID_MODEL_ID_SZ-macro.patch
+extra/0029-target-i386-Don-t-use-x86_cpu_load_def-on-max-CPU-mo.patch
+extra/0030-i386-Change-X86CPUDefinition-model_id-to-const-char.patch
+extra/0031-i386-Add-support-for-SPEC_CTRL-MSR.patch
+extra/0032-i386-Add-spec-ctrl-CPUID-bit.patch
+extra/0033-i386-Add-FEAT_8000_0008_EBX-CPUID-feature-word.patch
+extra/0034-i386-Add-new-IBRS-versions-of-Intel-CPU-models.patch