--- /dev/null
+From b4b806988ab8291594f8420f777840fc48fe6f03 Mon Sep 17 00:00:00 2001
+From: Robert Hoo <robert.hu@linux.intel.com>
+Date: Mon, 15 Oct 2018 12:47:23 +0800
+Subject: [PATCH] kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and
+ KVM_GET_MSRS system ioctl
+
+Add kvm_get_supported_feature_msrs() to get supported MSR feature index list.
+Add kvm_arch_get_supported_msr_feature() to get each MSR features value.
+
+Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
+Message-Id: <1539578845-37944-2-git-send-email-robert.hu@linux.intel.com>
+Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit f57bceb6ab5163ddd6c41ff4344ab8cf28a9c63d)
+Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
+---
+ include/sysemu/kvm.h | 2 ++
+ target/i386/kvm.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 82 insertions(+)
+
+diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
+index 0b64b8e067..97d8d9d0d5 100644
+--- a/include/sysemu/kvm.h
++++ b/include/sysemu/kvm.h
+@@ -463,6 +463,8 @@ int kvm_vm_check_extension(KVMState *s, unsigned int extension);
+
+ uint32_t kvm_arch_get_supported_cpuid(KVMState *env, uint32_t function,
+ uint32_t index, int reg);
++uint32_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index);
++
+
+ void kvm_set_sigmask_len(KVMState *s, unsigned int sigmask_len);
+
+diff --git a/target/i386/kvm.c b/target/i386/kvm.c
+index 9313602d3d..cd45c79169 100644
+--- a/target/i386/kvm.c
++++ b/target/i386/kvm.c
+@@ -107,6 +107,7 @@ static int has_pit_state2;
+ static bool has_msr_mcg_ext_ctl;
+
+ static struct kvm_cpuid2 *cpuid_cache;
++static struct kvm_msr_list *kvm_feature_msrs;
+
+ int kvm_has_pit_state2(void)
+ {
+@@ -420,6 +421,42 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
+ return ret;
+ }
+
++uint32_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index)
++{
++ struct {
++ struct kvm_msrs info;
++ struct kvm_msr_entry entries[1];
++ } msr_data;
++ uint32_t ret;
++
++ if (kvm_feature_msrs == NULL) { /* Host doesn't support feature MSRs */
++ return 0;
++ }
++
++ /* Check if requested MSR is supported feature MSR */
++ int i;
++ for (i = 0; i < kvm_feature_msrs->nmsrs; i++)
++ if (kvm_feature_msrs->indices[i] == index) {
++ break;
++ }
++ if (i == kvm_feature_msrs->nmsrs) {
++ return 0; /* if the feature MSR is not supported, simply return 0 */
++ }
++
++ msr_data.info.nmsrs = 1;
++ msr_data.entries[0].index = index;
++
++ ret = kvm_ioctl(s, KVM_GET_MSRS, &msr_data);
++ if (ret != 1) {
++ error_report("KVM get MSR (index=0x%x) feature failed, %s",
++ index, strerror(-ret));
++ exit(1);
++ }
++
++ return msr_data.entries[0].data;
++}
++
++
+ typedef struct HWPoisonPage {
+ ram_addr_t ram_addr;
+ QLIST_ENTRY(HWPoisonPage) list;
+@@ -1239,6 +1276,47 @@ void kvm_arch_do_init_vcpu(X86CPU *cpu)
+ }
+ }
+
++static int kvm_get_supported_feature_msrs(KVMState *s)
++{
++ int ret = 0;
++
++ if (kvm_feature_msrs != NULL) {
++ return 0;
++ }
++
++ if (!kvm_check_extension(s, KVM_CAP_GET_MSR_FEATURES)) {
++ return 0;
++ }
++
++ struct kvm_msr_list msr_list;
++
++ msr_list.nmsrs = 0;
++ ret = kvm_ioctl(s, KVM_GET_MSR_FEATURE_INDEX_LIST, &msr_list);
++ if (ret < 0 && ret != -E2BIG) {
++ error_report("Fetch KVM feature MSR list failed: %s",
++ strerror(-ret));
++ return ret;
++ }
++
++ assert(msr_list.nmsrs > 0);
++ kvm_feature_msrs = (struct kvm_msr_list *) \
++ g_malloc0(sizeof(msr_list) +
++ msr_list.nmsrs * sizeof(msr_list.indices[0]));
++
++ kvm_feature_msrs->nmsrs = msr_list.nmsrs;
++ ret = kvm_ioctl(s, KVM_GET_MSR_FEATURE_INDEX_LIST, kvm_feature_msrs);
++
++ if (ret < 0) {
++ error_report("Fetch KVM feature MSR list failed: %s",
++ strerror(-ret));
++ g_free(kvm_feature_msrs);
++ kvm_feature_msrs = NULL;
++ return ret;
++ }
++
++ return 0;
++}
++
+ static int kvm_get_supported_msrs(KVMState *s)
+ {
+ static int kvm_supported_msrs;
+@@ -1400,6 +1478,8 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
+ return ret;
+ }
+
++ kvm_get_supported_feature_msrs(s);
++
+ uname(&utsname);
+ lm_capable_kernel = strcmp(utsname.machine, "x86_64") == 0;
+
+--
+2.11.0
+
--- /dev/null
+From 09ab9eb795821898fcb9430fcb33581cd28d3400 Mon Sep 17 00:00:00 2001
+From: Robert Hoo <robert.hu@linux.intel.com>
+Date: Thu, 5 Jul 2018 17:09:55 +0800
+Subject: [PATCH] i386: Add CPUID bit and feature words for
+ IA32_ARCH_CAPABILITIES MSR
+
+Support of IA32_PRED_CMD MSR already be enumerated by same CPUID bit as
+SPEC_CTRL.
+
+At present, mark CPUID_7_0_EDX_ARCH_CAPABILITIES unmigratable, per Paolo's
+comment.
+
+Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
+Message-Id: <1530781798-183214-3-git-send-email-robert.hu@linux.intel.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit 3fc7c73139d2d38ae80c3b0bc963b1ac1555924c)
+Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
+---
+ target/i386/cpu.c | 3 ++-
+ target/i386/cpu.h | 1 +
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 3ac627978f..1d74be02ce 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1006,12 +1006,13 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, "spec-ctrl", NULL,
+- NULL, NULL, NULL, "ssbd",
++ NULL, "arch-capabilities", NULL, "ssbd",
+ },
+ .cpuid_eax = 7,
+ .cpuid_needs_ecx = true, .cpuid_ecx = 0,
+ .cpuid_reg = R_EDX,
+ .tcg_features = TCG_7_0_EDX_FEATURES,
++ .unmigratable_flags = CPUID_7_0_EDX_ARCH_CAPABILITIES,
+ },
+ [FEAT_8000_0007_EDX] = {
+ .feat_names = {
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index 93ede116d1..58ae637edc 100644
+--- a/target/i386/cpu.h
++++ b/target/i386/cpu.h
+@@ -688,6 +688,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
+ #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */
+ #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */
+ #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
++#define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29) /*Arch Capabilities*/
+ #define CPUID_7_0_EDX_SPEC_CTRL_SSBD (1U << 31) /* Speculative Store Bypass Disable */
+
+ #define CPUID_8000_0008_EBX_IBPB (1U << 12) /* Indirect Branch Prediction Barrier */
+--
+2.11.0
+
--- /dev/null
+From 745b4afa5ece8aa17306ca07e48ae9cb64161e6d Mon Sep 17 00:00:00 2001
+From: Robert Hoo <robert.hu@linux.intel.com>
+Date: Thu, 5 Jul 2018 17:09:54 +0800
+Subject: [PATCH] i386: Add new MSR indices for IA32_PRED_CMD and
+ IA32_ARCH_CAPABILITIES
+
+IA32_PRED_CMD MSR gives software a way to issue commands that affect the state
+of indirect branch predictors. Enumerated by CPUID.(EAX=7H,ECX=0):EDX[26].
+IA32_ARCH_CAPABILITIES MSR enumerates architectural features of RDCL_NO and
+IBRS_ALL. Enumerated by CPUID.(EAX=07H, ECX=0):EDX[29].
+
+https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf
+
+Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
+Message-Id: <1530781798-183214-2-git-send-email-robert.hu@linux.intel.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit 8c80c99fcceabd0708a5a83f08577e778c9419f5)
+Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
+---
+ target/i386/cpu.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index 58ae637edc..fb2f5f6ebc 100644
+--- a/target/i386/cpu.h
++++ b/target/i386/cpu.h
+@@ -354,6 +354,8 @@ typedef enum X86Seg {
+ #define MSR_TSC_ADJUST 0x0000003b
+ #define MSR_IA32_SPEC_CTRL 0x48
+ #define MSR_VIRT_SSBD 0xc001011f
++#define MSR_IA32_PRED_CMD 0x49
++#define MSR_IA32_ARCH_CAPABILITIES 0x10a
+ #define MSR_IA32_TSCDEADLINE 0x6e0
+
+ #define FEATURE_CONTROL_LOCKED (1<<0)
+--
+2.11.0
+
--- /dev/null
+From eef08dea8a8c9aea23f91d4547a6f41cec21f4cf Mon Sep 17 00:00:00 2001
+From: Robert Hoo <robert.hu@linux.intel.com>
+Date: Mon, 15 Oct 2018 12:47:24 +0800
+Subject: [PATCH] x86: Data structure changes to support MSR based
+ features
+
+Add FeatureWordType indicator in struct FeatureWordInfo.
+Change feature_word_info[] accordingly.
+Change existing functions that refer to feature_word_info[] accordingly.
+
+Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
+Message-Id: <1539578845-37944-3-git-send-email-robert.hu@linux.intel.com>
+[ehabkost: fixed hvf_enabled() case]
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
+(cherry picked from commit 07585923485952bf4cb7da563c9f91fecc85d09c)
+Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
+---
+ target/i386/cpu.c | 197 +++++++++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 142 insertions(+), 55 deletions(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 1d74be02ce..d2985144a3 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -770,17 +770,36 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
+ /* missing:
+ CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */
+
++typedef enum FeatureWordType {
++ CPUID_FEATURE_WORD,
++ MSR_FEATURE_WORD,
++} FeatureWordType;
++
+ typedef struct FeatureWordInfo {
++ FeatureWordType type;
+ /* feature flags names are taken from "Intel Processor Identification and
+ * the CPUID Instruction" and AMD's "CPUID Specification".
+ * In cases of disagreement between feature naming conventions,
+ * aliases may be added.
+ */
+ const char *feat_names[32];
+- uint32_t cpuid_eax; /* Input EAX for CPUID */
+- bool cpuid_needs_ecx; /* CPUID instruction uses ECX as input */
+- uint32_t cpuid_ecx; /* Input ECX value for CPUID */
+- int cpuid_reg; /* output register (R_* constant) */
++ union {
++ /* If type==CPUID_FEATURE_WORD */
++ struct {
++ uint32_t eax; /* Input EAX for CPUID */
++ bool needs_ecx; /* CPUID instruction uses ECX as input */
++ uint32_t ecx; /* Input ECX value for CPUID */
++ int reg; /* output register (R_* constant) */
++ } cpuid;
++ /* If type==MSR_FEATURE_WORD */
++ struct {
++ uint32_t index;
++ struct { /*CPUID that enumerate this MSR*/
++ FeatureWord cpuid_class;
++ uint32_t cpuid_flag;
++ } cpuid_dep;
++ } msr;
++ };
+ uint32_t tcg_features; /* Feature flags supported by TCG */
+ uint32_t unmigratable_flags; /* Feature flags known to be unmigratable */
+ uint32_t migratable_flags; /* Feature flags known to be migratable */
+@@ -790,6 +809,7 @@ typedef struct FeatureWordInfo {
+
+ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ [FEAT_1_EDX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ "fpu", "vme", "de", "pse",
+ "tsc", "msr", "pae", "mce",
+@@ -800,10 +820,11 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ "fxsr", "sse", "sse2", "ss",
+ "ht" /* Intel htt */, "tm", "ia64", "pbe",
+ },
+- .cpuid_eax = 1, .cpuid_reg = R_EDX,
++ .cpuid = {.eax = 1, .reg = R_EDX, },
+ .tcg_features = TCG_FEATURES,
+ },
+ [FEAT_1_ECX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ "pni" /* Intel,AMD sse3 */, "pclmulqdq", "dtes64", "monitor",
+ "ds-cpl", "vmx", "smx", "est",
+@@ -814,7 +835,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ "tsc-deadline", "aes", "xsave", NULL /* osxsave */,
+ "avx", "f16c", "rdrand", "hypervisor",
+ },
+- .cpuid_eax = 1, .cpuid_reg = R_ECX,
++ .cpuid = { .eax = 1, .reg = R_ECX, },
+ .tcg_features = TCG_EXT_FEATURES,
+ },
+ /* Feature names that are already defined on feature_name[] but
+@@ -823,6 +844,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ * to features[FEAT_8000_0001_EDX] if and only if CPU vendor is AMD.
+ */
+ [FEAT_8000_0001_EDX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ NULL /* fpu */, NULL /* vme */, NULL /* de */, NULL /* pse */,
+ NULL /* tsc */, NULL /* msr */, NULL /* pae */, NULL /* mce */,
+@@ -833,10 +855,11 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL /* fxsr */, "fxsr-opt", "pdpe1gb", "rdtscp",
+ NULL, "lm", "3dnowext", "3dnow",
+ },
+- .cpuid_eax = 0x80000001, .cpuid_reg = R_EDX,
++ .cpuid = { .eax = 0x80000001, .reg = R_EDX, },
+ .tcg_features = TCG_EXT2_FEATURES,
+ },
+ [FEAT_8000_0001_ECX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ "lahf-lm", "cmp-legacy", "svm", "extapic",
+ "cr8legacy", "abm", "sse4a", "misalignsse",
+@@ -847,7 +870,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ "perfctr-nb", NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = 0x80000001, .cpuid_reg = R_ECX,
++ .cpuid = { .eax = 0x80000001, .reg = R_ECX, },
+ .tcg_features = TCG_EXT3_FEATURES,
+ /*
+ * TOPOEXT is always allowed but can't be enabled blindly by
+@@ -857,6 +880,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ .no_autoenable_flags = CPUID_EXT3_TOPOEXT,
+ },
+ [FEAT_C000_0001_EDX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ NULL, NULL, "xstore", "xstore-en",
+ NULL, NULL, "xcrypt", "xcrypt-en",
+@@ -867,10 +891,11 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = 0xC0000001, .cpuid_reg = R_EDX,
++ .cpuid = { .eax = 0xC0000001, .reg = R_EDX, },
+ .tcg_features = TCG_EXT4_FEATURES,
+ },
+ [FEAT_KVM] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ "kvmclock", "kvm-nopiodelay", "kvm-mmu", "kvmclock",
+ "kvm-asyncpf", "kvm-steal-time", "kvm-pv-eoi", "kvm-pv-unhalt",
+@@ -881,10 +906,11 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ "kvmclock-stable-bit", NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = KVM_CPUID_FEATURES, .cpuid_reg = R_EAX,
++ .cpuid = { .eax = KVM_CPUID_FEATURES, .reg = R_EAX, },
+ .tcg_features = TCG_KVM_FEATURES,
+ },
+ [FEAT_KVM_HINTS] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ "kvm-hint-dedicated", NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+@@ -895,7 +921,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = KVM_CPUID_FEATURES, .cpuid_reg = R_EDX,
++ .cpuid = { .eax = KVM_CPUID_FEATURES, .reg = R_EDX, },
+ .tcg_features = TCG_KVM_FEATURES,
+ /*
+ * KVM hints aren't auto-enabled by -cpu host, they need to be
+@@ -904,6 +930,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ .no_autoenable_flags = ~0U,
+ },
+ [FEAT_HYPERV_EAX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ NULL /* hv_msr_vp_runtime_access */, NULL /* hv_msr_time_refcount_access */,
+ NULL /* hv_msr_synic_access */, NULL /* hv_msr_stimer_access */,
+@@ -918,9 +945,10 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = 0x40000003, .cpuid_reg = R_EAX,
++ .cpuid = { .eax = 0x40000003, .reg = R_EAX, },
+ },
+ [FEAT_HYPERV_EBX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ NULL /* hv_create_partitions */, NULL /* hv_access_partition_id */,
+ NULL /* hv_access_memory_pool */, NULL /* hv_adjust_message_buffers */,
+@@ -934,9 +962,10 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = 0x40000003, .cpuid_reg = R_EBX,
++ .cpuid = { .eax = 0x40000003, .reg = R_EBX, },
+ },
+ [FEAT_HYPERV_EDX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ NULL /* hv_mwait */, NULL /* hv_guest_debugging */,
+ NULL /* hv_perf_monitor */, NULL /* hv_cpu_dynamic_part */,
+@@ -949,9 +978,10 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = 0x40000003, .cpuid_reg = R_EDX,
++ .cpuid = { .eax = 0x40000003, .reg = R_EDX, },
+ },
+ [FEAT_SVM] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ "npt", "lbrv", "svm-lock", "nrip-save",
+ "tsc-scale", "vmcb-clean", "flushbyasid", "decodeassists",
+@@ -962,10 +992,11 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = 0x8000000A, .cpuid_reg = R_EDX,
++ .cpuid = { .eax = 0x8000000A, .reg = R_EDX, },
+ .tcg_features = TCG_SVM_FEATURES,
+ },
+ [FEAT_7_0_EBX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ "fsgsbase", "tsc-adjust", NULL, "bmi1",
+ "hle", "avx2", NULL, "smep",
+@@ -976,12 +1007,15 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ "clwb", "intel-pt", "avx512pf", "avx512er",
+ "avx512cd", "sha-ni", "avx512bw", "avx512vl",
+ },
+- .cpuid_eax = 7,
+- .cpuid_needs_ecx = true, .cpuid_ecx = 0,
+- .cpuid_reg = R_EBX,
++ .cpuid = {
++ .eax = 7,
++ .needs_ecx = true, .ecx = 0,
++ .reg = R_EBX,
++ },
+ .tcg_features = TCG_7_0_EBX_FEATURES,
+ },
+ [FEAT_7_0_ECX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ NULL, "avx512vbmi", "umip", "pku",
+ NULL /* ospke */, NULL, "avx512vbmi2", NULL,
+@@ -992,12 +1026,15 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, "cldemote", NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = 7,
+- .cpuid_needs_ecx = true, .cpuid_ecx = 0,
+- .cpuid_reg = R_ECX,
++ .cpuid = {
++ .eax = 7,
++ .needs_ecx = true, .ecx = 0,
++ .reg = R_ECX,
++ },
+ .tcg_features = TCG_7_0_ECX_FEATURES,
+ },
+ [FEAT_7_0_EDX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
+ NULL, NULL, NULL, NULL,
+@@ -1008,13 +1045,16 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, NULL, "spec-ctrl", NULL,
+ NULL, "arch-capabilities", NULL, "ssbd",
+ },
+- .cpuid_eax = 7,
+- .cpuid_needs_ecx = true, .cpuid_ecx = 0,
+- .cpuid_reg = R_EDX,
++ .cpuid = {
++ .eax = 7,
++ .needs_ecx = true, .ecx = 0,
++ .reg = R_EDX,
++ },
+ .tcg_features = TCG_7_0_EDX_FEATURES,
+ .unmigratable_flags = CPUID_7_0_EDX_ARCH_CAPABILITIES,
+ },
+ [FEAT_8000_0007_EDX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+@@ -1025,12 +1065,12 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = 0x80000007,
+- .cpuid_reg = R_EDX,
++ .cpuid = { .eax = 0x80000007, .reg = R_EDX, },
+ .tcg_features = TCG_APM_FEATURES,
+ .unmigratable_flags = CPUID_APM_INVTSC,
+ },
+ [FEAT_8000_0008_EBX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+@@ -1041,12 +1081,12 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ "amd-ssbd", "virt-ssbd", "amd-no-ssb", NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = 0x80000008,
+- .cpuid_reg = R_EBX,
++ .cpuid = { .eax = 0x80000008, .reg = R_EBX, },
+ .tcg_features = 0,
+ .unmigratable_flags = 0,
+ },
+ [FEAT_XSAVE] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ "xsaveopt", "xsavec", "xgetbv1", "xsaves",
+ NULL, NULL, NULL, NULL,
+@@ -1057,12 +1097,15 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = 0xd,
+- .cpuid_needs_ecx = true, .cpuid_ecx = 1,
+- .cpuid_reg = R_EAX,
++ .cpuid = {
++ .eax = 0xd,
++ .needs_ecx = true, .ecx = 1,
++ .reg = R_EAX,
++ },
+ .tcg_features = TCG_XSAVE_FEATURES,
+ },
+ [FEAT_6_EAX] = {
++ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ NULL, NULL, "arat", NULL,
+ NULL, NULL, NULL, NULL,
+@@ -1073,13 +1116,16 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+- .cpuid_eax = 6, .cpuid_reg = R_EAX,
++ .cpuid = { .eax = 6, .reg = R_EAX, },
+ .tcg_features = TCG_6_EAX_FEATURES,
+ },
+ [FEAT_XSAVE_COMP_LO] = {
+- .cpuid_eax = 0xD,
+- .cpuid_needs_ecx = true, .cpuid_ecx = 0,
+- .cpuid_reg = R_EAX,
++ .type = CPUID_FEATURE_WORD,
++ .cpuid = {
++ .eax = 0xD,
++ .needs_ecx = true, .ecx = 0,
++ .reg = R_EAX,
++ },
+ .tcg_features = ~0U,
+ .migratable_flags = XSTATE_FP_MASK | XSTATE_SSE_MASK |
+ XSTATE_YMM_MASK | XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK |
+@@ -1087,9 +1133,12 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ XSTATE_PKRU_MASK,
+ },
+ [FEAT_XSAVE_COMP_HI] = {
+- .cpuid_eax = 0xD,
+- .cpuid_needs_ecx = true, .cpuid_ecx = 0,
+- .cpuid_reg = R_EDX,
++ .type = CPUID_FEATURE_WORD,
++ .cpuid = {
++ .eax = 0xD,
++ .needs_ecx = true, .ecx = 0,
++ .reg = R_EDX,
++ },
+ .tcg_features = ~0U,
+ },
+ };
+@@ -2860,21 +2909,41 @@ static const TypeInfo host_x86_cpu_type_info = {
+
+ #endif
+
++static char *feature_word_description(FeatureWordInfo *f, uint32_t bit)
++{
++ assert(f->type == CPUID_FEATURE_WORD || f->type == MSR_FEATURE_WORD);
++
++ switch (f->type) {
++ case CPUID_FEATURE_WORD:
++ {
++ const char *reg = get_register_name_32(f->cpuid.reg);
++ assert(reg);
++ return g_strdup_printf("CPUID.%02XH:%s",
++ f->cpuid.eax, reg);
++ }
++ case MSR_FEATURE_WORD:
++ return g_strdup_printf("MSR(%02XH)",
++ f->msr.index);
++ }
++
++ return NULL;
++}
++
+ static void report_unavailable_features(FeatureWord w, uint32_t mask)
+ {
+ FeatureWordInfo *f = &feature_word_info[w];
+ int i;
++ char *feat_word_str;
+
+ for (i = 0; i < 32; ++i) {
+ if ((1UL << i) & mask) {
+- const char *reg = get_register_name_32(f->cpuid_reg);
+- assert(reg);
+- warn_report("%s doesn't support requested feature: "
+- "CPUID.%02XH:%s%s%s [bit %d]",
++ feat_word_str = feature_word_description(f, i);
++ warn_report("%s doesn't support requested feature: %s%s%s [bit %d]",
+ accel_uses_host_cpuid() ? "host" : "TCG",
+- f->cpuid_eax, reg,
++ feat_word_str,
+ f->feat_names[i] ? "." : "",
+ f->feat_names[i] ? f->feat_names[i] : "", i);
++ g_free(feat_word_str);
+ }
+ }
+ }
+@@ -3118,11 +3187,18 @@ static void x86_cpu_get_feature_words(Object *obj, Visitor *v,
+
+ for (w = 0; w < FEATURE_WORDS; w++) {
+ FeatureWordInfo *wi = &feature_word_info[w];
++ /*
++ * We didn't have MSR features when "feature-words" was
++ * introduced. Therefore skipped other type entries.
++ */
++ if (wi->type != CPUID_FEATURE_WORD) {
++ continue;
++ }
+ X86CPUFeatureWordInfo *qwi = &word_infos[w];
+- qwi->cpuid_input_eax = wi->cpuid_eax;
+- qwi->has_cpuid_input_ecx = wi->cpuid_needs_ecx;
+- qwi->cpuid_input_ecx = wi->cpuid_ecx;
+- qwi->cpuid_register = x86_reg_info_32[wi->cpuid_reg].qapi_enum;
++ qwi->cpuid_input_eax = wi->cpuid.eax;
++ qwi->has_cpuid_input_ecx = wi->cpuid.needs_ecx;
++ qwi->cpuid_input_ecx = wi->cpuid.ecx;
++ qwi->cpuid_register = x86_reg_info_32[wi->cpuid.reg].qapi_enum;
+ qwi->features = array[w];
+
+ /* List will be in reverse order, but order shouldn't matter */
+@@ -3495,16 +3571,26 @@ static uint32_t x86_cpu_get_supported_feature_word(FeatureWord w,
+ bool migratable_only)
+ {
+ FeatureWordInfo *wi = &feature_word_info[w];
+- uint32_t r;
++ uint32_t r = 0;
+
+ if (kvm_enabled()) {
+- r = kvm_arch_get_supported_cpuid(kvm_state, wi->cpuid_eax,
+- wi->cpuid_ecx,
+- wi->cpuid_reg);
++ switch (wi->type) {
++ case CPUID_FEATURE_WORD:
++ r = kvm_arch_get_supported_cpuid(kvm_state, wi->cpuid.eax,
++ wi->cpuid.ecx,
++ wi->cpuid.reg);
++ break;
++ case MSR_FEATURE_WORD:
++ r = kvm_arch_get_supported_msr_feature(kvm_state, wi->msr.index);
++ break;
++ }
+ } else if (hvf_enabled()) {
+- r = hvf_get_supported_cpuid(wi->cpuid_eax,
+- wi->cpuid_ecx,
+- wi->cpuid_reg);
++ if (wi->type != CPUID_FEATURE_WORD) {
++ return 0;
++ }
++ r = hvf_get_supported_cpuid(wi->cpuid.eax,
++ wi->cpuid.ecx,
++ wi->cpuid.reg);
+ } else if (tcg_enabled()) {
+ r = wi->tcg_features;
+ } else {
+@@ -4568,9 +4654,10 @@ static void x86_cpu_adjust_feat_level(X86CPU *cpu, FeatureWord w)
+ {
+ CPUX86State *env = &cpu->env;
+ FeatureWordInfo *fi = &feature_word_info[w];
+- uint32_t eax = fi->cpuid_eax;
++ uint32_t eax = fi->cpuid.eax;
+ uint32_t region = eax & 0xF0000000;
+
++ assert(feature_word_info[w].type == CPUID_FEATURE_WORD);
+ if (!env->features[w]) {
+ return;
+ }
+--
+2.11.0
+
--- /dev/null
+From 13edfb1c1bc0b0b419e078cdc158804eedc499f7 Mon Sep 17 00:00:00 2001
+From: Robert Hoo <robert.hu@linux.intel.com>
+Date: Mon, 15 Oct 2018 12:47:25 +0800
+Subject: [PATCH] x86: define a new MSR based feature word --
+ FEATURE_WORDS_ARCH_CAPABILITIES
+
+Note RSBA is specially treated -- no matter host support it or not, qemu
+pretends it is supported.
+
+Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
+Message-Id: <1539578845-37944-4-git-send-email-robert.hu@linux.intel.com>
+[ehabkost: removed automatic enabling of RSBA]
+Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
+(cherry picked from commit d86f963694df27f11b3681ffd225c9362de1b634)
+Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
+---
+ target/i386/cpu.c | 24 +++++++++++++++++++++++-
+ target/i386/cpu.h | 8 ++++++++
+ target/i386/kvm.c | 11 +++++++++++
+ 3 files changed, 42 insertions(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index d2985144a3..a64aa8793e 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1141,6 +1141,27 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ },
+ .tcg_features = ~0U,
+ },
++ /*Below are MSR exposed features*/
++ [FEAT_ARCH_CAPABILITIES] = {
++ .type = MSR_FEATURE_WORD,
++ .feat_names = {
++ "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
++ "ssb-no", NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ },
++ .msr = {
++ .index = MSR_IA32_ARCH_CAPABILITIES,
++ .cpuid_dep = {
++ FEAT_7_0_EDX,
++ CPUID_7_0_EDX_ARCH_CAPABILITIES
++ }
++ },
++ },
+ };
+
+ typedef struct X86RegisterInfo32 {
+@@ -3581,7 +3602,8 @@ static uint32_t x86_cpu_get_supported_feature_word(FeatureWord w,
+ wi->cpuid.reg);
+ break;
+ case MSR_FEATURE_WORD:
+- r = kvm_arch_get_supported_msr_feature(kvm_state, wi->msr.index);
++ r = kvm_arch_get_supported_msr_feature(kvm_state,
++ wi->msr.index);
+ break;
+ }
+ } else if (hvf_enabled()) {
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index fb2f5f6ebc..ae54a98249 100644
+--- a/target/i386/cpu.h
++++ b/target/i386/cpu.h
+@@ -502,6 +502,7 @@ typedef enum FeatureWord {
+ FEAT_6_EAX, /* CPUID[6].EAX */
+ FEAT_XSAVE_COMP_LO, /* CPUID[EAX=0xd,ECX=0].EAX */
+ FEAT_XSAVE_COMP_HI, /* CPUID[EAX=0xd,ECX=0].EDX */
++ FEAT_ARCH_CAPABILITIES,
+ FEATURE_WORDS,
+ } FeatureWord;
+
+@@ -727,6 +728,13 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
+ #define CPUID_TOPOLOGY_LEVEL_SMT (1U << 8)
+ #define CPUID_TOPOLOGY_LEVEL_CORE (2U << 8)
+
++/* MSR Feature Bits */
++#define MSR_ARCH_CAP_RDCL_NO (1U << 0)
++#define MSR_ARCH_CAP_IBRS_ALL (1U << 1)
++#define MSR_ARCH_CAP_RSBA (1U << 2)
++#define MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY (1U << 3)
++#define MSR_ARCH_CAP_SSB_NO (1U << 4)
++
+ #ifndef HYPERV_SPINLOCK_NEVER_RETRY
+ #define HYPERV_SPINLOCK_NEVER_RETRY 0xFFFFFFFF
+ #endif
+diff --git a/target/i386/kvm.c b/target/i386/kvm.c
+index cd45c79169..0b7fcb4f7f 100644
+--- a/target/i386/kvm.c
++++ b/target/i386/kvm.c
+@@ -1936,6 +1936,17 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
+ }
+ #endif
+
++ /* If host supports feature MSR, write down. */
++ if (kvm_feature_msrs) {
++ int i;
++ for (i = 0; i < kvm_feature_msrs->nmsrs; i++)
++ if (kvm_feature_msrs->indices[i] == MSR_IA32_ARCH_CAPABILITIES) {
++ kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES,
++ env->features[FEAT_ARCH_CAPABILITIES]);
++ break;
++ }
++ }
++
+ /*
+ * The following MSRs have side effects on the guest or are too heavy
+ * for normal writeback. Limit them to reset or full state updates.
+--
+2.11.0
+
--- /dev/null
+From a367cd537f9a4e1cf1c63ebf4798dd8bf43d148d Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 16 May 2019 20:53:20 +0200
+Subject: [PATCH] target/i386: add MDS-NO feature
+
+Microarchitectural Data Sampling is a hardware vulnerability which allows
+unprivileged speculative access to data which is available in various CPU
+internal buffers.
+
+Some Intel processors use the ARCH_CAP_MDS_NO bit in the
+IA32_ARCH_CAPABILITIES
+MSR to report that they are not vulnerable, make it available to guests.
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-Id: <20190516185320.28340-1-pbonzini@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit 20140a82c67467f53814ca197403d5e1b561a5e5)
+Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
+---
+ target/i386/cpu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index a64aa8793e..02b64f730c 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1146,7 +1146,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ .type = MSR_FEATURE_WORD,
+ .feat_names = {
+ "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
+- "ssb-no", NULL, NULL, NULL,
++ "ssb-no", "mds-no", NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+--
+2.11.0
+
--- /dev/null
+From 23274f8f4209041c13440ac673f413f3dfe7b60f Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Wed, 15 May 2019 15:10:10 +0100
+Subject: [PATCH] target/i386: define md-clear bit
+
+md-clear is a new CPUID bit which is set when microcode provides the
+mechanism to invoke a flush of various exploitable CPU buffers by invoking
+the VERW instruction.
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-Id: <20190515141011.5315-2-berrange@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit b2ae52101fca7f9547ac2f388085dbc58f8fe1c0)
+Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
+---
+ target/i386/cpu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 02b64f730c..5ddcd72c9c 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1038,7 +1038,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ .feat_names = {
+ NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
+ NULL, NULL, NULL, NULL,
+- NULL, NULL, NULL, NULL,
++ NULL, NULL, "md-clear", NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+--
+2.11.0
+
--- /dev/null
+From 9e06602a7741599d0129c88fea0f2fc9dc1e5461 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Wed, 27 Jun 2018 17:01:03 +0100
+Subject: [PATCH] docs: add guidance on configuring CPU models for x86
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+With the recent set of CPU hardware vulnerabilities on x86, it is
+increasingly difficult to understand which CPU configurations are
+good to use and what flaws they might be vulnerable to.
+
+This doc attempts to help management applications and administrators in
+picking sensible CPU configuration on x86 hosts. It outlines which of
+the named CPU models are good choices, and describes which extra CPU
+flags should be enabled to allow the guest to mitigate hardware flaws.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+Message-Id: <20180627160103.13634-1-berrange@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit 2544e9e4aa2bcef8ac069057a681a5ff37a23e49)
+Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
+---
+ MAINTAINERS | 1 +
+ Makefile | 7 +-
+ docs/qemu-cpu-models.texi | 484 ++++++++++++++++++++++++++++++++++++++++++++++
+ qemu-doc.texi | 6 +
+ 4 files changed, 497 insertions(+), 1 deletion(-)
+ create mode 100644 docs/qemu-cpu-models.texi
+
+diff --git a/MAINTAINERS b/MAINTAINERS
+index 299a73cd86..132df824f4 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -289,6 +289,7 @@ F: tests/tcg/i386/
+ F: tests/tcg/x86_64/
+ F: hw/i386/
+ F: disas/i386.c
++F: docs/qemu-cpu-models.texi
+ T: git git://github.com/ehabkost/qemu.git x86-next
+
+ Xtensa
+diff --git a/Makefile b/Makefile
+index 5a0aad2004..14a7405deb 100644
+--- a/Makefile
++++ b/Makefile
+@@ -357,6 +357,7 @@ DOCS=qemu-doc.html qemu-doc.txt qemu.1 qemu-img.1 qemu-nbd.8 qemu-ga.8
+ DOCS+=docs/interop/qemu-qmp-ref.html docs/interop/qemu-qmp-ref.txt docs/interop/qemu-qmp-ref.7
+ DOCS+=docs/interop/qemu-ga-ref.html docs/interop/qemu-ga-ref.txt docs/interop/qemu-ga-ref.7
+ DOCS+=docs/qemu-block-drivers.7
++DOCS+=docs/qemu-cpu-models.7
+ ifdef CONFIG_VIRTFS
+ DOCS+=fsdev/virtfs-proxy-helper.1
+ endif
+@@ -779,6 +780,7 @@ distclean: clean
+ rm -f docs/interop/qemu-qmp-ref.pdf docs/interop/qemu-ga-ref.pdf
+ rm -f docs/interop/qemu-qmp-ref.html docs/interop/qemu-ga-ref.html
+ rm -f docs/qemu-block-drivers.7
++ rm -f docs/qemu-cpu-models.7
+ for d in $(TARGET_DIRS); do \
+ rm -rf $$d || exit 1 ; \
+ done
+@@ -824,6 +826,7 @@ ifdef CONFIG_POSIX
+ $(INSTALL_DIR) "$(DESTDIR)$(mandir)/man7"
+ $(INSTALL_DATA) docs/interop/qemu-qmp-ref.7 "$(DESTDIR)$(mandir)/man7"
+ $(INSTALL_DATA) docs/qemu-block-drivers.7 "$(DESTDIR)$(mandir)/man7"
++ $(INSTALL_DATA) docs/qemu-cpu-models.7 "$(DESTDIR)$(mandir)/man7"
+ ifneq ($(TOOLS),)
+ $(INSTALL_DATA) qemu-img.1 "$(DESTDIR)$(mandir)/man1"
+ $(INSTALL_DIR) "$(DESTDIR)$(mandir)/man8"
+@@ -966,6 +969,7 @@ fsdev/virtfs-proxy-helper.1: fsdev/virtfs-proxy-helper.texi
+ qemu-nbd.8: qemu-nbd.texi qemu-option-trace.texi
+ qemu-ga.8: qemu-ga.texi
+ docs/qemu-block-drivers.7: docs/qemu-block-drivers.texi
++docs/qemu-cpu-models.7: docs/qemu-cpu-models.texi
+
+ html: qemu-doc.html docs/interop/qemu-qmp-ref.html docs/interop/qemu-ga-ref.html
+ info: qemu-doc.info docs/interop/qemu-qmp-ref.info docs/interop/qemu-ga-ref.info
+@@ -975,7 +979,8 @@ txt: qemu-doc.txt docs/interop/qemu-qmp-ref.txt docs/interop/qemu-ga-ref.txt
+ qemu-doc.html qemu-doc.info qemu-doc.pdf qemu-doc.txt: \
+ qemu-img.texi qemu-nbd.texi qemu-options.texi qemu-option-trace.texi \
+ qemu-monitor.texi qemu-img-cmds.texi qemu-ga.texi \
+- qemu-monitor-info.texi docs/qemu-block-drivers.texi
++ qemu-monitor-info.texi docs/qemu-block-drivers.texi \
++ docs/qemu-cpu-models.texi
+
+ docs/interop/qemu-ga-ref.dvi docs/interop/qemu-ga-ref.html \
+ docs/interop/qemu-ga-ref.info docs/interop/qemu-ga-ref.pdf \
+diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi
+new file mode 100644
+index 0000000000..1935f98c63
+--- /dev/null
++++ b/docs/qemu-cpu-models.texi
+@@ -0,0 +1,484 @@
++@c man begin SYNOPSIS
++QEMU / KVM CPU model configuration
++@c man end
++
++@c man begin DESCRIPTION
++
++@menu
++* recommendations_cpu_models_x86:: Recommendations for KVM CPU model configuration on x86 hosts
++* cpu_model_syntax_apps:: Syntax for configuring CPU models
++@end menu
++
++QEMU / KVM virtualization supports two ways to configure CPU models
++
++@table @option
++
++@item Host passthrough
++
++This passes the host CPU model features, model, stepping, exactly to the
++guest. Note that KVM may filter out some host CPU model features if they
++cannot be supported with virtualization. Live migration is unsafe when
++this mode is used as libvirt / QEMU cannot guarantee a stable CPU is
++exposed to the guest across hosts. This is the recommended CPU to use,
++provided live migration is not required.
++
++@item Named model
++
++QEMU comes with a number of predefined named CPU models, that typically
++refer to specific generations of hardware released by Intel and AMD.
++These allow the guest VMs to have a degree of isolation from the host CPU,
++allowing greater flexibility in live migrating between hosts with differing
++hardware.
++@end table
++
++In both cases, it is possible to optionally add or remove individual CPU
++features, to alter what is presented to the guest by default.
++
++Libvirt supports a third way to configure CPU models known as "Host model".
++This uses the QEMU "Named model" feature, automatically picking a CPU model
++that is similar the host CPU, and then adding extra features to approximate
++the host model as closely as possible. This does not guarantee the CPU family,
++stepping, etc will precisely match the host CPU, as they would with "Host
++passthrough", but gives much of the benefit of passthrough, while making
++live migration safe.
++
++@node recommendations_cpu_models_x86
++@subsection Recommendations for KVM CPU model configuration on x86 hosts
++
++The information that follows provides recommendations for configuring
++CPU models on x86 hosts. The goals are to maximise performance, while
++protecting guest OS against various CPU hardware flaws, and optionally
++enabling live migration between hosts with hetergeneous CPU models.
++
++@menu
++* preferred_cpu_models_intel_x86:: Preferred CPU models for Intel x86 hosts
++* important_cpu_features_intel_x86:: Important CPU features for Intel x86 hosts
++* preferred_cpu_models_amd_x86:: Preferred CPU models for AMD x86 hosts
++* important_cpu_features_amd_x86:: Important CPU features for AMD x86 hosts
++* default_cpu_models_x86:: Default x86 CPU models
++* other_non_recommended_cpu_models_x86:: Other non-recommended x86 CPUs
++@end menu
++
++@node preferred_cpu_models_intel_x86
++@subsubsection Preferred CPU models for Intel x86 hosts
++
++The following CPU models are preferred for use on Intel hosts. Administrators /
++applications are recommended to use the CPU model that matches the generation
++of the host CPUs in use. In a deployment with a mixture of host CPU models
++between machines, if live migration compatibility is required, use the newest
++CPU model that is compatible across all desired hosts.
++
++@table @option
++@item @code{Skylake-Server}
++@item @code{Skylake-Server-IBRS}
++
++Intel Xeon Processor (Skylake, 2016)
++
++
++@item @code{Skylake-Client}
++@item @code{Skylake-Client-IBRS}
++
++Intel Core Processor (Skylake, 2015)
++
++
++@item @code{Broadwell}
++@item @code{Broadwell-IBRS}
++@item @code{Broadwell-noTSX}
++@item @code{Broadwell-noTSX-IBRS}
++
++Intel Core Processor (Broadwell, 2014)
++
++
++@item @code{Haswell}
++@item @code{Haswell-IBRS}
++@item @code{Haswell-noTSX}
++@item @code{Haswell-noTSX-IBRS}
++
++Intel Core Processor (Haswell, 2013)
++
++
++@item @code{IvyBridge}
++@item @code{IvyBridge-IBRS}
++
++Intel Xeon E3-12xx v2 (Ivy Bridge, 2012)
++
++
++@item @code{SandyBridge}
++@item @code{SandyBridge-IBRS}
++
++Intel Xeon E312xx (Sandy Bridge, 2011)
++
++
++@item @code{Westmere}
++@item @code{Westmere-IBRS}
++
++Westmere E56xx/L56xx/X56xx (Nehalem-C, 2010)
++
++
++@item @code{Nehalem}
++@item @code{Nehalem-IBRS}
++
++Intel Core i7 9xx (Nehalem Class Core i7, 2008)
++
++
++@item @code{Penryn}
++
++Intel Core 2 Duo P9xxx (Penryn Class Core 2, 2007)
++
++
++@item @code{Conroe}
++
++Intel Celeron_4x0 (Conroe/Merom Class Core 2, 2006)
++
++@end table
++
++@node important_cpu_features_intel_x86
++@subsubsection Important CPU features for Intel x86 hosts
++
++The following are important CPU features that should be used on Intel x86
++hosts, when available in the host CPU. Some of them require explicit
++configuration to enable, as they are not included by default in some, or all,
++of the named CPU models listed above. In general all of these features are
++included if using "Host passthrough" or "Host model".
++
++
++@table @option
++
++@item @code{pcid}
++
++Recommended to mitigate the cost of the Meltdown (CVE-2017-5754) fix
++
++Included by default in Haswell, Broadwell & Skylake Intel CPU models.
++
++Should be explicitly turned on for Westmere, SandyBridge, and IvyBridge
++Intel CPU models. Note that some desktop/mobile Westmere CPUs cannot
++support this feature.
++
++
++@item @code{spec-ctrl}
++
++Required to enable the Spectre (CVE-2017-5753 and CVE-2017-5715) fix,
++in cases where retpolines are not sufficient.
++
++Included by default in Intel CPU models with -IBRS suffix.
++
++Must be explicitly turned on for Intel CPU models without -IBRS suffix.
++
++Requires the host CPU microcode to support this feature before it
++can be used for guest CPUs.
++
++
++@item @code{ssbd}
++
++Required to enable the CVE-2018-3639 fix
++
++Not included by default in any Intel CPU model.
++
++Must be explicitly turned on for all Intel CPU models.
++
++Requires the host CPU microcode to support this feature before it
++can be used for guest CPUs.
++
++
++@item @code{pdpe1gb}
++
++Recommended to allow guest OS to use 1GB size pages
++
++Not included by default in any Intel CPU model.
++
++Should be explicitly turned on for all Intel CPU models.
++
++Note that not all CPU hardware will support this feature.
++@end table
++
++
++@node preferred_cpu_models_amd_x86
++@subsubsection Preferred CPU models for AMD x86 hosts
++
++The following CPU models are preferred for use on Intel hosts. Administrators /
++applications are recommended to use the CPU model that matches the generation
++of the host CPUs in use. In a deployment with a mixture of host CPU models
++between machines, if live migration compatibility is required, use the newest
++CPU model that is compatible across all desired hosts.
++
++@table @option
++
++@item @code{EPYC}
++@item @code{EPYC-IBPB}
++
++AMD EPYC Processor (2017)
++
++
++@item @code{Opteron_G5}
++
++AMD Opteron 63xx class CPU (2012)
++
++
++@item @code{Opteron_G4}
++
++AMD Opteron 62xx class CPU (2011)
++
++
++@item @code{Opteron_G3}
++
++AMD Opteron 23xx (Gen 3 Class Opteron, 2009)
++
++
++@item @code{Opteron_G2}
++
++AMD Opteron 22xx (Gen 2 Class Opteron, 2006)
++
++
++@item @code{Opteron_G1}
++
++AMD Opteron 240 (Gen 1 Class Opteron, 2004)
++@end table
++
++@node important_cpu_features_amd_x86
++@subsubsection Important CPU features for AMD x86 hosts
++
++The following are important CPU features that should be used on AMD x86
++hosts, when available in the host CPU. Some of them require explicit
++configuration to enable, as they are not included by default in some, or all,
++of the named CPU models listed above. In general all of these features are
++included if using "Host passthrough" or "Host model".
++
++
++@table @option
++
++@item @code{ibpb}
++
++Required to enable the Spectre (CVE-2017-5753 and CVE-2017-5715) fix,
++in cases where retpolines are not sufficient.
++
++Included by default in AMD CPU models with -IBPB suffix.
++
++Must be explicitly turned on for AMD CPU models without -IBPB suffix.
++
++Requires the host CPU microcode to support this feature before it
++can be used for guest CPUs.
++
++
++@item @code{virt-ssbd}
++
++Required to enable the CVE-2018-3639 fix
++
++Not included by default in any AMD CPU model.
++
++Must be explicitly turned on for all AMD CPU models.
++
++This should be provided to guests, even if amd-ssbd is also
++provided, for maximum guest compatibility.
++
++Note for some QEMU / libvirt versions, this must be force enabled
++when when using "Host model", because this is a virtual feature
++that doesn't exist in the physical host CPUs.
++
++
++@item @code{amd-ssbd}
++
++Required to enable the CVE-2018-3639 fix
++
++Not included by default in any AMD CPU model.
++
++Must be explicitly turned on for all AMD CPU models.
++
++This provides higher performance than virt-ssbd so should be
++exposed to guests whenever available in the host. virt-ssbd
++should none the less also be exposed for maximum guest
++compatability as some kernels only know about virt-ssbd.
++
++
++@item @code{amd-no-ssb}
++
++Recommended to indicate the host is not vulnerable CVE-2018-3639
++
++Not included by default in any AMD CPU model.
++
++Future hardware genarations of CPU will not be vulnerable to
++CVE-2018-3639, and thus the guest should be told not to enable
++its mitigations, by exposing amd-no-ssb. This is mutually
++exclusive with virt-ssbd and amd-ssbd.
++
++
++@item @code{pdpe1gb}
++
++Recommended to allow guest OS to use 1GB size pages
++
++Not included by default in any AMD CPU model.
++
++Should be explicitly turned on for all AMD CPU models.
++
++Note that not all CPU hardware will support this feature.
++@end table
++
++
++@node default_cpu_models_x86
++@subsubsection Default x86 CPU models
++
++The default QEMU CPU models are designed such that they can run on all hosts.
++If an application does not wish to do perform any host compatibility checks
++before launching guests, the default is guaranteed to work.
++
++The default CPU models will, however, leave the guest OS vulnerable to various
++CPU hardware flaws, so their use is strongly discouraged. Applications should
++follow the earlier guidance to setup a better CPU configuration, with host
++passthrough recommended if live migration is not needed.
++
++@table @option
++@item @code{qemu32}
++@item @code{qemu64}
++
++QEMU Virtual CPU version 2.5+ (32 & 64 bit variants)
++
++qemu64 is used for x86_64 guests and qemu32 is used for i686 guests, when no
++-cpu argument is given to QEMU, or no <cpu> is provided in libvirt XML.
++@end table
++
++
++@node other_non_recommended_cpu_models_x86
++@subsubsection Other non-recommended x86 CPUs
++
++The following CPUs models are compatible with most AMD and Intel x86 hosts, but
++their usage is discouraged, as they expose a very limited featureset, which
++prevents guests having optimal performance.
++
++@table @option
++
++@item @code{kvm32}
++@item @code{kvm64}
++
++Common KVM processor (32 & 64 bit variants)
++
++Legacy models just for historical compatibility with ancient QEMU versions.
++
++
++@item @code{486}
++@item @code{athlon}
++@item @code{phenom}
++@item @code{coreduo}
++@item @code{core2duo}
++@item @code{n270}
++@item @code{pentium}
++@item @code{pentium2}
++@item @code{pentium3}
++
++Various very old x86 CPU models, mostly predating the introduction of
++hardware assisted virtualization, that should thus not be required for
++running virtual machines.
++@end table
++
++@node cpu_model_syntax_apps
++@subsection Syntax for configuring CPU models
++
++The example below illustrate the approach to configuring the various
++CPU models / features in QEMU and libvirt
++
++@menu
++* cpu_model_syntax_qemu:: QEMU command line
++* cpu_model_syntax_libvirt:: Libvirt guest XML
++@end menu
++
++@node cpu_model_syntax_qemu
++@subsubsection QEMU command line
++
++@table @option
++
++@item Host passthrough
++
++@example
++ $ qemu-system-x86_64 -cpu host
++@end example
++
++With feature customization:
++
++@example
++ $ qemu-system-x86_64 -cpu host,-vmx,...
++@end example
++
++@item Named CPU models
++
++@example
++ $ qemu-system-x86_64 -cpu Westmere
++@end example
++
++With feature customization:
++
++@example
++ $ qemu-system-x86_64 -cpu Westmere,+pcid,...
++@end example
++
++@end table
++
++@node cpu_model_syntax_libvirt
++@subsubsection Libvirt guest XML
++
++@table @option
++
++@item Host passthrough
++
++@example
++ <cpu mode='host-passthrough'/>
++@end example
++
++With feature customization:
++
++@example
++ <cpu mode='host-passthrough'>
++ <feature name="vmx" policy="disable"/>
++ ...
++ </cpu>
++@end example
++
++@item Host model
++
++@example
++ <cpu mode='host-model'/>
++@end example
++
++With feature customization:
++
++@example
++ <cpu mode='host-model'>
++ <feature name="vmx" policy="disable"/>
++ ...
++ </cpu>
++@end example
++
++@item Named model
++
++@example
++ <cpu mode='custom'>
++ <model name="Westmere"/>
++ </cpu>
++@end example
++
++With feature customization:
++
++@example
++ <cpu mode='custom'>
++ <model name="Westmere"/>
++ <feature name="pcid" policy="require"/>
++ ...
++ </cpu>
++@end example
++
++@end table
++
++@c man end
++
++@ignore
++
++@setfilename qemu-cpu-models
++@settitle QEMU / KVM CPU model configuration
++
++@c man begin SEEALSO
++The HTML documentation of QEMU for more precise information and Linux
++user mode emulator invocation.
++@c man end
++
++@c man begin AUTHOR
++Daniel P. Berrange
++@c man end
++
++@end ignore
+diff --git a/qemu-doc.texi b/qemu-doc.texi
+index abfd2db546..fd64f9fcf5 100644
+--- a/qemu-doc.texi
++++ b/qemu-doc.texi
+@@ -135,6 +135,7 @@ accelerator is required to use more than one host CPU for emulation.
+ * pcsys_keys:: Keys in the graphical frontends
+ * mux_keys:: Keys in the character backend multiplexer
+ * pcsys_monitor:: QEMU Monitor
++* cpu_models:: CPU models
+ * disk_images:: Disk Images
+ * pcsys_network:: Network emulation
+ * pcsys_other_devs:: Other Devices
+@@ -602,6 +603,11 @@ The monitor understands integers expressions for every integer
+ argument. You can use register names to get the value of specifics
+ CPU registers by prefixing them with @emph{$}.
+
++@node cpu_models
++@section CPU models
++
++@include docs/qemu-cpu-models.texi
++
+ @node disk_images
+ @section Disk Images
+
+--
+2.11.0
+
--- /dev/null
+From 2d0ca4591b568544b4a8da6e1f4d573048d5fab5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Wed, 15 May 2019 15:10:11 +0100
+Subject: [PATCH] docs: recommend use of md-clear feature on all Intel
+ CPUs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Update x86 CPU model guidance to recommend that the md-clear feature is
+manually enabled with all Intel CPU models, when supported by the host
+microcode.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+Message-Id: <20190515141011.5315-3-berrange@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit 2c7e82a30774730100da9dbe68d2360459030d91)
+Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
+---
+ docs/qemu-cpu-models.texi | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi
+index 1935f98c63..5cb3d8b939 100644
+--- a/docs/qemu-cpu-models.texi
++++ b/docs/qemu-cpu-models.texi
+@@ -189,6 +189,18 @@ Not included by default in any Intel CPU model.
+ Should be explicitly turned on for all Intel CPU models.
+
+ Note that not all CPU hardware will support this feature.
++
++@item @code{md-clear}
++
++Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
++CVE-2019-11091) fixes.
++
++Not included by default in any Intel CPU model.
++
++Must be explicitly turned on for all Intel CPU models.
++
++Requires the host CPU microcode to support this feature before it
++can be used for guest CPUs.
+ @end table
+
+
+--
+2.11.0
+
pve/0028-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
extra/0001-monitor-guard-iothread-access-by-mon-use_io_thread.patch
extra/0002-monitor-delay-monitor-iothread-creation.patch
+extra/0003-kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch
+extra/0004-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch
+extra/0005-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch
+extra/0006-x86-Data-structure-changes-to-support-MSR-based-feat.patch
+extra/0007-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch
+extra/0008-target-i386-add-MDS-NO-feature.patch
+extra/0009-target-i386-define-md-clear-bit.patch
+extra/0010-docs-add-guidance-on-configuring-CPU-models-for-x86.patch
+extra/0011-docs-recommend-use-of-md-clear-feature-on-all-Intel-.patch