Thanks for your feedback.. indeed we have not backported the following patch:
commit 20140a82c67467f53814ca197403d5e1b561a5e5
Author: Paolo Bonzini <email address hidden>
Date: Thu May 16 15:53:20 2019
target/i386: add MDS-NO feature
Microarchitectural Data Sampling is a hardware vulnerability which allows
unprivileged speculative access to data which is available in various CPU
internal buffers.
Some Intel processors use the ARCH_CAP_MDS_NO bit in the
IA32_ARCH_CAPABILITIES
MSR to report that they are not vulnerable, make it available to guests.
336996-Speculative-Execution-Side-Channel-Mitigations.pdf, from Intel, showed bits 0-4 only, last feature I had documented for ARCH_CAPABILITIES was SSB_NO. Turns out there is MDS-NO feature, in bit 5, to be backported (Disco & Bionic). Do you know if there is a newer document from Intel showing specs for MDS-NO + ARCH_CAPABILITIES ?
Nevertheless, I'll provide you the backports in a PPA, for testing, first thing in my morning.
Hello Ai Lim,
Thanks for your feedback.. indeed we have not backported the following patch:
commit 20140a82c67467f 53814ca197403d5 e1b561a5e5
Author: Paolo Bonzini <email address hidden>
Date: Thu May 16 15:53:20 2019
target/i386: add MDS-NO feature
Microarchit ectural Data Sampling is a hardware vulnerability which allows
unprivileged speculative access to data which is available in various CPU
internal buffers.
Some Intel processors use the ARCH_CAP_MDS_NO bit in the ARCH_CAPABILITI ES
IA32_
MSR to report that they are not vulnerable, make it available to guests.
Signed-off-by: Paolo Bonzini <email address hidden>
Message-Id: <email address hidden>
Signed-off-by: Eduardo Habkost <email address hidden>
The documentation I had:
336996- Speculative- Execution- Side-Channel- Mitigations. pdf, from Intel, showed bits 0-4 only, last feature I had documented for ARCH_CAPABILITIES was SSB_NO. Turns out there is MDS-NO feature, in bit 5, to be backported (Disco & Bionic). Do you know if there is a newer document from Intel showing specs for MDS-NO + ARCH_CAPABILITIES ?
Nevertheless, I'll provide you the backports in a PPA, for testing, first thing in my morning.
Sorry for missing this one.
Best Regards
Rafael