Comment 41 for bug 1828495

Hello Ai Lim,

Thanks for your feedback.. indeed we have not backported the following patch:

commit 20140a82c67467f53814ca197403d5e1b561a5e5
Author: Paolo Bonzini <email address hidden>
Date: Thu May 16 15:53:20 2019

    target/i386: add MDS-NO feature

    Microarchitectural Data Sampling is a hardware vulnerability which allows
    unprivileged speculative access to data which is available in various CPU
    internal buffers.

    Some Intel processors use the ARCH_CAP_MDS_NO bit in the
    IA32_ARCH_CAPABILITIES
    MSR to report that they are not vulnerable, make it available to guests.

    Signed-off-by: Paolo Bonzini <email address hidden>
    Message-Id: <email address hidden>
    Signed-off-by: Eduardo Habkost <email address hidden>

The documentation I had:

336996-Speculative-Execution-Side-Channel-Mitigations.pdf, from Intel, showed bits 0-4 only, last feature I had documented for ARCH_CAPABILITIES was SSB_NO. Turns out there is MDS-NO feature, in bit 5, to be backported (Disco & Bionic). Do you know if there is a newer document from Intel showing specs for MDS-NO + ARCH_CAPABILITIES ?

Nevertheless, I'll provide you the backports in a PPA, for testing, first thing in my morning.

Sorry for missing this one.

Best Regards

Rafael