### For the kernel team: This QEMU patchset basically adds 2 new CPU types (IceLake and CascadeLake) support to QEMU (i386/target/{pc,kvm}) AND creates those new CPU mitigations-query features in their structure, allowing QEMU to inform guest which mitigations should be in place for the vCPUs through its own MSRs.
QEMU's
commit f57bceb6ab5163ddd6c41ff4344ab8cf28a9c63d
Author: Robert Hoo <email address hidden>
Date: Mon Oct 15 04:47:23 2018
kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl
Add kvm_get_supported_feature_msrs() to get supported MSR feature index list.
Add kvm_arch_get_supported_msr_feature() to get each MSR features value.
### For the kernel team: This QEMU patchset basically adds 2 new CPU types (IceLake and CascadeLake) support to QEMU (i386/target/ {pc,kvm} ) AND creates those new CPU mitigations-query features in their structure, allowing QEMU to inform guest which mitigations should be in place for the vCPUs through its own MSRs.
QEMU's
commit f57bceb6ab5163d dd6c41ff4344ab8 cf28a9c63d
Author: Robert Hoo <email address hidden>
Date: Mon Oct 15 04:47:23 2018
kvm: Add support to KVM_GET_ MSR_FEATURE_ INDEX_LIST and KVM_GET_MSRS system ioctl
Add kvm_get_ supported_ feature_ msrs() to get supported MSR feature index list. get_supported_ msr_feature( ) to get each MSR features value.
Add kvm_arch_
Signed-off-by: Robert Hoo <email address hidden>
Message-Id: <email address hidden>
Reviewed-by: Eduardo Habkost <email address hidden>
Signed-off-by: Eduardo Habkost <email address hidden>
Summarizes the kernel support we need for this "RFE" on Bionic (and higher) QEMUs.
Basically we need support for our ioctl() calls being added here:
kvm_ioctl(s, KVM_GET_MSRS, &msr_data);
kvm_ioctl(s, KVM_GET_ MSR_FEATURE_ INDEX_LIST, &msr_list);
to be backported to Bionic (and HWE in Bionic) kernels.
With this support, QEMU will be able to query IA32_ARCH_ CAPABILITIES MSRs.
More information to this feature can be found:
http:// kib.kiev. ua/x86docs/ SDMs/336996- 002.pdf
Chapter 5 (5.1 - Enumeration by CPUID).
Previous chapters describe briefly the vulnerabilities and how mitigations work HW wise.