New microcode introduces the "Flush L1D Cache" CPUID feature bit.
This needs to be exposed to guest OS to allow them to protect against
CVE-2018-3646.
Signed-off-by: Kyle Copperfield <kmcop...@danwin1210.me>
---
docs/qemu-cpu-models.texi | 7 +++++++
target/i386/cpu.c | 2 +-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi
index f88a1def0d..1b5349d86a 100644
--- a/docs/qemu-cpu-models.texi
+++ b/docs/qemu-cpu-models.texi
@@ -180,6 +180,13 @@ Must be explicitly turned on for all Intel CPU models.
Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.
+@item @code{flush_l1d}
+
+Required to enable strong Foreshadow-NG (VMM) (CVE-2018-3646) fixes in
+guests.
+
+Requires the host CPU microcode to support this feature before it
+can be used for guest CPUs.
@item @code{ssbd}
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index a624163ac2..1fb6d677e2 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1083,7 +1083,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] =
{
NULL, NULL, NULL /* pconfig */, NULL,
NULL, NULL, NULL, NULL,
NULL, NULL, "spec-ctrl", "stibp",
- NULL, "arch-capabilities", "core-capability", "ssbd",
+ "flush_l1d", "arch-capabilities", "core-capability", "ssbd",
},
.cpuid = {
.eax = 7,
--
2.24.0
