i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639)

"Some AMD processors only support a non-architectural means of enabling speculative store bypass disable (SSBD). To allow a simplified view of this to a guest, an architectural definition has been created through a new CPUID bit, 0x80000008_EBX[25], and a new MSR, 0xc001011f. With this, a hypervisor can virtualize the existence of this definition and provide an architectural method for using SSBD to a guest. Add the new CPUID feature, the new MSR and update the existing SSBD support to use this MSR when present." (from x86/speculation: Add virtualized speculative store bypass disable support in Linux). Backports commit cfeea0c021db6234c154dbc723730e81553924ff from qemu
2025-02-02 12:31:09 +00:00 · 2018-05-22 16:57:30 -04:00 · 2018-05-22 16:57:30 -04:00 · 860411e045
parent 795bcc7de3
commit 860411e045
1 changed files with 2 additions and 0 deletions
--- a/qemu/target/i386/cpu.h
+++ b/qemu/target/i386/cpu.h
@ -329,6 +329,7 @@
 #define MSR_IA32_FEATURE_CONTROL        0x0000003a
 #define MSR_TSC_ADJUST                  0x0000003b
 #define MSR_IA32_SPEC_CTRL              0x48
+#define MSR_VIRT_SSBD                   0xc001011f
 #define MSR_IA32_TSCDEADLINE            0x6e0

 #define FEATURE_CONTROL_LOCKED                    (1<<0)
@ -1164,6 +1165,7 @@ typedef struct CPUX86State {
    uint32_t pkru;

    uint64_t spec_ctrl;
+    uint64_t virt_ssbd;

    /* End of state preserved by INIT (dummy marker).  */
    //struct {} end_init_save;