Source: qemu
Version: 1:4.1-1
Severity: important
Tags: security upstream
Control: found -1 1:3.1+dfsg-8+deb10u2
Control: found -1 1:3.1+dfsg-8
Control: fixed -1 1:3.1+dfsg-8+deb10u3
Hi Michael
Could you please add on next upload the patch to qemu to support the
PSCHANGE_MC_NO feature? This allows to disable iTLB Multihit
mitigations in nested hypervisors.
The qemu update was prepared along with the linux update for DSA
4564-1 (DSA 4566-1) but was not yet released.
Regards,
Salvatore
From: Paolo Bonzini <pbonz...@redhat.com>
Subject: target/i386: add PSCHANGE_MC_NO feature
This is required to disable ITLB multihit mitigations in nested
hypervisors.
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
target/i386/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index cd71a09b33..1bbba68b5e 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1188,7 +1188,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] =
{
.type = MSR_FEATURE_WORD,
.feat_names = {
"rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
- "ssb-no", "mds-no", NULL, NULL,
+ "ssb-no", "mds-no", "pschange-mc-no", NULL,
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
--
2.21.0
