commit: 24b89b257a1443febe97c8981ff8537f21e8db02 Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> AuthorDate: Sun May 19 22:07:45 2019 +0000 Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> CommitDate: Sun May 19 23:42:11 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24b89b25
app-emulation/libvirt: add support for md-clear Bug: https://bugs.gentoo.org/686026 Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org> .../libvirt/files/libvirt-5.2.0-md-clear.patch | 36 ++++++++++++++++++++++ ...irt-5.2.0-r1.ebuild => libvirt-5.2.0-r2.ebuild} | 1 + 2 files changed, 37 insertions(+) diff --git a/app-emulation/libvirt/files/libvirt-5.2.0-md-clear.patch b/app-emulation/libvirt/files/libvirt-5.2.0-md-clear.patch new file mode 100644 index 00000000000..cd14d0d539a --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-5.2.0-md-clear.patch @@ -0,0 +1,36 @@ +From 538d873571d7a682852dc1d70e5f4478f4d64e85 Mon Sep 17 00:00:00 2001 +From: Jiri Denemark <[email protected]> +Date: Fri, 5 Apr 2019 15:11:20 +0200 +Subject: [PATCH] cpu_map: Define md-clear CPUID bit +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + +The bit is set when microcode provides the mechanism to invoke a flush +of various exploitable CPU buffers by invoking the VERW instruction. + +Signed-off-by: Paolo Bonzini <[email protected]> +Signed-off-by: Jiri Denemark <[email protected]> +Reviewed-by: Daniel P. Berrangé <[email protected]> +--- + src/cpu_map/x86_features.xml | 3 +++ + +diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml +index efcc10b1ae..370807f88e 100644 +--- a/src/cpu_map/x86_features.xml ++++ b/src/cpu_map/x86_features.xml +@@ -320,6 +320,9 @@ + <feature name='avx512-4fmaps'> + <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/> + </feature> ++ <feature name='md-clear'> <!-- md_clear --> ++ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/> ++ </feature> + <feature name='pconfig'> + <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/> + </feature> +-- +2.21.0 + diff --git a/app-emulation/libvirt/libvirt-5.2.0-r1.ebuild b/app-emulation/libvirt/libvirt-5.2.0-r2.ebuild similarity index 99% rename from app-emulation/libvirt/libvirt-5.2.0-r1.ebuild rename to app-emulation/libvirt/libvirt-5.2.0-r2.ebuild index 78ac8a38d3d..fa7ff494b7c 100644 --- a/app-emulation/libvirt/libvirt-5.2.0-r1.ebuild +++ b/app-emulation/libvirt/libvirt-5.2.0-r2.ebuild @@ -128,6 +128,7 @@ PATCHES=( "${FILESDIR}"/${PN}-5.2.0-do-not-use-sysconf.patch "${FILESDIR}"/${PN}-1.2.16-fix_paths_in_libvirt-guests_sh.patch "${FILESDIR}"/${PN}-5.0.0-fix-paths-for-apparmor.patch + "${FILESDIR}"/${PN}-5.2.0-md-clear.patch ) pkg_setup() {
