From 2c9b2aeb63e27360481084e65fda98e3ffff1ba2 Mon Sep 17 00:00:00 2001
From: Xu Yandong <xuyandong2@huawei.com>
Date: Tue, 24 Dec 2019 11:30:51 +0800
Subject: [PATCH] cpu_map: cherry pick patches about CVE-2019-11135

Signed-off-by: Xu Yandong <xuyandong2@huawei.com>
---
 ...NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch | 37 ++++++++++++++++++
 ...CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch | 38 +++++++++++++++++++
 libvirt.spec                                  |  6 ++-
 3 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch
 create mode 100644 libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch

diff --git a/libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch b/libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch
new file mode 100644
index 0000000..92d6519
--- /dev/null
+++ b/libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch
@@ -0,0 +1,37 @@
+From 3b401713bcd5acfd1030425832becad34a7eaac8 Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Thu, 12 Dec 2019 15:12:05 +0100
+Subject: [PATCH 1/2] cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE-2019-11135
+
+CPUs with TAA_NO bit of IA32_ARCH_CAPABILITIES MSR set to 1 are not
+vulnerable to TSX Asynchronous Abort and passing this bit to a guest
+may avoid unnecessary mitigations.
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry-picked from commit 07aaced4e6ea6db8b27f44636f51cafa6f1847a8)
+Signed-off-by: Xu Yandong <xuyandong2@huawei.com>
+---
+ src/cpu_map/x86_features.xml | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
+index 2bed1e0..d1180ed 100644
+--- a/src/cpu_map/x86_features.xml
++++ b/src/cpu_map/x86_features.xml
+@@ -502,4 +502,7 @@
+   <feature name='mds-no'>
+     <msr index='0x10a' edx='0x00000000' eax='0x00000020'/>
+   </feature>
++  <feature name='taa-no'>
++    <msr index='0x10a' edx='0x00000000' eax='0x00000100'/>
++  </feature>
+ </cpus>
+-- 
+2.21.0
+
diff --git a/libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch b/libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch
new file mode 100644
index 0000000..6a499cf
--- /dev/null
+++ b/libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch
@@ -0,0 +1,38 @@
+From 7ab3dc8c831d5777bce7ced1a07158199049566c Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Thu, 12 Dec 2019 15:12:05 +0100
+Subject: [PATCH] cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE-2019-11135
+
+When TSX_CTRL bit of IA32_ARCH_CAPABILITIES MSR is set to 1, the CPU
+supports IA32_TSX_CTRL MSR which can be used to disable and/or mask TSX.
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry-picked from commit f411b7ef68221e82dec0129aaf2f2a26a8987504)
+Signed-off-by: Xu Yandong <xuyandong2@huawei.com>
+---
+ src/cpu_map/x86_features.xml | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
+index d1180ed..b42b490 100644
+--- a/src/cpu_map/x86_features.xml
++++ b/src/cpu_map/x86_features.xml
+@@ -502,6 +502,9 @@
+   <feature name='mds-no'>
+     <msr index='0x10a' edx='0x00000000' eax='0x00000020'/>
+   </feature>
++  <feature name='tsx-ctrl'>
++    <msr index='0x10a' edx='0x00000000' eax='0x00000080'/>
++  </feature>
+   <feature name='taa-no'>
+     <msr index='0x10a' edx='0x00000000' eax='0x00000100'/>
+   </feature>
+-- 
+2.21.0
+
diff --git a/libvirt.spec b/libvirt.spec
index 48fdbc4..1ed1a60 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -114,7 +114,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 5.5.0
-Release: 2
+Release: 3
 License: LGPLv2+
 URL: https://libvirt.org/
 
@@ -156,6 +156,8 @@ Patch30: libvirt-cpu-add-getHostCPU-for-ARM-CPUS.patch
 Patch31: libvirt-cpu-Introduce-mock-checkFeature-method-for-ARM-CPUS.patch
 Patch32: libvirt-tests-add-baseline-test-cases-for-arm-CPU.patch
 Patch33: libvirt-tests-add-cpu-compare-test-cases-for-arm-CPU.patch
+Patch34: libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch
+Patch35: libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch
 
 
 Requires: libvirt-daemon = %{version}-%{release}
@@ -1799,6 +1801,8 @@ exit 0
 
 
 %changelog
+* Tue Dec 24 2019  Xu Yandong <xuyandong2@huawei.com> - 5.5.0-2
+- Cherry-pick CVE-2019-11135 patches.
 * Fri Nov 29 2019 openEuler Buildteam <buildteam@openeuler.org> - 5.5.0-1
 - Remove zfs-fuse support for x86_64.
 * Fri Sep 6 2019 openEuler Buildteam <buildteam@openeuler.org> - 5.5.0-1