[Oraclevm-errata] OVMSA-2018-0282 Important: Oracle VM 3.4 xen security and bug fix update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Wed Nov 28 21:15:37 PST 2018
Oracle VM Security Advisory OVMSA-2018-0282
The following updated rpms for Oracle VM 3.4 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.4.4-222.el6.x86_64.rpm
xen-tools-4.4.4-222.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-222.el6.src.rpm
Description of changes:
[4.4.4-222.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=c0358138c05033bb21883b219899b0e282803222
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: work around HLE host lockup erratum (Jan Beulich) [Orabug: 28924143]
- x86: extend get_platform_badpages() interface (Jan Beulich) [Orabug:
28924143]
[4.4.4-221.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=ceb9e0bf5820a8a6e5b751cd4e17577d533f9ccf
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- VT-d/dmar: iommu mem leak fix (Zhenzhong Duan) - x86/mmcfg/drhd: Move
acpi_mmcfg_init() call before calling acpi_parse_dmar() (Zhenzhong Duan)
- x86/mmcfg: Rename pt_pci_init() and call it in acpi_mmcfg_init()
(Zhenzhong Duan) - VT-d: use correct BDF for VF to search VT-d unit
(Chao Gao)
[4.4.4-220.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=112e4a640f68772d5d225ba9d9a94a880c97debb
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: remove extraneous waitForDevices() call in soft_reset (Eric
DeVolder) [Orabug: 28783430]
- xend: detect and correct race condition in DevController hotplug (Eric
DeVolder) [Orabug: 28783430]
[4.4.4-219.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=0316cfab8c14dcffb5e55dccad22aa014fb8c80f
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: use DevController waitFor() methods for non-hotplug devices
(Eric DeVolder) - xend: mark appropriate DevController subclasses as not
hotplug (Eric DeVolder) [Orabug: 28838569]
[4.4.4-218.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=b36bb99deec279576aa0550d31ced68a5b9e04bb
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: prevent scrubbing stall during kexec soft_reset (Eric DeVolder)
[Orabug: 28817482]
[4.4.4-217.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=51c72a926fd4171b32819f0791263c9d55bca21d
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: Properly wait for hot plug devices to complete (Eric DeVolder)
[Orabug: 27338786] [Orabug: 27927358]
- xend: Mark vfb and vkbd devices as not hot plug (Eric DeVolder)
[4.4.4-216.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=08e809f892a2ee86d740eee1b79b6289e1c24e35
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: do not raise an exception if xc_domain_setsmt fails (Eric
DeVolder) [Orabug: 28748910]
[4.4.4-215.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=59ca5e7e7f8fa4862c13c80d6fa5e9cc1d806cf0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: fix exceptions thrown in setTopology() (Eric DeVolder) [Orabug:
28717409] [Orabug: 28748910]
[4.4.4-214.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=7d94008f64eb174595213079d168867d0ae9f7c2
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/EFI: further correct FPU state handling around runtime calls (Jan
Beulich) [Orabug: 28746898]
- x86/EFI: fix FPU state handling around runtime calls (Jan Beulich)
[Orabug: 28746898]
[4.4.4-213.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=bc90f5c2caf8b549aa0891dfced0e7ed076d7709
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Revert "x86/EFI: fix FPU state handling around runtime calls" (Ross
Philipson) [Orabug: 28746898]
- Revert "x86/EFI: further correct FPU state handling around runtime
calls" (Ross Philipson) [Orabug: 28746898]
[4.4.4-212.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=59d985f71127446c9f983beca0db827b3d50be21
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: fix migration code path for XendDomainInfo memory leakage
(Manjunath Patil) [Orabug: 28715651]
- xend: fix memory leak of XendDomainInfo attributes (Manjunath Patil)
[Orabug: 28715651]
[4.4.4-211.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=12e1eb0f48dc343a59b5f3b281a1282927b63c41
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec-ctrl: command line handling adjustments (Jan Beulich)
[Orabug: 28696378]
- x86/HVM: don't cause #NM to be raised in Xen (Jan Beulich) [Orabug:
28696378]
- x86/EFI: further correct FPU state handling around runtime calls (Jan
Beulich) [Orabug: 28696378]
- x86/EFI: fix FPU state handling around runtime calls (Jan Beulich)
[Orabug: 28696378]
[4.4.4-210.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=f47d8d07a9354fbb3ad8b346c29e9b19ec7718c5
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Xend: Add support for changing backend vbd device (Bhavesh Davda)
[Orabug: 28688109]
[4.4.4-209.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=b4413b4db56d15e6963a98850c3560a2eef828eb
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Oracle-Bug: 28102632 - Need to be able to configure cipher suites for
xen live migration port 8003 Signed-off-by: zhigang.x.wang at oracle.com
(Srinivasa Naravaram)
[4.4.4-208.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=2a26f6e84b42e8fe26da6e842feb604fe398c0d3
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- intel/microcode: Synchronize update signature (Boris Ostrovsky)
[Orabug: 28610327]
[4.4.4-207.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=619684f5a609992a1c4e80397e1312b68973e772
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/vtx: Fix the checking for unknown/invalid MSR_DEBUGCTL bits
(Andrew Cooper) [Orabug: 28432092] {CVE-2018-15468}
[4.4.4-206.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=e03c2c3bbf6f995c7988400cc6b0bf46792a7a07
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spectre: Fix SPEC_CTRL_ENTRY_FROM_INTR_IST macro (Boris Ostrovsky)
[Orabug: 28537435]
[4.4.4-205.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=ee62d27b921edcb1fa7eb9e0219c749a8828b993
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/microcode: Synchronize late microcode loading (Boris Ostrovsky)
[Orabug: 28526234]
- Revert "microcode: pin the sibling while updating microcode on a core"
(Boris Ostrovsky) [Orabug: 28526234]
[4.4.4-204.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=2c51cc07c89e89034759c19f9d03dc32f25a211e
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- microcode: pin the sibling while updating microcode on a core (Boris
Ostrovsky) [Orabug: 28518206]
[4.4.4-203.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=c0c399b69b2e5674c2af25930cb25cedf7ac215f
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- l1tf: Utility to offline/online SMT siblings. (Ross Philipson)
[Orabug: 28487056] {CVE-2018-3646}
- x86/spec-ctrl: Introduce an option to control L1D_FLUSH for HVM guests
(Andrew Cooper) [Orabug: 28487056] {CVE-2018-3620} {CVE-2018-3646}
- x86/msr: Virtualise MSR_FLUSH_CMD for guests (Andrew Cooper) [Orabug:
28487056] {CVE-2018-3646} {CVE-2018-3646}
- x86/spec-ctrl: CPUID/MSR definitions for L1D_FLUSH (Andrew Cooper)
[Orabug: 28487056] {CVE-2018-3646} {CVE-2018-3646}
- x86/spec-ctrl: Calculate safe PTE addresses for L1TF mitigations
(Andrew Cooper) [Orabug: 28487056] {CVE-2018-3620} {CVE-2018-3646}
- x86: command line option to avoid use of secondary hyper-threads (Jan
Beulich) [Orabug: 28487056] {CVE-2018-3646}
- cpupools: fix state when downing a CPU failed (Jan Beulich) [Orabug:
28487056] {CVE-2018-3646}
[4.4.4-202.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=0d3d79a87088ec4d270d2ee3216ba4fb7bb6e81e
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Xend: Close race condition between python threads during kexec (Eric
DeVolder) [Orabug: 28440062]
[4.4.4-201.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=6934477050e9283098332bd15742c3dd8ebe6b62
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/HVM: Restart ioreq processing state machine (Boris Ostrovsky)
[Orabug: 28200424]
[4.4.4-200.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=9f685faa4843908daa19ec98ce34dd5418719890
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec-ctrl: Mitigations for LazyFPU (Andrew Cooper) [Orabug:
28135175] {CVE-2018-3665}
- x86: Support fully eager FPU context switching (Andrew Cooper)
[Orabug: 28135175] {CVE-2018-3665}
[4.4.4-199.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=aa87f648b8c7dce0fa8f0b233e4e4ca46a4b8a9e
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- svm: fix incorrect TSC scaling (Haozhong Zhang) [Orabug: 27182906]
[4.4.4-198.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=400958eb0dc3559b45e579b81950e84dab49a854
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/AMD-ucode: correct multiple container handling (Jan Beulich)
[Orabug: 28157269]
- x86, amd_ucode: fix coverity issues found in cpu_request_microcode()
(Aravind Gopalakrishnan) [Orabug: 28157269]
[4.4.4-197.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=1b37d37eb5587bd46b797d04b50ae604a514f8df
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- [xenmicrocode] Fix error reporting on successful return from tool
(Ross Philipson) [Orabug: 28128754]
- x86: correct default_xen_spec_ctrl calculation (Jan Beulich) [Orabug:
28035001]
- x86/msr: Virtualise MSR_SPEC_CTRL.SSBD for guests to use (Andrew
Cooper) [Orabug: 28035001] {CVE-2018-3639}
- x86/Intel: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew
Cooper) [Orabug: 28035001] {CVE-2018-3639}
- x86/AMD: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew
Cooper) [Orabug: 28035001] {CVE-2018-3639}
- x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to
replace `bti=` (Andrew Cooper) [Orabug: 28035001] {CVE-2018-3639}
- x86/cpuid: Improvements to guest policies for speculative sidechannel
features (Andrew Cooper) [Orabug: 28035001] {CVE-2018-3639}
- x86/spec_ctrl: Explicitly set Xen's default MSR_SPEC_CTRL value
(Andrew Cooper) [Orabug: 28035001] {CVE-2018-3639}
- x86/spec_ctrl: Split X86_FEATURE_SC_MSR into PV and HVM variants
(Andrew Cooper) [Orabug: 28035001] {CVE-2018-3639}
- x86/spec_ctrl: Elide MSR_SPEC_CTRL handling in idle context when
possible (Andrew Cooper) [Orabug: 28035001] {CVE-2018-3639}
- x86/spec_ctrl: Rename bits of infrastructure to avoid NATIVE and
VMEXIT (Andrew Cooper) [Orabug: 28035001] {CVE-2018-3639}
- x86/spec_ctrl: Fold the XEN_IBRS_{SET,CLEAR} ALTERNATIVES together
(Andrew Cooper) [Orabug: 28035001] {CVE-2018-3639}
- x86/spec_ctrl: Merge bti_ist_info and use_shadow_spec_ctrl into
spec_ctrl_flags (Andrew Cooper) [Orabug: 28035001] {CVE-2018-3639}
- x86/spec_ctrl: Express Xen's choice of MSR_SPEC_CTRL value as a
variable (Andrew Cooper) [Orabug: 28035001] {CVE-2018-3639}
- x86/spec_ctrl: Read MSR_ARCH_CAPABILITIES only once (Andrew Cooper)
[Orabug: 28035001] {CVE-2018-3639}
- x86/spec_ctrl: Assume that STIBP feature is always available (Boris
Ostrovsky) [Orabug: 28035001] {CVE-2018-3639}
- x86/spec_ctrl: Updates to retpoline-safety decision making (Andrew
Cooper) [Orabug: 28035001] {CVE-2018-3639}
- Revert "x86/boot: Disable IBRS in intr/nmi exit path at bootup stage"
(Boris Ostrovsky) [Orabug: 28035001] {CVE-2018-3639}
More information about the Oraclevm-errata
mailing list