As the fixes for CVE-2017-5715 will also need adjustments in the QEMU virtualization host to pass through CPUID flags and MSRs from host to guest system, an update will be required.
Does current qemu work at all with a mitigated host? Does the mitigated host secure the host from the VMs?
(It sounds like this update is needed only for guests to be mitigated?)
(In reply to Luke-Jr from comment #2)
> Does current qemu work at all with a mitigated host? Does the mitigated host
> secure the host from the VMs?
> (It sounds like this update is needed only for guests to be mitigated?)
Both works for me with current stable kvm/qemu and kernel 4.14.13 (i.e. page table isolation) in the host and guest system.
Page table isolation mitigates CVE-20175-5754, though, not CVE-2017-5715.
Stefan Pribe has posted a patch for qemu that allows "passing passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU."
This is probably going to be needed for CONFIG_RETPOLINE to behave as expected in a guest kernel. The patch applies successfully to qemu-2.10.1-r1, albeit with some fuzz.
Created attachment 515520 [details, diff]
(In reply to Kerin Millar from comment #4)
This is an old patch that have been already rejected.
The bug has been referenced in the following commit(s):
Author: Matthias Maier <email@example.com>
AuthorDate: 2018-02-11 20:16:02 +0000
Commit: Matthias Maier <firstname.lastname@example.org>
CommitDate: 2018-02-11 20:27:01 +0000
app-emulation/qemu: version bump to 2.11.0, important security fixes
- Added slot operator for libnfs
- Added patch for glibc-2.27 compatibility
- Added patch for CVE-2017-16845
- Backported upstream msr / spec ctrl patches:
6cfbc54e89 i386: Add EPYC-IBPB CPU model
ac96c41354 i386: Add new -IBRS versions of Intel CPU models
1b3420e1c4 i386: Add FEAT_8000_0008_EBX CPUID feature word
a2381f0934 i386: Add spec-ctrl CPUID bit
a33a2cfe2f i386: Add support for SPEC_CTRL MSR
- CVEs addressed by bump:
- CVEs addressed by patchset:
- CVE-2018-5748 is a libvirt vulnerability, not a qemu issue...
Package-Manager: Portage-2.3.24, Repoman-2.3.6
app-emulation/qemu/Manifest | 2 +
.../qemu/files/qemu-2.11.0-glibc-2.27.patch | 54 ++
app-emulation/qemu/qemu-2.11.0.ebuild | 803 +++++++++++++++++++++
3 files changed, 859 insertions(+)}
This issue was resolved and addressed in
GLSA 201804-08 at https://security.gentoo.org/glsa/201804-08
by GLSA coordinator Aaron Bauman (b-man).