Comment 1 Thomas Deutschmann (RETIRED) 2018-01-04 16:39:55 UTC

As the fixes for CVE-2017-5715 will also need adjustments in the QEMU virtualization host to pass through CPUID flags and MSRs from host to guest system, an update will be required.

Does current qemu work at all with a mitigated host? Does the mitigated host secure the host from the VMs?

(It sounds like this update is needed only for guests to be mitigated?)

Comment 3 Matthias Maier 2018-01-13 17:23:24 UTC

(In reply to Luke-Jr from comment #2)
> Does current qemu work at all with a mitigated host? Does the mitigated host
> secure the host from the VMs?
> 
> (It sounds like this update is needed only for guests to be mitigated?)

Both works for me with current stable kvm/qemu and kernel 4.14.13 (i.e. page table isolation) in the host and guest system.

Page table isolation mitigates CVE-20175-5754, though, not CVE-2017-5715.

Stefan Pribe has posted a patch for qemu that allows "passing passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU."

Source: https://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg00811.html
Patch: https://lists.nongnu.org/archive/html/qemu-devel/2018-01/txtfadLGhMEF6.txt

This is probably going to be needed for CONFIG_RETPOLINE to behave as expected in a guest kernel. The patch applies successfully to qemu-2.10.1-r1, albeit with some fuzz.

Created attachment 515520 [details, diff]
0065-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch

(In reply to Kerin Millar from comment #4)
This is an old patch that have been already rejected.

Comment 7 Larry the Git Cow 2018-02-11 20:27:18 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=725631c3eee62d147ea634c969ab90d1c70f5612

commit 725631c3eee62d147ea634c969ab90d1c70f5612
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2018-02-11 20:16:02 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2018-02-11 20:27:01 +0000

    app-emulation/qemu: version bump to 2.11.0, important security fixes
    
     - Added slot operator for libnfs
    
     - Added patch for glibc-2.27 compatibility
    
     - Added patch for CVE-2017-16845
    
     - Backported upstream msr / spec ctrl patches:
    
       6cfbc54e89  i386: Add EPYC-IBPB CPU model
       ac96c41354  i386: Add new -IBRS versions of Intel CPU models
       1b3420e1c4  i386: Add FEAT_8000_0008_EBX CPUID feature word
       a2381f0934  i386: Add spec-ctrl CPUID bit
       a33a2cfe2f  i386: Add support for SPEC_CTRL MSR
    
     - CVEs addressed by bump:
    
       CVE-2017-17381
       CVE-2017-18030
       CVE-2017-18043
    
     - CVEs addressed by patchset:
    
       CVE-2017-15124
       CVE-2017-16845
       CVE-2018-5683
    
     - CVE-2018-5748 is a libvirt vulnerability, not a qemu issue...
    
    Bug:    https://bugs.gentoo.org/638506
    Bug:    https://bugs.gentoo.org/643432
    Bug:    https://bugs.gentoo.org/646814
    Closes: https://bugs.gentoo.org/641100
    Closes: https://bugs.gentoo.org/646568
    Closes: https://bugs.gentoo.org/646710
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-emulation/qemu/Manifest                        |   2 +
 .../qemu/files/qemu-2.11.0-glibc-2.27.patch        |  54 ++
 app-emulation/qemu/qemu-2.11.0.ebuild              | 803 +++++++++++++++++++++
 3 files changed, 859 insertions(+)}

Comment 8 GLSAMaker/CVETool Bot 2018-04-08 23:32:16 UTC

This issue was resolved and addressed in
 GLSA 201804-08 at https://security.gentoo.org/glsa/201804-08
by GLSA coordinator Aaron Bauman (b-man).