docs: recommend use of md-clear feature on all Intel CPUs

Update x86 CPU model guidance to recommend that the md-clear feature is manually enabled with all Intel CPU models, when supported by the host microcode. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20190515141011.5315-3-berrange@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
author: Daniel P. Berrangé <berrange@redhat.com> 2019-05-15 15:10:11 +0100
committer: Eduardo Habkost <ehabkost@redhat.com> 2019-05-21 15:39:05 -0300
commit: 2c7e82a30774730100da9dbe68d2360459030d91 (patch)
tree: 5fe04d7250a9597b9e2fe0555a600769424cb753 /docs
parent: b2ae52101fca7f9547ac2f388085dbc58f8fe1c0 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi
index 23c11dc86f..ad040cfc98 100644
--- a/docs/qemu-cpu-models.texi
+++ b/docs/qemu-cpu-models.texi
@@ -200,6 +200,18 @@ Not included by default in any Intel CPU model.
 Should be explicitly turned on for all Intel CPU models.
 
 Note that not all CPU hardware will support this feature.
+
+@item @code{md-clear}
+
+Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
+CVE-2019-11091) fixes.
+
+Not included by default in any Intel CPU model.
+
+Must be explicitly turned on for all Intel CPU models.
+
+Requires the host CPU microcode to support this feature before it
+can be used for guest CPUs.
 @end table
author	Daniel P. Berrangé <berrange@redhat.com>	2019-05-15 15:10:11 +0100
committer	Eduardo Habkost <ehabkost@redhat.com>	2019-05-21 15:39:05 -0300
commit	2c7e82a30774730100da9dbe68d2360459030d91 (patch)
tree	5fe04d7250a9597b9e2fe0555a600769424cb753 /docs
parent	b2ae52101fca7f9547ac2f388085dbc58f8fe1c0 (diff)