Commit 364d7890c6 for qemu.org

commit 364d7890c6f56352d184bc58203d5e0e6b537a58
Author: Jon Kohler <jon@nutanix.com>
Date:   Thu Nov 6 10:46:25 2025 -0700

    target/i386: introduce ClearwaterForest-v3 to expose ITS_NO

    Expose ITS_NO by default, as users using Clearwater Forest and higher
    CPU models would not be able to live migrate to lower CPU hosts due to
    missing features. In that case, they would not be vulnerable to ITS.

    its-no was originally added on [1], but needs to be exposed on the
    individual CPU models for the guests to see by default.

    Note: Version 1 already exposes ARCH_CAP_BHI_NO, which would already
    mark the CPU as invulnerable to ITS (at least in Linux); however,
    expose ITS_NO for completeness.

    [1] 74978391b2da ("target/i386: Make ITS_NO available to guests")

    Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
    Signed-off-by: Jon Kohler <jon@nutanix.com>
    Link: https://lore.kernel.org/r/20251106174626.49930-6-jon@nutanix.com
    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 2a869f5b73..01b64940b1 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5964,6 +5964,14 @@ static const X86CPUDefinition builtin_x86_defs[] = {
                     { /* end of list */ },
                 }
             },
+            {
+                .version = 3,
+                .note = "with cet-ss, cet-ibt, ITS_NO",
+                .props = (PropValue[]) {
+                    { "its-no", "on" },
+                    { /* end of list */ },
+                }
+            },
             { /* end of list */ },
         },
     },