On Thu, Jan 04, 2018 at 09:08:32PM +0100, Stefan Priebe - Profihost AG wrote: > > Here we go - attached is the relevant patch - extracted from the > opensuse src.rpm.
this will most likely not be needed for some time, since a pre-requisite is having microcode and kernels supporting IBRS and IBPB. the microcode update is still on-going (e.g., some vendors like Lenovo, Suse and RH have started releasing updates, but Intel still does not have a public package yet and Debian's partial update is only in unstable so far, likely taking at least a week to hit Stretch, and needs non-free enabled). the kernel changes have been submitted by Intel as a first draft for discussion upstream. the current plan is to release updated kernel packages ASAP based on 4.4 and 4.13 with - final, tested KPTI patches (not yet available for 4.4 and 4.13!) to fix MELTDOWN for the host kernel - backport / cherry-pick of KVM commit to prevent KVM guest->host SPECTRE exploit it is very likely that the the following changes will have to wait for later follow-up updates: - (more) final version of kernel IBRS/IBPB patches - a variant of the Qemu patch to allow passing on IBRS/IBPB to guests - more SPECTRE fixes - regression fixes (based on the current feedback to KPTI in various stable kernel series, some level of breakage is to be expected) _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
