> Am 05.01.2018 um 11:25 schrieb Fabian Grünbichler > <f.gruenbich...@proxmox.com>: > > On Thu, Jan 04, 2018 at 09:08:32PM +0100, Stefan Priebe - Profihost AG wrote: >> >> Here we go - attached is the relevant patch - extracted from the >> opensuse src.rpm. > > this will most likely not be needed for some time, since a pre-requisite > is having microcode and kernels supporting IBRS and IBPB. > > the microcode update is still on-going (e.g., some vendors like Lenovo, > Suse and RH have started releasing updates, but Intel still does not > have a public package yet and Debian's partial update is only in > unstable so far, likely taking at least a week to hit Stretch, and needs > non-free enabled). > > the kernel changes have been submitted by Intel as a first draft for > discussion upstream. > > the current plan is to release updated kernel packages ASAP based on 4.4 > and 4.13 with > - final, tested KPTI patches (not yet available for 4.4 and 4.13!) to > fix MELTDOWN for the host kernel > - backport / cherry-pick of KVM commit to prevent KVM guest->host > SPECTRE exploit
AFAIK Meltdown is only affecting Intel (& ARM), but not AMD - see 'Forcing direct cache loads' here: https://lwn.net/SubscriberLink/742702/83606d2d267c0193/ <https://lwn.net/SubscriberLink/742702/83606d2d267c0193/> Does anyone know if the current patching efforts will differentiate between Intel and AMD x86-64 offerings? I would hate to update kernels with these patches unless my systems are indeed affected. Not because of possible performance impacts, mind, but because of stability. I just feel it in my bones this major intervention is going to introduce regressions... :-( _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
