Am 20.08.2018 um 17:19 schrieb Alexandre DERUMIER: > Hi Stefan, > > thanks for the infos! > > >>> At least ssbd is important for guest to mitigate CVE-2018-3639. > > This need qemu 3.0 :/ > > https://wiki.qemu.org/ChangeLog/3.0 > > "The 'ssbd', 'virt-ssbd', 'amd-ssbd' and 'amd-no-ssb' CPU feature flags are > added in relation to the "Speculative Store Bypass" hardware vulnerability > (CVE-2018-3639)"
You already answered yourself ;-) it's working fine with 2.11.2. I'm already using it since a few days. >>> It also seems to make sense to enable pdpe1gb > > is it related to a vulnerability ? No. > it's already possible to use hugepage currently with "hugepages: <1024 | 2 | > any>". But it's only on the qemu/hostside. > I think pdpe1gb expose hugepage inside the guest, right ? Yes. Stefan > > ----- Mail original ----- > De: "Stefan Priebe, Profihost AG" <s.pri...@profihost.ag> > À: "pve-devel" <pve-devel@pve.proxmox.com> > Envoyé: Vendredi 17 Août 2018 13:30:10 > Objet: [pve-devel] missing cpu flags? (CVE-2018-3639) > > Hello, > > after researching l1tf mitigation for qemu and reading > https://www.berrange.com/posts/2018/06/29/cpu-model-configuration-for-qemu-kvm-on-x86-hosts/ > > > It seems pve misses at least the following cpu flag: > ssbd > > It also seems to make sense to enable pdpe1gb > > At least ssbd is important for guest to mitigate CVE-2018-3639. > > Greets, > Stefan > > Excuse my typo sent from my mobile phone. > _______________________________________________ > pve-devel mailing list > pve-devel@pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > _______________________________________________ > pve-devel mailing list > pve-devel@pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
