[pve-devel] missing cpu flags? (CVE-2018-3639)
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Fri Aug 17 13:30:10 CEST 2018
Hello,
after researching l1tf mitigation for qemu and reading https://www.berrange.com/posts/2018/06/29/cpu-model-configuration-for-qemu-kvm-on-x86-hosts/
It seems pve misses at least the following cpu flag:
ssbd
It also seems to make sense to enable pdpe1gb
At least ssbd is important for guest to mitigate CVE-2018-3639.
Greets,
Stefan
Excuse my typo sent from my mobile phone.
More information about the pve-devel
mailing list