[pve-devel] Updated qemu pkg needed for Meltdown and Spectre?

Waschbüsch IT-Services GmbH service at waschbuesch.it
Fri Jan 5 18:50:33 CET 2018


> Am 05.01.2018 um 11:25 schrieb Fabian Grünbichler <f.gruenbichler at proxmox.com>:
> 
> On Thu, Jan 04, 2018 at 09:08:32PM +0100, Stefan Priebe - Profihost AG wrote:
>> 
>> Here we go - attached is the relevant patch - extracted from the
>> opensuse src.rpm.
> 
> this will most likely not be needed for some time, since a pre-requisite
> is having microcode and kernels supporting IBRS and IBPB.
> 
> the microcode update is still on-going (e.g., some vendors like Lenovo,
> Suse and RH have started releasing updates, but Intel still does not
> have a public package yet and Debian's partial update is only in
> unstable so far, likely taking at least a week to hit Stretch, and needs
> non-free enabled).
> 
> the kernel changes have been submitted by Intel as a first draft for
> discussion upstream.
> 
> the current plan is to release updated kernel packages ASAP based on 4.4
> and 4.13 with
> - final, tested KPTI patches (not yet available for 4.4 and 4.13!) to
>  fix MELTDOWN for the host kernel
> - backport / cherry-pick of KVM commit to prevent KVM guest->host
>  SPECTRE exploit


AFAIK Meltdown is only affecting Intel (& ARM), but not AMD - see 'Forcing direct cache loads' here:

https://lwn.net/SubscriberLink/742702/83606d2d267c0193/ <https://lwn.net/SubscriberLink/742702/83606d2d267c0193/>

Does anyone know if the current patching efforts will differentiate between Intel and AMD x86-64 offerings?

I would hate to update kernels with these patches unless my systems are indeed affected.
Not because of possible performance impacts, mind, but because of stability.
I just feel it in my bones this major intervention is going to introduce regressions... :-(


More information about the pve-devel mailing list