[PVE-User] Meltdown/Spectre mitigation options / Intel microcode

lemonnierk at ulrar.net lemonnierk at ulrar.net
Tue May 8 16:04:36 CEST 2018


I believe you are correct. Personally I've just switched all
my VM to "host" CPU instead, which eliminates the question.
If you are using debian (and no source based distributions
like gentoo with -march=native) you can do so safely,
as far as I can tell.

On Tue, May 08, 2018 at 03:31:52PM +0200, Uwe Sauter wrote:
> Hi all,
> I recently discovered that one of the updates since turn of the year introduced options to let the VM know about Meltdown/Spectre
> mitigation on the host (VM configuration -> processors -> advanced -> PCID & SPEC-CTRL).
> I'm not sure if I understand the documentation correctly so please correct me if I'm wrong with the following:
> I have two different CPU types in my cluster, Intel Xeon E5606 and Intel Xeon E5-2670. Both do not have the latest microcode
> because I don't have stretch-backports enabled (which provides microcode from 20180312 in contrast to stretch's version from
> 20170707).
> Both have the "pcid" CPU flag, as well as "pti" and "retpoline" (whiche are not mentioned in the docs and probably show kernel
> features and not CPU features). Both *do not* have "spec_ctrl".
> All my VMs are configured to use "default (kvm64)" CPUs.
> This means that I should manually enable the PCID flag as the kvm64 CPU doesn't set this automatically. But I mustn't enable
> SPEC-CTRL because my host hardware doesn't support the feature. Is this correct?
> Regards,
> 	Uwe
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

PGP Fingerprint : 0x624E42C734DAC346

More information about the pve-user mailing list