[PVE-User] Meltdown/Spectre mitigation options / Intel microcode
lemonnierk at ulrar.net
lemonnierk at ulrar.net
Tue May 8 16:04:36 CEST 2018
Hi,
I believe you are correct. Personally I've just switched all
my VM to "host" CPU instead, which eliminates the question.
If you are using debian (and no source based distributions
like gentoo with -march=native) you can do so safely,
as far as I can tell.
On Tue, May 08, 2018 at 03:31:52PM +0200, Uwe Sauter wrote:
> Hi all,
>
> I recently discovered that one of the updates since turn of the year introduced options to let the VM know about Meltdown/Spectre
> mitigation on the host (VM configuration -> processors -> advanced -> PCID & SPEC-CTRL).
>
> I'm not sure if I understand the documentation correctly so please correct me if I'm wrong with the following:
>
> I have two different CPU types in my cluster, Intel Xeon E5606 and Intel Xeon E5-2670. Both do not have the latest microcode
> because I don't have stretch-backports enabled (which provides microcode from 20180312 in contrast to stretch's version from
> 20170707).
>
> Both have the "pcid" CPU flag, as well as "pti" and "retpoline" (whiche are not mentioned in the docs and probably show kernel
> features and not CPU features). Both *do not* have "spec_ctrl".
>
> All my VMs are configured to use "default (kvm64)" CPUs.
>
> This means that I should manually enable the PCID flag as the kvm64 CPU doesn't set this automatically. But I mustn't enable
> SPEC-CTRL because my host hardware doesn't support the feature. Is this correct?
>
>
>
> Regards,
>
> Uwe
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
--
PGP Fingerprint : 0x624E42C734DAC346
More information about the pve-user
mailing list