[PVE-User] Meltdown/Spectre mitigation options / Intel microcode

Uwe Sauter uwe.sauter.de at gmail.com
Tue May 8 15:31:52 CEST 2018


Hi all,

I recently discovered that one of the updates since turn of the year introduced options to let the VM know about Meltdown/Spectre
mitigation on the host (VM configuration -> processors -> advanced -> PCID & SPEC-CTRL).

I'm not sure if I understand the documentation correctly so please correct me if I'm wrong with the following:

I have two different CPU types in my cluster, Intel Xeon E5606 and Intel Xeon E5-2670. Both do not have the latest microcode
because I don't have stretch-backports enabled (which provides microcode from 20180312 in contrast to stretch's version from
20170707).

Both have the "pcid" CPU flag, as well as "pti" and "retpoline" (whiche are not mentioned in the docs and probably show kernel
features and not CPU features). Both *do not* have "spec_ctrl".

All my VMs are configured to use "default (kvm64)" CPUs.

This means that I should manually enable the PCID flag as the kvm64 CPU doesn't set this automatically. But I mustn't enable
SPEC-CTRL because my host hardware doesn't support the feature. Is this correct?



Regards,

	Uwe


More information about the pve-user mailing list