[PVE-User] Meltdown/Spectre mitigation options / Intel microcode

lemonnierk at ulrar.net lemonnierk at ulrar.net
Tue May 8 16:52:33 CEST 2018


Well I do, but I'm always using the same server for every nodes in every
cluster, so that hasn't been a problem. I actually didn't realise you
could mix different cpu

On Tue, May 08, 2018 at 04:08:31PM +0200, Uwe Sauter wrote:
> Hi,
> 
> switching to "host" CPU is only possible if all hosts in the cluster have the same CPU type (at least if you care about live
> migration). As I'm using the cluster to provide HA services, this is no option for me.
> 
> 
> Regards,
> 
> 	Uwe
> 
> Am 08.05.2018 um 16:04 schrieb lemonnierk at ulrar.net:
> > Hi,
> > 
> > I believe you are correct. Personally I've just switched all
> > my VM to "host" CPU instead, which eliminates the question.
> > If you are using debian (and no source based distributions
> > like gentoo with -march=native) you can do so safely,
> > as far as I can tell.
> > 
> > On Tue, May 08, 2018 at 03:31:52PM +0200, Uwe Sauter wrote:
> >> Hi all,
> >>
> >> I recently discovered that one of the updates since turn of the year introduced options to let the VM know about Meltdown/Spectre
> >> mitigation on the host (VM configuration -> processors -> advanced -> PCID & SPEC-CTRL).
> >>
> >> I'm not sure if I understand the documentation correctly so please correct me if I'm wrong with the following:
> >>
> >> I have two different CPU types in my cluster, Intel Xeon E5606 and Intel Xeon E5-2670. Both do not have the latest microcode
> >> because I don't have stretch-backports enabled (which provides microcode from 20180312 in contrast to stretch's version from
> >> 20170707).
> >>
> >> Both have the "pcid" CPU flag, as well as "pti" and "retpoline" (whiche are not mentioned in the docs and probably show kernel
> >> features and not CPU features). Both *do not* have "spec_ctrl".
> >>
> >> All my VMs are configured to use "default (kvm64)" CPUs.
> >>
> >> This means that I should manually enable the PCID flag as the kvm64 CPU doesn't set this automatically. But I mustn't enable
> >> SPEC-CTRL because my host hardware doesn't support the feature. Is this correct?
> >>
> >>
> >>
> >> Regards,
> >>
> >> 	Uwe
> >> _______________________________________________
> >> pve-user mailing list
> >> pve-user at pve.proxmox.com
> >> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> > 
> 
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

-- 
PGP Fingerprint : 0x624E42C734DAC346


More information about the pve-user mailing list