Bug 1531016
| Summary: | add IBRS CPUs | ||
|---|---|---|---|
| Product: | [oVirt] ovirt-engine | Reporter: | Michal Skrivanek <michal.skrivanek> |
| Component: | BLL.Virt | Assignee: | Michal Skrivanek <michal.skrivanek> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Israel Pinto <ipinto> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | --- | CC: | bugs, lveyde, mavital, mkalinin, tjelinek, trichard |
| Target Milestone: | ovirt-4.1.9 | Flags: | rule-engine:
ovirt-4.1+
|
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ovirt-engine-4.1.9 | Doc Type: | Enhancement |
| Doc Text: |
This update adds IBRS-enabled CPU Models to clusters, which can be used to mitigate Spectre vulnerability in guests. See https://access.redhat.com/solutions/3307851 for more information.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-01-24 10:39:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Virt | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1532180, 1533095 | ||
|
Description
Michal Skrivanek
2018-01-04 12:20:47 UTC
*** Bug 1532518 has been marked as a duplicate of this bug. *** Verify with: Red Hat Virtualization Manager Version: 4.1.9-0.2.el7 Tested Intel families with the host (see info below [1]): Haswell-noTSX-IBRS Intel SandyBridge-IBRS Intel Westmere-IBRS Intel Nehalem-IBRS Create VM and check that is got the fix also with the script: https://access.redhat.com/security/vulnerabilities/speculativeexecution [1] # lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 16 On-line CPU(s) list: 0-15 Thread(s) per core: 2 Core(s) per socket: 8 Socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 63 Model name: Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz Stepping: 2 CPU MHz: 2800.781 CPU max MHz: 3200.0000 CPU min MHz: 1200.0000 BogoMIPS: 4799.66 Virtualization: VT-x L1d cache: 32K L1i cache: 32K L2 cache: 256K L3 cache: 20480K NUMA node0 CPU(s): 0-15 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm epb invpcid_single spec_ctrl ibpb_support tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid cqm xsaveopt cqm_llc cqm_occup_llc dtherm ida arat pln pts # virsh -r capabilities | head <capabilities> <host> <uuid>7cff601f-6229-44ad-9019-9ddf454704b3</uuid> <cpu> <arch>x86_64</arch> <model>Haswell-noTSX-IBRS</model> <vendor>Intel</vendor> <microcode version='59'/> <topology sockets='1' cores='8' threads='2'/> CPU check script output (host and guest): This script is primarily designed to detect Spectre / Meltdown on supported Red Hat Enterprise Linux systems and kernel packages. Result may be inaccurate for other RPM based systems. /sys/kernel/debug/x86 is mounted and accessible The following files are accessible: /sys/kernel/debug/x86/pti_enabled, /sys/kernel/debug/x86/ibpb_enabled, /sys/kernel/debug/x86/ibrs_enabled Checking files... Detected CPU vendor is: Intel Variant #1 (Spectre): Mitigated Variant #2 (Spectre): Mitigated Variant #3 (Meltdown): Mitigated This bugzilla is included in oVirt 4.1.9 release, published on Jan 24th 2018. Since the problem described in this bug report should be resolved in oVirt 4.1.9 release, published on Jan 24th 2018, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |