Bug 1678956

Summary: Mechanism in Cockpit to enable/disable SMT
Product: Red Hat Enterprise Linux 8 Reporter: Terry Bowling <tbowling>
Component: cockpitAssignee: Martin Pitt <mpitt>
Status: CLOSED ERRATA QA Contact: Release Test Team <release-test-team>
Severity: high Docs Contact: Vendula Ferschmannova <vferschm>
Priority: unspecified    
Version: 8.0CC: lmanasko, mpitt, toneata
Target Milestone: rcKeywords: ZStream
Target Release: 8.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
.Enabling and disabling SMT Simultaneous Multi-Threading (SMT) configuration is now available in RHEL 8. Disabling SMT in the web console allows you to mitigate a class of CPU security vulnerabilities such as: * link:https://access.redhat.com/security/vulnerabilities/mds[Microarchitectural Data Sampling] * link:https://access.redhat.com/security/vulnerabilities/L1TF[L1 Terminal Fault Attack]
 Story Points: ---
Clone Of:
: 1713186 (view as bug list) Environment:
Last Closed: 2019-11-05 22:03:23 UTC Type: Enhancement
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1678933    
Bug Blocks: 1701002, 1713186    

Description Terry Bowling 2019-02-19 23:40:10 UTC 
Description of problem:

A user friendly way to easily understand and change the Symmetric MultiThreading hardware feature in RHEL systems is needed.

This may have dependencies on kernel parameter options yet to come, as well as additional guidance on the user interface design.
Comment 3 Martin Pitt 2019-04-02 06:53:49 UTC 
This will land in the upstream release 191. Note that the UI currently refers to https://access.redhat.com/security/vulnerabilities/L1TF , the ~ 1 year old Spectre variation. In case there will be a newer/more important variant, it's easy to change the URL to something else, of course.
Comment 5 Martin Pitt 2019-05-20 15:36:12 UTC 
I'm preparing a backport to RHEL 8.0, as Terry asked for that for z-stream: https://github.com/cockpit-project/cockpit/pull/11875

This still needs z-stream approval before the bug can be cloned for z-stream.
Comment 12 errata-xmlrpc 2019-11-05 22:03:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:3518