Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1531016 - add IBRS CPUs
add IBRS CPUs
Status: CLOSED CURRENTRELEASE
Product: ovirt-engine
Classification: oVirt
Component: BLL.Virt (Show other bugs)
---
Unspecified Unspecified
high Severity high (vote)
: ovirt-4.1.9
: ---
Assigned To: Michal Skrivanek
Israel Pinto
:
: 1532518 (view as bug list)
Depends On:
Blocks: 1532180 1533095
  Show dependency treegraph
 
Reported: 2018-01-04 07:20 EST by Michal Skrivanek
Modified: 2018-01-28 20:15 EST (History)
6 users (show)

See Also:
Fixed In Version: ovirt-engine-4.1.9
Doc Type: Enhancement
Doc Text:
This update adds IBRS-enabled CPU Models to clusters, which can be used to mitigate Spectre vulnerability in guests. See https://access.redhat.com/solutions/3307851 for more information.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-01-24 05:39:41 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Virt
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
rule-engine: ovirt‑4.1+

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3307851 None None None 2018-01-09 10:24 EST
oVirt gerrit 85555 None None None 2018-01-04 07:23 EST
oVirt gerrit 85609 None None None 2018-01-04 07:23 EST
oVirt gerrit 85613 None None None 2018-01-04 07:23 EST
oVirt gerrit 85998 master POST core: Added IBRS versions of the CPUs 2018-01-05 03:47 EST
oVirt gerrit 86097 ovirt-engine-4.1 MERGED core: Added IBRS versions of the CPUs 2018-01-09 04:00 EST

  None (edit)
Description Michal Skrivanek 2018-01-04 07:20:47 EST 
introduce IBRS CPU models
Comment 2 Tomas Jelinek 2018-01-09 03:36:56 EST 
*** Bug 1532518 has been marked as a duplicate of this bug. ***
Comment 3 Israel Pinto 2018-01-16 09:18:43 EST 
Verify with: Red Hat Virtualization Manager Version: 4.1.9-0.2.el7

Tested Intel families with the host (see info below [1]):
Haswell-noTSX-IBRS
Intel SandyBridge-IBRS
Intel Westmere-IBRS
Intel Nehalem-IBRS

Create VM and check that is got the fix also with the script:
https://access.redhat.com/security/vulnerabilities/speculativeexecution

[1]
# lscpu 
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                16
On-line CPU(s) list:   0-15
Thread(s) per core:    2
Core(s) per socket:    8
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 63
Model name:            Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz
Stepping:              2
CPU MHz:               2800.781
CPU max MHz:           3200.0000
CPU min MHz:           1200.0000
BogoMIPS:              4799.66
Virtualization:        VT-x
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              20480K
NUMA node0 CPU(s):     0-15
Flags:                 fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm epb invpcid_single spec_ctrl ibpb_support tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid cqm xsaveopt cqm_llc cqm_occup_llc dtherm ida arat pln pts

# virsh -r capabilities | head
<capabilities>

  <host>
    <uuid>7cff601f-6229-44ad-9019-9ddf454704b3</uuid>
    <cpu>
      <arch>x86_64</arch>
      <model>Haswell-noTSX-IBRS</model>
      <vendor>Intel</vendor>
      <microcode version='59'/>
      <topology sockets='1' cores='8' threads='2'/>


CPU check script output (host and guest):  

This script is primarily designed to detect Spectre / Meltdown on supported
Red Hat Enterprise Linux systems and kernel packages.
Result may be inaccurate for other RPM based systems.

/sys/kernel/debug/x86 is mounted and accessible

The following files are accessible:
/sys/kernel/debug/x86/pti_enabled, /sys/kernel/debug/x86/ibpb_enabled, /sys/kernel/debug/x86/ibrs_enabled
Checking files...

Detected CPU vendor is: Intel

Variant #1 (Spectre): Mitigated
Variant #2 (Spectre): Mitigated
Variant #3 (Meltdown): Mitigated
Comment 4 Sandro Bonazzola 2018-01-24 05:39:41 EST 
This bugzilla is included in oVirt 4.1.9 release, published on Jan 24th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.1.9 release, published on Jan 24th 2018, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.