for AMD (besides Opteron G1-G3) it's just AMD EPYC IBPB
Opteron G1, G2 and G3 are already marked as deprecated. So I propose this for the release notes and possibly technical notes: ---------------------------------- With this update, the CPU type AMD EPYC IBPB has been deprecated. Red Hat Virtualization 4.3 will not support this CPU type. ----------------------------------
is this the only note? Because besides AMD there's whole bunch of Intel CPUs. You could see the current complete list at https://gerrit.ovirt.org/#/c/95310/7/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/widget/table/column/ClusterAdditionalStatusColumn.java
Hi Michal, Thanks for sending that link to Gerrit. In https://bugzilla.redhat.com/show_bug.cgi?id=1623266 we deprecated Conroe and Penryn for Intel, and Opteron G1, G2 and G3 for AMD. Do I understand correctly that the following CPUs are also now deprecated? "Intel Nehalem IBRS Family" "Intel Westmere IBRS Family" "Intel SandyBridge IBRS Family" "Intel Haswell-noTSX IBRS Family" "Intel Haswell IBRS Family" "Intel Broadwell-noTSX IBRS Family" "Intel Broadwell IBRS Family" "Intel Skylake Client IBRS Family" "Intel Skylake Server IBRS Family" "AMD EPYC IBPB" Can we just say that all Haswell, Broadwell and Skylake CPUs are deprecated? Or are there variants in any of these families that are *not* deprecated? We mention Nehalem in several examples (see bug 1623266). If Nehalem is also now deprecated, then we'll need to change those examples. But I propose doing that as part of working on bug 1637462.
Michal, Update. I just got an answer to my question. I will indicate that the specific CPUs mentioned in comment 5 are deprecated. But I understand there are SSBD variants off all of these, which are *not* deprecated, so I will clearly state every variant listed above is deprecated. I also understand that the examples mentioned in but 1623266 are still valid, since there is an SSBD variant of Nehalem. Please confirm.
(In reply to Steve Goodman from comment #6) yes
I propose this for the release notes and possibly technical notes: ---------------------------------- With this update, the following CPU types have been deprecated: Intel Nehalem IBRS Family, Intel Westmere IBRS Family, Intel SandyBridge IBRS Family, Intel Haswell-noTSX IBRS Family, Intel Haswell IBRS Family, Intel Broadwell-noTSX IBRS Family, Intel Broadwell IBRS Family, Intel Skylake Client IBRS Family, Intel Skylake Server IBRS Family and AMD EPYC IBPB. Red Hat Virtualization 4.3 will not support these CPU types. ----------------------------------
Michal, please review. If it's good as-is, then it should get picked up from here by the Release Notes for 4.2.8. Steve
thanks
The Technical Notes [1] document is not relevant. It targets the GA, but not z stream releases. [1] https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html-single/technical_notes/#RHSA-20181524-redhat-virtualization-host So
The Technical Notes [1] document is not relevant. It targets the GA, but not z stream releases. [1] https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html-single/technical_notes/#RHSA-20181524-redhat-virtualization-host So this will just go into the Release Notes.
Please review the Doc Text field.
The Doc Field does list all of the Intel IBRS and AMD IBPB CPU Types that were deprecated: With this update, the following CPU types have been deprecated: Intel Nehalem IBRS Family, Intel Westmere IBRS Family, Intel SandyBridge IBRS Family, Intel Haswell-noTSX IBRS Family, Intel Haswell IBRS Family, Intel Broadwell-noTSX IBRS Family, Intel Broadwell IBRS Family, Intel Skylake Client IBRS Family, Intel Skylake Server IBRS Family and AMD EPYC IBPB. Red Hat Virtualization 4.3 will not support these CPU types.
I can also add: For more information see "How to patch my RHV environment for Kernel Side-Channel Attack using Speculative Store Bypass CVE-2018-3639?" at https://access.redhat.com/solutions/3452581.
Considering Karl's comment, I'd change the proposal from: ----------------------------------- With this update, support for insecure IBRS and IBPB CPU types (those without SSBD) have been removed. The alternative is to use the equivalent SSBD Cluster CPU type, which should happen automatically. To see and set the CPU Type in use: 1. Log in to the Administration Portal. 2. Click Compute > Clusters. 3. Select a cluster and click Edit. 4. In the General tab, use the CPU Type dropdown. ----------------------------------- To: ----------------------------------- With this update, support for CPU types which only partially mitigate Spectre/Meltdown have been removed. In RHVM, this encompasses CPU types which contain IBRS and IBPB without SSBD. The alternative is to use the equivalent SSBD Cluster CPU type, which should happen automatically. To see and set the CPU Type in use: 1. Log in to the Administration Portal. 2. Click Compute > Clusters. 3. Select a cluster and click Edit. 4. In the General tab, use the CPU Type dropdown. -----------------------------------
Sounds good. How about changine "CPU types" to "Cluster CPU types"? From which z stream release does using the equivalent SSBD Cluster CPU type happen automatically?
Changing to "Cluster CPU Types" is good. Really, it may be better to avoid mentioning automatic migration to the new type, since this is going in 4.3 (deprecation warning in 4.2.8, removal in 4.3), as Conroe/Penryn/Opteron G[12] are also gone, and reading the release notes is important dieing Y-streams
OK. So no action *required* for 4.2.8, and we still support those cluster CPU types in 4.2.8. So the release note should say: "With this update, Cluster CPU types that only partially mitigate Spectre/Meltdown have been deprecated, and support for them will be removed in Red Hat Virtualization 4.3." Correct? I think it's still nice to leave the rest of the note as shown in comment 25, so that users can feel that we're giving them something to do if they want to get a jump on this.
This is now published: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html-single/release_notes/#deprecated_functionality_3