Re: Updating libvirt and qemu in stable
On Tue, May 15, 2018 at 05:52:14PM +0100, Ben Hutchings wrote:
> In order to support Spectre v2 mitigation in Windows guests, I believe
> the microcoded mitigation features (IBPB and IBRS) need to be exposed
> to them. This may also be useful for Linux guests using OVMF, unless
> it is rebuilt with the retpoline mitigation.
>
> The kernel side of this in KVM was already implemented in version
> 4.9.82-1+deb9u1, although the microcode updates are not yet in stable.
>
> libvirt and qemu (and maybe other related packages) also need to be
> updated so that they recognise and enable the new CPU feature bits for
> guests. Is this likely to be doable?
With <cpu mode='host-passthrough'/> libvirt should already work iff qemu
handles ibpb and ibrs (1.12.0 and 1.11.1 onward according to ¹). I've
just tested this on sid with 1.12 and Westmere-IBRS and the recent
microcode update.
For stable we need to update libvirt's cpu_map.xml to support non
host-passthrough configuration. E.g. virt-manager uses host-model which
needs an updated cpu_map.xml.
Cheers,
-- Guido
¹) https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
Reply to: