Updating libvirt and qemu in stable

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Updating libvirt and qemu in stable

Ben Hutchings-3
In order to support Spectre v2 mitigation in Windows guests, I believe
the microcoded mitigation features (IBPB and IBRS) need to be exposed
to them.  This may also be useful for Linux guests using OVMF, unless
it is rebuilt with the retpoline mitigation.

The kernel side of this in KVM was already implemented in version
4.9.82-1+deb9u1, although the microcode updates are not yet in stable.

libvirt and qemu (and maybe other related packages) also need to be
updated so that they recognise and enable the new CPU feature bits for
guests.  Is this likely to be doable?

Ben.

--
Ben Hutchings
Unix is many things to many people,
but it's never been everything to anybody.

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Updating libvirt and qemu in stable

Guido Günther
On Tue, May 15, 2018 at 05:52:14PM +0100, Ben Hutchings wrote:

> In order to support Spectre v2 mitigation in Windows guests, I believe
> the microcoded mitigation features (IBPB and IBRS) need to be exposed
> to them.  This may also be useful for Linux guests using OVMF, unless
> it is rebuilt with the retpoline mitigation.
>
> The kernel side of this in KVM was already implemented in version
> 4.9.82-1+deb9u1, although the microcode updates are not yet in stable.
>
> libvirt and qemu (and maybe other related packages) also need to be
> updated so that they recognise and enable the new CPU feature bits for
> guests.  Is this likely to be doable?

With <cpu mode='host-passthrough'/> libvirt should already work iff qemu
handles ibpb and ibrs (1.12.0 and 1.11.1 onward according to ¹). I've
just tested this on sid with 1.12 and Westmere-IBRS and the recent
microcode update.

For stable we need to update libvirt's cpu_map.xml to support non
host-passthrough configuration. E.g. virt-manager uses host-model which
needs an updated cpu_map.xml.

Cheers,
 -- Guido


¹) https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/