|
|
|
|
|
|
by kashyapc
2955 days ago
|
|
|
For AMD, in context of virtualization — you would need to also expose a new CPUID flag: 'virt-ssdb', which all hypervisor vendors will expose to guests on AMD hosts. More from the libvirt patch[1]: Some AMD processors only support a non-architectural means of enabling
Speculative Store Bypass Disable. To allow simplified handling in
virtual environments, hypervisors will expose an architectural
definition through CPUID bit 0x80000008_EBX[25]. This needs to be
exposed to guest OS running on AMD x86 hosts to allow them to protect
against CVE-2018-3639. Note that since this CPUID bit won't be present in the host CPUID
results on physical hosts, it will not be enabled automatically
in guests configured with "host-model" CPU unless using QEMU
version >= 2.9.0. Thus for older versions of QEMU, this feature
must be manually enabled using policy=force. Guests using the
"host-passthrough" CPU mode do not need special handling. [1] https://www.redhat.com/archives/libvir-list/2018-May/msg0156... |
|
|