[virt-manager PATCH] domcapabilities: detect MDS new vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

There is a new security feature 'md-clear' that mitigates recent CPU
Microarchitectural Store Buffer Data vulnerability.

Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
---

Pushed

 man/virt-install.pod        | 13 +++++++------
 virtinst/domcapabilities.py |  3 ++-
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/man/virt-install.pod b/man/virt-install.pod
index f492318a..cc3ead4a 100644
--- a/man/virt-install.pod
+++ b/man/virt-install.pod
@@ -242,12 +242,13 @@ and 'disable=feature' respectively.
 
 If exact CPU model is specified virt-install will automatically copy CPU
 features available on the host to mitigate recent CPU speculative execution
-side channel security vulnerabilities. This however will have some impact
-on performance and will break migration to hosts without security patches.
-In order to control this behavior there is a B<secure> parameter. Possible
-values are I<on> and I<off>, with I<on> as the default. It is highly
-recommended to leave this enabled and ensure all virtualization hosts have
-fully up to date microcode, kernel & virtualization software installed.
+side channel and Microarchitectural Store Buffer Data security vulnerabilities.
+This however will have some impact on performance and will break migration
+to hosts without security patches. In order to control this behavior there
+is a B<secure> parameter. Possible values are I<on> and I<off>, with I<on>
+as the default. It is highly recommended to leave this enabled and ensure all
+virtualization hosts have fully up to date microcode, kernel & virtualization
+software installed.
 
 Some examples:
 
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
index 8993822e..acc91f81 100644
--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
@@ -281,7 +281,8 @@ class DomainCapabilities(XMLBuilder):
                 'spec-ctrl',
                 'ssbd',
                 'ibpb',
-                'virt-ssbd']
+                'virt-ssbd',
+                'md-clear']
 
         if self._features:
             return self._features
-- 
2.21.0

_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
[Index of Archives]     [Linux Virtualization]     [KVM Development]     [CentOS Virtualization]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux