[virt-tools-list] [virt-manager PATCH] domcapabilities: detect MDS new vulnerability
Pavel Hrdina
phrdina at redhat.com
Tue May 14 18:13:31 UTC 2019
There is a new security feature 'md-clear' that mitigates recent CPU
Microarchitectural Store Buffer Data vulnerability.
Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
---
Pushed
man/virt-install.pod | 13 +++++++------
virtinst/domcapabilities.py | 3 ++-
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/man/virt-install.pod b/man/virt-install.pod
index f492318a..cc3ead4a 100644
--- a/man/virt-install.pod
+++ b/man/virt-install.pod
@@ -242,12 +242,13 @@ and 'disable=feature' respectively.
If exact CPU model is specified virt-install will automatically copy CPU
features available on the host to mitigate recent CPU speculative execution
-side channel security vulnerabilities. This however will have some impact
-on performance and will break migration to hosts without security patches.
-In order to control this behavior there is a B<secure> parameter. Possible
-values are I<on> and I<off>, with I<on> as the default. It is highly
-recommended to leave this enabled and ensure all virtualization hosts have
-fully up to date microcode, kernel & virtualization software installed.
+side channel and Microarchitectural Store Buffer Data security vulnerabilities.
+This however will have some impact on performance and will break migration
+to hosts without security patches. In order to control this behavior there
+is a B<secure> parameter. Possible values are I<on> and I<off>, with I<on>
+as the default. It is highly recommended to leave this enabled and ensure all
+virtualization hosts have fully up to date microcode, kernel & virtualization
+software installed.
Some examples:
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
index 8993822e..acc91f81 100644
--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
@@ -281,7 +281,8 @@ class DomainCapabilities(XMLBuilder):
'spec-ctrl',
'ssbd',
'ibpb',
- 'virt-ssbd']
+ 'virt-ssbd',
+ 'md-clear']
if self._features:
return self._features
--
2.21.0
More information about the virt-tools-list
mailing list