[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Do I need update the microcode of virtual machine
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] Do I need update the microcode of virtual machine |
Date: |
Thu, 18 Jan 2018 11:43:20 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 |
On 18/01/2018 11:38, Li Qiang wrote:
> Hi Paolo, all,
>
> I have a question about the intel microcode update for spectre variant#2.
> From my understanding, there is no need to update the microcode of VMs
> because the kvm has expose the SPEC_CTL and PRED_CMD to the guest.
> Also, if we need to update the micorcode in guest, who is the vendor for
> this.
The guest has no microcode of it's own, but you need to update the
microcode in the host. You also need to update the kernel, QEMU and
libvirt if you are using it.
> From the hyper-v, I think I'm right.
> -->https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/CVE-2017-5715-and-hyper-v-vms
>
> But upon I update the centos guest, the host kvm/qemu has been updated.
> The IBPB_ENABLED and IBRS_ENABLED are both zero if I don't update the
> microcode in the guest. If I update the guest micorcode, the are both 1.
What do you mean by "update the guest microcode"? Did you mean host?
Paolo
>
> So I want to know, if I should update the microcode in guest.
> If the answer is Yes, then what about the Windows guest, how to update
> the microcode?
>
>
> Thanks,
> Li Qiang