Am 15.05.19 um 19:54 schrieb Daniel P. Berrangé: > On Wed, May 15, 2019 at 07:13:56PM +0200, Stefan Priebe - Profihost AG wrote: >> Hello list, >> >> i've updated my host to kernel 4.19.43 and applied the following patch >> to my qemu 2.12.1: >> https://bugzilla.suse.com/attachment.cgi?id=798722 >> >> But my guest running 4.19.43 still says: >> Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state >> unknown >> >> while the host says: >> Vulnerable: Clear CPU buffers attempted, SMT Host state unknown > > That suggests your host OS hasn't got the new microcode installed > or has not loaded it.
No it does not. A not loaded Microcode looks like this: Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable but in my case it is: Mitigation: Clear CPU buffers; SMT vulnerable on the host as hyper threading is still enabled. > You want the host to report that it is Mitigated, and for the > host's /proc/cpuinfo to report "md-clear" exists. > >> I expected the guest can use the new microcode. > > You've not said what CPU model you've given to the guest. > > You need either "-cpu host", or if using a named CPU model > you need to explicitly turn on the "md-clear" feature > (and all previous fixes) > > eg "-cpu Haswell,+spec-ctrl,+ssbd,+md-clear" hah yes you're true i need to specifiy +md-clean Thanks! > Regards, > Daniel >