[Bug 1846501] Re: qemu-system-x86 missing ssbd flag in UCA Ocata
>From a users perspective this can be solved simply by not providing updated libvirt/qemu package in the UCA repositories - the versions provided in Xenial are sufficient to run nova, and are also going to get consistent updates during the lifespan of the release. If a newer version is really desired then ideally I would suggest it is pulled from the next LTS release up, rather than one from a non LTS release - the version requirements in openstack for functionality don't change that much between releases, so there's plenty of warning, and again patching of security updates is handled by someone else. Upgrading to Queens is not something that is immediately available to us, and would also require a double bump going via Pike, which I guess may also have its own libvirt/qemu deployments which I fear may have the same bugs. I appreciate that the control plane can be upgraded and use "[upgrade_levels]" to maintain compatability, and the hypervisors could potentially skip Pike (or maintain the held libvirt/qemu packages as I have done for Ocata). My actual aim is to transition to a kolla based deployment, but the ocata image using Ubuntu binaries has the newer qemu and libvirt packages, and so we will be unable to migrate our hypervisors until a later release anyway with this issue. Thanks for all the references and input here folks :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1846501 Title: qemu-system-x86 missing ssbd flag in UCA Ocata To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1846501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1846501] Re: qemu-system-x86 missing ssbd flag in UCA Ocata
Thanks Rafael for adding the bugs already that are related to this. There also is (for an AMD POV): "backport extended amd spectre mitigations": https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1840745 But this here is a very special case as it is explicitly asked for UCA Ocata. The bugs above will cover active Ubuntu releases which atm are Xenial (whitch matches UCA mitaka), Bionic (matching UCA queens) and newer. Ocata was based on Zesty which from the base distributions POV is no more active. Therefore the Openstack Team needs to decide if they want to pick changes we have made for Ocata or encourage to move to Queens instead (if that is an option). Already for Xenial we have decided to not backport all of these changes, as strictly speaking they are all just "optimizations" to get out of the drawbacks of spectre, meltdown and siblings. The Openstack Team might decide similar for Ocata, but it is up to them so I'll add a task and assign it to them. ** Changed in: qemu (Ubuntu) Status: Confirmed => Fix Released ** Also affects: cloud-archive Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1846501 Title: qemu-system-x86 missing ssbd flag in UCA Ocata To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1846501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1846501] Re: qemu-system-x86 missing ssbd flag in UCA Ocata
Possible related bugs: https://bugs.launchpad.net/ubuntu/eoan/+source/libvirt/+bug/1828495 https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1841066 TODOs being worked in there: LP: #1828495 - [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES https://bugs.launchpad.net/ubuntu/eoan/+source/libvirt/+bug/1828495 Backport libvirt patches to Bionic Backport libvirt patches to Disco Review/Discuss LP: #1841066 - ARCH_CAPABILITIES guest capability detection https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1841066 Backport qemu patches to Bionic Backport qemu patches to Disco Review/Discuss * Create a PPA, test, etc, and then create a Merge. * Check kernel needs as well (SEG has requested) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1846501 Title: qemu-system-x86 missing ssbd flag in UCA Ocata To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1846501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1846501] Re: qemu-system-x86 missing ssbd flag in UCA Ocata
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: qemu (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1846501 Title: qemu-system-x86 missing ssbd flag in UCA Ocata To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1846501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
