[Bug 1853200] Re: cpu features hle and rtm disabled for security are present in /usr/share/libvirt/cpu_map.xml

Fri, 27 Mar 2020 06:51:10 -0700 

A while back Marc checked the case and realize that backporting the qemu 
changes without anything in libvirt would make no sense - comment #21.
Now the things in libvirt exist, which is a step forward.

This still will be no transparent solution, people will have to switch
types if they can't run the old types. And it appears that if one is
willing to change the cpu-model, he could also add feature-disable
hle/rtm with the same effort.

The special case is for situations in which people can select cpu-models
but not define custom features - for those backporting these would help
to mitigate the impact of the CVE related TSX/TAA kernel changes that
started all of this.

I'd suggest to let this mature in focal for a few days, see if people or tests 
run into issues. And then ask Marc to re-evaluate again.
I'll add qemu/libvirt backport tasks and assign them to Ubuntu security - so 
that they can comment on what the think (now with the libvirt changes existing).

** Also affects: qemu (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: qemu (Ubuntu)
       Status: New => Fix Released

** Also affects: qemu (Ubuntu Eoan)
   Importance: Undecided
       Status: New

** Also affects: libvirt (Ubuntu Eoan)
   Importance: Undecided
       Status: New

** Also affects: qemu (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: libvirt (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Changed in: libvirt (Ubuntu Bionic)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Changed in: libvirt (Ubuntu Eoan)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Changed in: qemu (Ubuntu Bionic)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Changed in: qemu (Ubuntu Eoan)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1853200

Title:
  cpu features hle and rtm disabled for security are present in
  /usr/share/libvirt/cpu_map.xml

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1853200/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to