|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Help with Understanding vcpu xstate restore error during vm migration
> On 15.07.2024 10:48, Fonyuy-Asheri Caleb wrote:
>>>>> On 15.07.2024 09:38, Fonyuy-Asheri Caleb wrote:
>>>>>>> Perhaps the more important question, are you booting the skylake with
>>>>>>> cpuid=no-avx on the command line by any chance?
>>>>>>
>>>>>> No. I didn't boot any of the machines with any cpuid modification
>>>>>> whatsoever.
>>>>>
>>>>> Yet is there perhaps "Mitigating GDS by disabling AVX" in the boot log of
>>>>> the hypervisor (which sadly so far you didn't supply anywhere afaics)?
>>>>
>>>> I didn't notice that. Unfortunately I no longer have access to the logs to
>>>> check
>>>> since I was
>>>> working on resources I reserved for a limited period.
>>>>
>>>> However, do you mind telling me what this would mean for my environment?
>>>
>>> Hard to tell, depending on what exactly you use that environment for. If
>>> I'm not mistaken (Andrew will surely correct me if I'm wrong), the best
>>> you can do is have such systems run with up-to-date microcode. Which of
>>> course requires you have control over the physical system (to update
>>> firmware) or at least the hypervisor (to hand it a microcode blob to load
>>> while booting). If you had control over only the command line, you could
>>> also choose to ignore the vulnerability and request AVX not to be turned
>>> off ("spec-ctrl=no-gds-mit"). Yet of course you wouldn't want to do this
>>> if you were running any not fully trusted guests.
>>
>> Quick verification: cpuid=no-avx and spec-ctrl=no-gds-mit are options
>> passed to the grub right?
>
> They're options passed to Xen. If you use grub as the boot loader, then
> they would need putting _in_ respective grub config files / scripts.
>
> Jan
Thank you Jan
Caleb
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |