Hello, after researching l1tf mitigation for qemu and reading https://www.berrange.com/posts/2018/06/29/cpu-model-configuration-for-qemu-kvm-on-x86-hosts/
It seems pve misses at least the following cpu flag: ssbd It also seems to make sense to enable pdpe1gb At least ssbd is important for guest to mitigate CVE-2018-3639. Greets, Stefan Excuse my typo sent from my mobile phone. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
