2018-01-18 18:43 GMT+08:00 Paolo Bonzini <pbonz...@redhat.com>: > On 18/01/2018 11:38, Li Qiang wrote: > > Hi Paolo, all, > > > > I have a question about the intel microcode update for spectre variant#2. > > From my understanding, there is no need to update the microcode of VMs > > because the kvm has expose the SPEC_CTL and PRED_CMD to the guest. > > Also, if we need to update the micorcode in guest, who is the vendor for > > this. > > The guest has no microcode of it's own, but you need to update the > microcode in the host. You also need to update the kernel, QEMU and > libvirt if you are using it. > > > From the hyper-v, I think I'm right. > > -->https://docs.microsoft.com/en-us/virtualization/hyper-v- > on-windows/CVE-2017-5715-and-hyper-v-vms > > > > But upon I update the centos guest, the host kvm/qemu has been updated. > > The IBPB_ENABLED and IBRS_ENABLED are both zero if I don't update the > > microcode in the guest. If I update the guest micorcode, the are both 1. > > What do you mean by "update the guest microcode"? Did you mean host? >
No, here mean the guest. By overwrite guest's files in /lib/firmware/intel-ucode/ directory and "echo 1 > /sys/devices/system/cpu/microcode/reload" as Intel's instruction says. The host's kvm and qemu has been got updated before this. Thanks, Li Qiang > > Paolo > > > > > So I want to know, if I should update the microcode in guest. > > If the answer is Yes, then what about the Windows guest, how to update > > the microcode? > > > > > > Thanks, > > Li Qiang > >
