On reporting CPU flags that provide mitiation (to CVE flaws) as Nova 'traits'

Kashyap Chamarthy kchamart at redhat.com
Mon May 20 08:07:51 UTC 2019


On Fri, May 17, 2019 at 11:25:24AM -0500, Eric Fried wrote:
> > Okay, so I take it that all the relevant low-level CPU flags (including
> > things like SSBD, et al) as proposed here[2][3] can be added to
> > 'os-traits'.
> 
> Yes, subject to already-noted namespacing and spelling issues.

Noted.

> > And tools _other_ than Nova can consume, if need be.
> 
> Nova should consume by having the driver expose the flags as
> appropriate. And switching on flaggage in domain xml if that's a thing.
> But that's all. No efforts to special-case scheduling decisions etc.

Nod; thanks for clarifying, Eric.

-- 
/kashyap



More information about the openstack-discuss mailing list