We are thrilled to announce the release of: nova 16.1.2: Cloud computing fabric controller This release is part of the pike stable release series. Download the package from: https://tarballs.openstack.org/nova/ For more details, please see below. 16.1.2 ^^^^^^ Prelude ******* This release includes fixes for security vulnerabilities. Security Issues *************** * [CVE-2017-18191] Swapping encrypted volumes can lead to data loss and a possible compute host DOS attack. * Bug 1739593 (https://bugs.launchpad.net/nova/+bug/1739593) Bug Fixes ********* * The libvirt driver now allows specifying individual CPU feature flags for guests, via a new configuration attribute "[libvirt]/cpu_model_extra_flags" -- only with "custom" as the "[libvirt]/cpu_model". Refer to its documentation in "nova.conf" for usage details. One of the motivations for this is to alleviate the performance degradation (caused as a result of applying the "Meltdown" CVE fixes) for guests running with certain Intel-based virtual CPU models. This guest performance impact is reduced by exposing the CPU feature flag 'PCID' ("Process-Context ID") to the *guest* CPU, assuming that it is available in the physical hardware itself. Note that besides "custom", Nova's libvirt driver has two other CPU modes: "host-model" (which is the default), and "host-passthrough". Refer to the "[libvirt]/cpu_model_extra_flags" documentation for what to do when you are using either of those CPU modes in context of 'PCID'. Changes in nova 16.1.1..16.1.2 ------------------------------ 92bd7ea libvirt: disconnect volume from host during detach b255e16 only increment disk address unit for scsi devices d88b75e libvirt: Report the allocated size of preallocated file based disks 5b64a19 libvirt: Block swap volume attempts with encrypted volumes prior to Queens 15aed7e ironic: Get correct inventory for deployed node 878e99d Don't persist RequestSpec.retry 004e9ac Add regression test for persisted RequestSpec.retry from failed resize 56350b9 libvirt: Allow to specify granular CPU feature flags 837ac8c Fix wrapping of neutron forbidden error Diffstat (except docs and test files) ------------------------------------- nova/compute/manager.py | 4 +- nova/conf/libvirt.py | 54 +++ nova/network/neutronv2/api.py | 2 +- nova/objects/request_spec.py | 3 + .../functional/regressions/test_bug_1718512.py | 155 ++++++++ nova/virt/block_device.py | 10 + nova/virt/disk/api.py | 10 + nova/virt/driver.py | 3 +- nova/virt/fake.py | 2 +- nova/virt/ironic/driver.py | 3 +- nova/virt/libvirt/driver.py | 115 +++++- ...ug-1739593-cve-2017-18191-25fe48d336d8cf13.yaml | 9 + ...irt-cpu-model-extra-flags-a23085f58bd22d27.yaml | 21 ++ 21 files changed, 838 insertions(+), 53 deletions(-)