On reporting CPU flags that provide mitiation (to CVE flaws) as Nova 'traits'
Eric Fried
openstack at fried.cc
Fri May 17 16:25:24 UTC 2019
> Okay, so I take it that all the relevant low-level CPU flags (including
> things like SSBD, et al) as proposed here[2][3] can be added to
> 'os-traits'.
Yes, subject to already-noted namespacing and spelling issues.
> And tools _other_ than Nova can consume, if need be.
Nova should consume by having the driver expose the flags as
appropriate. And switching on flaggage in domain xml if that's a thing.
But that's all. No efforts to special-case scheduling decisions etc.
efried
.
More information about the openstack-discuss
mailing list