[Openstack-security] [Bug 1777460] Fix included in openstack/nova 17.0.6

OpenStack Infra 1777460 at bugs.launchpad.net
Mon Sep 24 14:47:38 UTC 2018 

This issue was fixed in the openstack/nova 17.0.6 release.

-- 
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1777460

Title:
  Whitelist two more SSBD-related CPU flags for AMD ('amd-ssbd',  'amd-
  no-ssb')

Status in OpenStack Compute (nova):
  Won't Fix
Status in OpenStack Compute (nova) ocata series:
  Confirmed
Status in OpenStack Compute (nova) pike series:
  Fix Committed
Status in OpenStack Compute (nova) queens series:
  Fix Committed

Bug description:
  In addition to the existing 'virt-ssbd', future AMD CPUs will have
  another (architectural) way to deal with SSBD (Speculative Store Bypass
  Disable), via the CPU flag: 'amd-ssbd'.

  Furthermore, future AMD CPUs also will expose a mechanism to tell the
  guest that the "Speculative Store Bypass Disable" (SSBD) is not needed
  and that the CPU is all good.  This is via the CPU flag: 'amd-no-ssb'

  In summary, two new flags are[1][2]:

      amd-ssbd
      amd-no-ssb

  It is recommended to add the above two flags to the whitelist of Nova's
  `cpu_model_extra_flags` config attribute -- for stable branches (Queens,
  Pike and Ocata).

  For Rocky and above release, no such white-listing is required, since we
  allow free-form CPU flags[3].

      * * *

  Additional notes (from the QEMU mailing list thread[4]) related to
  performance and live migration:

    - tl;dr: On an AMD Compute node, a guest should be presented with
      'amd-ssbd', if available, in preference to 'virt-ssbd'.

      Details: Tom Lendacky from AMD writes[4] -- "The idea behind
      'virt-ssbd' was to provide an architectural method for a guest to do
      SSBD when 'amd-ssbd' isn't present.  The 'amd-ssbd' feature will use
      SPEC_CTRL which is intended to not be intercepted and will be fast.
      The use of 'virt-ssbd' will always be intercepted and therefore will
      not be as fast.  So a guest should be presented with 'amd-ssbd', if
      available, in preference to 'virt-ssbd'."

    - It is safe to use 'amd-ssbd' (it is an architectural method for
      guest to do SSBD) in a guest which can be live migrated between
      different generations/families of AMD CPU.

  [1] libvirt patch:
      https://www.redhat.com/archives/libvir-list/2018-June/msg01111.html
  [2] QEMU patch:
      https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg00222.html
  [3] http://git.openstack.org/cgit/openstack/nova/commit/?id=cc27a20 --
      libvirt: Lift the restriction of choices for `cpu_model_extra_flags`
  [4] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg02301.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1777460/+subscriptions

More information about the Openstack-security mailing list