proxmox-mirrors/pve-docs
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-docs synced 2025-04-29 07:16:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

minor cleanups, typo and whitespace fixes

Browse Source 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2018-10-01 10:41:37 +02:00
parent 2975cb7a5d
commit 144d5edebe
1 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
qm.adoc
View File

@ -335,7 +335,7 @@ To check if the {pve} host is vulnerable, execute the following command as root:
for f in /sys/devices/system/cpu/vulnerabilities/*; do echo "${f##*/} -" $(cat "$f"); done
----
A community script is also avalaible to detect is the host is still vulnerable.
A community script is also available to detect is the host is still vulnerable.
footnote:[spectre-meltdown-checker https://meltdown.ovh/]
Intel processors
@ -343,7 +343,7 @@ Intel processors
* 'pcid'
+
This reduce the performance impact of the Meltdown (CVE-2017-5754) mitigation
This reduces the performance impact of the Meltdown (CVE-2017-5754) mitigation
called 'Kernel Page-Table Isolation (KPTI)', which effectively hides
the Kernel memory from the user space. Without PCID, KPTI is quite an expensive
mechanism footnote:[PCID is now a critical performance/security feature on x86
@ -363,13 +363,13 @@ Required to enable the Spectre v1 (CVE-2017-5753) and Spectre v2 (CVE-2017-5715)
in cases where retpolines are not sufficient.
Included by default in Intel CPU models with -IBRS suffix.
Must be explicitly turned on for Intel CPU models without -IBRS suffix.
Requires the host CPU microcode (intel-microcode >= 20180425).
Requires an updated host CPU microcode (intel-microcode >= 20180425).
+
* 'ssbd'
+
Required to enable the Spectre V4 (CVE-2018-3639) fix. Not included by default in any Intel CPU model.
Must be explicitly turned on for all Intel CPU models.
Requires the host CPU microcode(intel-microcode >= 20180703).
Requires an updated host CPU microcode(intel-microcode >= 20180703).
AMD processors
@ -391,15 +391,15 @@ Required to enable the Spectre v4 (CVE-2018-3639) fix.
Not included by default in any AMD CPU model.
Must be explicitly turned on for all AMD CPU models.
This should be provided to guests, even if amd-ssbd is also provided, for maximum guest compatibility.
Note for some QEMU / libvirt versions, this must be force enabled when when using "Host model",
because this is a virtual feature that doesnt exist in the physical host CPUs.
Note that this must be explicitly enabled when when using the "host" cpu model,
because this is a virtual feature which does not exist in the physical CPUs.
* 'amd-ssbd'
+
Required to enable the Spectre v4 (CVE-2018-3639) fix.
Not included by default in any AMD CPU model. Must be explicitly turned on for all AMD CPU models.
This provides higher performance than virt-ssbd so should be exposed to guests whenever available in the host.
This provides higher performance than virt-ssbd, therefore a host supporting this should always expose this to guests if possible.
virt-ssbd should none the less also be exposed for maximum guest compatibility as some kernels only know about virt-ssbd.