« CPU Flags » : différence entre les versions
Aller à la navigation
Aller à la recherche
(Page créée avec « [https://qemu-project.gitlab.io/qemu/system/qemu-cpu-models.html Source] ») |
Aucun résumé des modifications |
||
| (Une version intermédiaire par le même utilisateur non affichée) | |||
| Ligne 1 : | Ligne 1 : | ||
[https://qemu-project.gitlab.io/qemu/system/qemu-cpu-models.html Source] | [https://qemu-project.gitlab.io/qemu/system/qemu-cpu-models.html Source] | ||
Our documentation includes a list of the flags related to sidechannel attacks here. In short, if you're running a somewhat recent CPU with the newest firmware, you can enable the following flags to provide either performance benefits | |||
(i.e. less performance hit from mitigations) or security benefits by allowing the guest kernel to use CPU mitigations for guest userspace: | |||
* Intel: pcid, spec-ctrl, ssbd | |||
* AMD: ibpb (or use CPU type with suffix -IBPB), virt-ssbd, amd-ssbd (if supported on host) | |||
{{Méta bandeau | |||
| niveau = information | |||
| icône = loupe | |||
| texte = Si aucuns besoin de migration de VM à chaud, le plus simple et efficace est de choisir "host" pour le type de CPU. | |||
}} | |||
Version actuelle datée du 22 octobre 2021 à 14:56
Our documentation includes a list of the flags related to sidechannel attacks here. In short, if you're running a somewhat recent CPU with the newest firmware, you can enable the following flags to provide either performance benefits (i.e. less performance hit from mitigations) or security benefits by allowing the guest kernel to use CPU mitigations for guest userspace: * Intel: pcid, spec-ctrl, ssbd * AMD: ibpb (or use CPU type with suffix -IBPB), virt-ssbd, amd-ssbd (if supported on host)