From 1e605c106819be56f16e6e057015d7a42600c0ba Mon Sep 17 00:00:00 2001 Message-Id: <1e605c106819be56f16e6e057015d7a42600c0ba@dist-git> From: Pavel Hrdina Date: Wed, 15 May 2019 10:37:49 +0200 Subject: [PATCH] domcapabilities: remove recommended CPU features from security features MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These features are only recommended to be enabled since they improve performance of the VMs if security features are enabled. pcid is a very useful perf feature, but missing in some silicon so not portable. pdpe1gb lets the guest use 1 GB pages which is good for perf but again not all silicon can do it. amd-ssbd is a security feature which fixes the same SSBD flaws as the virt-ssbd feature does. virt-ssbd is usable across all CPU models affected by SSBD, while amd-ssbd is only available in very new silicon. So virt-ssbd is the bette rchoice. amd-no-ssb just indicates that the CPU is not affected by SSBD, so not critical to expose. I expect a future named CPU model will include that where appropriate. Signed-off-by: Pavel Hrdina Reviewed-by: Daniel P. Berrangé (cherry picked from commit 29f815fbd23082dff79d2d716e32a644b5a15d4a) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 Signed-off-by: Pavel Hrdina --- tests/cli-test-xml/compare/virt-install-qemu-plain.xml | 2 -- .../compare/virt-install-singleton-config-2.xml | 4 ---- virtinst/domcapabilities.py | 6 +----- 3 files changed, 1 insertion(+), 11 deletions(-) diff --git a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml index eb1542c3..d00e0cf4 100644 --- a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml +++ b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml @@ -20,8 +20,6 @@ Penryn - - diff --git a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml index 0861f62a..621639e1 100644 --- a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml +++ b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml @@ -93,8 +93,6 @@ foobar meee - - @@ -284,8 +282,6 @@ foobar meee - - diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py index 28ed8630..42a18f1e 100644 --- a/virtinst/domcapabilities.py +++ b/virtinst/domcapabilities.py @@ -262,14 +262,10 @@ class DomainCapabilities(XMLBuilder): def get_cpu_security_features(self): sec_features = [ - 'pcid', 'spec-ctrl', 'ssbd', - 'pdpe1gb', 'ibpb', - 'virt-ssbd', - 'amd-ssbd', - 'amd-no-ssb'] + 'virt-ssbd'] features = [] -- 2.21.0