Update GraniteRapids, SierraForest and ClearwaterForest CPU models in
section "Preferred CPU models for Intel x86 hosts".
Also introduce bhi-no, gds-no and rfds-no in doc.
Suggested-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Tao Su <tao1.su@linux.intel.com>
---
docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/docs/system/cpu-models-x86.rst.inc b/docs/system/cpu-models-x86.rst.inc
index ba27b5683f..f0b5189d91 100644
--- a/docs/system/cpu-models-x86.rst.inc
+++ b/docs/system/cpu-models-x86.rst.inc
@@ -71,6 +71,16 @@ mixture of host CPU models between machines, if live migration
compatibility is required, use the newest CPU model that is compatible
across all desired hosts.
+``ClearwaterForest``
+ Intel Xeon Processor (ClearwaterForest, 2025)
+
+``SierraForest``, ``SierraForest-v2``
+ Intel Xeon Processor (SierraForest, 2024), SierraForest-v2 matigates
+ the GDS and RFDS vulnerabilities with stepping 3.
+
+``GraniteRapids``, ``GraniteRapids-v2``
+ Intel Xeon Processor (GraniteRapids, 2024)
+
``Cascadelake-Server``, ``Cascadelake-Server-noTSX``
Intel Xeon Processor (Cascade Lake, 2019), with "stepping" levels 6
or 7 only. (The Cascade Lake Xeon processor with *stepping 5 is
@@ -223,6 +233,38 @@ features are included if using "Host passthrough" or "Host model".
``/sys/devices/system/cpu/vulnerabilities/tsx_async_abort`` file in
the guest should report ``Mitigation: TSX disabled``.
+``bhi-no``
+ Recommended to inform that the guest that the host is ``not``
+ vulnerable to CVE-2022-0001, Branch History Injection (BHI).
+
+ This too is an MSR feature, so it does not show up in the Linux
+ ``/proc/cpuinfo`` in the host or guest.
+
+ It should only be enabled for VMs if the host reports
+ ``BHI: Not affected`` in the
+ ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file.
+
+``gds-no``
+ Recommended to inform that the guest that the host is ``not``
+ vulnerable to CVE-2022-40982, Gather Data Sampling (GDS).
+
+ This too is an MSR feature, so it does not show up in the Linux
+ ``/proc/cpuinfo`` in the host or guest.
+
+ It should only be enabled for VMs if the host reports ``Not affected``
+ in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling``
+ file.
+
+``rfds-no``
+ Recommended to inform that the guest that the host is ``not``
+ vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS).
+
+ This too is an MSR feature, so it does not show up in the Linux
+ ``/proc/cpuinfo`` in the host or guest.
+
+ It should only be enabled for VMs if the host reports ``Not affected``
+ in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling``
+ file.
Preferred CPU models for AMD x86 hosts
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--
2.34.1On Tue, Jan 21, 2025 at 10:06:50AM +0800, Tao Su wrote: > Date: Tue, 21 Jan 2025 10:06:50 +0800 > From: Tao Su <tao1.su@linux.intel.com> > Subject: [PATCH 4/4] docs: Add GNR, SRF and CWF CPU models > X-Mailer: git-send-email 2.34.1 > > Update GraniteRapids, SierraForest and ClearwaterForest CPU models in > section "Preferred CPU models for Intel x86 hosts". > > Also introduce bhi-no, gds-no and rfds-no in doc. > > Suggested-by: Zhao Liu <zhao1.liu@intel.com> > Signed-off-by: Tao Su <tao1.su@linux.intel.com> > --- > docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++ > 1 file changed, 42 insertions(+) [snip] > +``bhi-no`` > + Recommended to inform that the guest that the host is ``not`` s/inform that the guest/inform the guest/ > + vulnerable to CVE-2022-0001, Branch History Injection (BHI). > + > + This too is an MSR feature, so it does not show up in the Linux s/This too is an/This is also an/ > + ``/proc/cpuinfo`` in the host or guest. > + > + It should only be enabled for VMs if the host reports > + ``BHI: Not affected`` in the > + ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file. > + > +``gds-no`` > + Recommended to inform that the guest that the host is ``not`` > + vulnerable to CVE-2022-40982, Gather Data Sampling (GDS). s/inform that the guest/inform the guest/ > + This too is an MSR feature, so it does not show up in the Linux > + ``/proc/cpuinfo`` in the host or guest. s/This too is an/This is also an/ > + It should only be enabled for VMs if the host reports ``Not affected`` > + in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling`` > + file. > + > +``rfds-no`` > + Recommended to inform that the guest that the host is ``not`` > + vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS). ditto. > + This too is an MSR feature, so it does not show up in the Linux > + ``/proc/cpuinfo`` in the host or guest. ditto. > + It should only be enabled for VMs if the host reports ``Not affected`` > + in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling`` > + file. > > Preferred CPU models for AMD x86 hosts > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Thanks very much! With nits fixed :-), Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
On Tue, Jan 21, 2025 at 09:31:25PM +0800, Zhao Liu wrote: > On Tue, Jan 21, 2025 at 10:06:50AM +0800, Tao Su wrote: > > Date: Tue, 21 Jan 2025 10:06:50 +0800 > > From: Tao Su <tao1.su@linux.intel.com> > > Subject: [PATCH 4/4] docs: Add GNR, SRF and CWF CPU models > > X-Mailer: git-send-email 2.34.1 > > > > Update GraniteRapids, SierraForest and ClearwaterForest CPU models in > > section "Preferred CPU models for Intel x86 hosts". > > > > Also introduce bhi-no, gds-no and rfds-no in doc. > > > > Suggested-by: Zhao Liu <zhao1.liu@intel.com> > > Signed-off-by: Tao Su <tao1.su@linux.intel.com> > > --- > > docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++ > > 1 file changed, 42 insertions(+) > > [snip] > > > +``bhi-no`` > > + Recommended to inform that the guest that the host is ``not`` > > s/inform that the guest/inform the guest/ > > > + vulnerable to CVE-2022-0001, Branch History Injection (BHI). > > + > > + This too is an MSR feature, so it does not show up in the Linux > > s/This too is an/This is also an/ > > > + ``/proc/cpuinfo`` in the host or guest. > > + > > + It should only be enabled for VMs if the host reports > > + ``BHI: Not affected`` in the > > + ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file. > > + > > +``gds-no`` > > + Recommended to inform that the guest that the host is ``not`` > > + vulnerable to CVE-2022-40982, Gather Data Sampling (GDS). > > s/inform that the guest/inform the guest/ > > > + This too is an MSR feature, so it does not show up in the Linux > > + ``/proc/cpuinfo`` in the host or guest. > > s/This too is an/This is also an/ > > > + It should only be enabled for VMs if the host reports ``Not affected`` > > + in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling`` > > + file. > > + > > +``rfds-no`` > > + Recommended to inform that the guest that the host is ``not`` > > + vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS). > > ditto. > > > + This too is an MSR feature, so it does not show up in the Linux > > + ``/proc/cpuinfo`` in the host or guest. > > ditto. > > > + It should only be enabled for VMs if the host reports ``Not affected`` > > + in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling`` > > + file. > > > > Preferred CPU models for AMD x86 hosts > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Thanks very much! With nits fixed :-), > > Reviewed-by: Zhao Liu <zhao1.liu@intel.com> > > Thanks for the suggestion, the description is better with these changes. >
On Tue, 21 Jan 2025, Tao Su wrote: > Update GraniteRapids, SierraForest and ClearwaterForest CPU models in > section "Preferred CPU models for Intel x86 hosts". > > Also introduce bhi-no, gds-no and rfds-no in doc. > > Suggested-by: Zhao Liu <zhao1.liu@intel.com> > Signed-off-by: Tao Su <tao1.su@linux.intel.com> > --- > docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++ > 1 file changed, 42 insertions(+) > > diff --git a/docs/system/cpu-models-x86.rst.inc b/docs/system/cpu-models-x86.rst.inc > index ba27b5683f..f0b5189d91 100644 > --- a/docs/system/cpu-models-x86.rst.inc > +++ b/docs/system/cpu-models-x86.rst.inc > @@ -71,6 +71,16 @@ mixture of host CPU models between machines, if live migration > compatibility is required, use the newest CPU model that is compatible > across all desired hosts. > > +``ClearwaterForest`` > + Intel Xeon Processor (ClearwaterForest, 2025) > + > +``SierraForest``, ``SierraForest-v2`` > + Intel Xeon Processor (SierraForest, 2024), SierraForest-v2 matigates Typo, do you mean "mitigates"? Regards, BALATON Zoltan > + the GDS and RFDS vulnerabilities with stepping 3. > + > +``GraniteRapids``, ``GraniteRapids-v2`` > + Intel Xeon Processor (GraniteRapids, 2024) > + > ``Cascadelake-Server``, ``Cascadelake-Server-noTSX`` > Intel Xeon Processor (Cascade Lake, 2019), with "stepping" levels 6 > or 7 only. (The Cascade Lake Xeon processor with *stepping 5 is > @@ -223,6 +233,38 @@ features are included if using "Host passthrough" or "Host model". > ``/sys/devices/system/cpu/vulnerabilities/tsx_async_abort`` file in > the guest should report ``Mitigation: TSX disabled``. > > +``bhi-no`` > + Recommended to inform that the guest that the host is ``not`` > + vulnerable to CVE-2022-0001, Branch History Injection (BHI). > + > + This too is an MSR feature, so it does not show up in the Linux > + ``/proc/cpuinfo`` in the host or guest. > + > + It should only be enabled for VMs if the host reports > + ``BHI: Not affected`` in the > + ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file. > + > +``gds-no`` > + Recommended to inform that the guest that the host is ``not`` > + vulnerable to CVE-2022-40982, Gather Data Sampling (GDS). > + > + This too is an MSR feature, so it does not show up in the Linux > + ``/proc/cpuinfo`` in the host or guest. > + > + It should only be enabled for VMs if the host reports ``Not affected`` > + in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling`` > + file. > + > +``rfds-no`` > + Recommended to inform that the guest that the host is ``not`` > + vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS). > + > + This too is an MSR feature, so it does not show up in the Linux > + ``/proc/cpuinfo`` in the host or guest. > + > + It should only be enabled for VMs if the host reports ``Not affected`` > + in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling`` > + file. > > Preferred CPU models for AMD x86 hosts > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >
On Tue, Jan 21, 2025 at 04:12:48AM +0100, BALATON Zoltan wrote: > On Tue, 21 Jan 2025, Tao Su wrote: > > Update GraniteRapids, SierraForest and ClearwaterForest CPU models in > > section "Preferred CPU models for Intel x86 hosts". > > > > Also introduce bhi-no, gds-no and rfds-no in doc. > > > > Suggested-by: Zhao Liu <zhao1.liu@intel.com> > > Signed-off-by: Tao Su <tao1.su@linux.intel.com> > > --- > > docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++ > > 1 file changed, 42 insertions(+) > > > > diff --git a/docs/system/cpu-models-x86.rst.inc b/docs/system/cpu-models-x86.rst.inc > > index ba27b5683f..f0b5189d91 100644 > > --- a/docs/system/cpu-models-x86.rst.inc > > +++ b/docs/system/cpu-models-x86.rst.inc > > @@ -71,6 +71,16 @@ mixture of host CPU models between machines, if live migration > > compatibility is required, use the newest CPU model that is compatible > > across all desired hosts. > > > > +``ClearwaterForest`` > > + Intel Xeon Processor (ClearwaterForest, 2025) > > + > > +``SierraForest``, ``SierraForest-v2`` > > + Intel Xeon Processor (SierraForest, 2024), SierraForest-v2 matigates > > Typo, do you mean "mitigates"? Yes, thanks for pointing out.
© 2016 - 2025 Red Hat, Inc.