Actually, I think that I will parshes my proxmox HOST with last proxmox kernel and the same with each VM en centos7, but I will no install dell bios or microcode for variant2... I know that the still an risk of security, but can't give an bad performance service to our client solving the...
Ok for kernel, we will try to do it ASAP :-S
About PCID, I confirm that this last pve-manager, option is present! I can't really test it because it's an test microserver (Atom c2750) that not have this feature.
proxmox-ve: 5.1-35 (running kernel: 4.13.13-4-pve)...
About PCID, it's the same as PTI? or it's an confusion that I have do? About PTI online seem have put graph : https://blog.online.net/2018/01/03/important-note-about-the-security-flaw-impacting-arm-intel-hardware/
Also if GUEST have kernel updated, HOST it's so vulnerable? I doubt to update yet HOST because for now, only 1 of 3 variant seem be solved on it.
About PCID, do you really sure that is better to enable it? Online seem proove that's not the case.
Thanks for your help.
The situation is still not clear... In our case, we will just update guest kernel for now that not seem have performance impact but not solve all spectre variant. I will not update HOST for now, waiting to see what we really had to do or what is the better we can do to lower impact performance...
You resume perfectly the actual situation when saying "that no-one will do it"
So basically we had to update kernel host and guest and nothing more? I also don't want assume an 30%, 20 or 15% of loose performance impact....
Don't worry, this is effectively 2 distinct things... so, in centos :
- There is absolutely no way to expend online an partition on same disk (no in ext4 and no in lvm), only can be done offline by iso gparted for exemple.
- The only option to do it online (is what I have tested yet in some VM)...