During the past year, several architectural flaws in CPUs were disclosed, allowing user processes to read privileged memory or registers through cache side-channel attacks. For those flaws that were fixed through microcode updates, the effect of the updates may need to be visible in the guest, requiring changes in QEMU, libvirt and the rest of the virtualization stack. Even if no updated microcode was needed, as was the case for "Meltdown", the fixed kernel used a previously irrelevant CPU features in order to avoid an even more substantial performance drop.
All in all, these experiences showed that even higher-level management, such as OpenStack, need to be taught about the details of CPU configuration. This talk will explain how this conclusion was reached, what exactly is expected from management tools, and why.