GRID Software for Red Hat Enterprise Linux with KVM Release Notes Version 367.132/370.39
Release information for all users of NVIDIA GRID software and hardware on Red Hat Enterprise Linux with KVM.
1. Release Notes
These Release Notes summarize current status, information on validated platforms, and known issues with NVIDIA GRID™ software and hardware on Red Hat Enterprise Linux with KVM.
This release includes the following software:
- NVIDIA Windows drivers for vGPU version 370.39
- NVIDIA Linux drivers for vGPU version 367.133
Updates in this release:
- Miscellaneous bug fixes
- Security updates
2. Validated Platforms
This release of NVIDIA GRID software provides support for several NVIDIA GPUs on validated server hardware platforms, Red Hat Enterprise Linux with KVM hypervisor software versions, and guest operating systems.
2.1. Supported NVIDIA GPUs and Validated Server Platforms
This release of NVIDIA GRID software provides support for the following NVIDIA GPUs on Red Hat Enterprise Linux with KVM, running on validated server hardware platforms:
- GRID K1
- GRID K2
- Tesla M6
- Tesla M10
- Tesla M60
For a list of validated server platforms, refer to NVIDIA GRID Certified Servers.
2.2. Hypervisor Software Releases
This release supports only the hypervisor software release listed in the table.
| Software | Releases Supported |
|---|---|
|
Red Hat Enterprise Linux with KVM |
7.0-7.4 |
2.3. Guest OS Support
NVIDIA GRID software supports several Windows releases and Linux distributions as a guest OS using GPU pass-through.
Windows Guest OS Support
NVIDIA GRID software supports only the following Windows releases as a guest OS on Red Hat Enterprise Linux with KVM:
- Windows Server 2012 R2
- Windows Server 2008 R2
- Windows 10 RTM (1507), November Update (1511), Anniversary Update (1607), Creators Update (1703) (32/64-bit)
- Windows 8.1 (32/64-bit)
- Windows 7 (32/64-bit)
2.3.2. Linux Guest OS Support
NVIDIA GRID software supports only the following 64-bit Linux distributions as a guest OS only on supported Tesla GPUs on Red Hat Enterprise Linux with KVM:
- Red Hat Enterprise Linux 7.0-7.4
- CentOS 7.0-7.4
- Red Hat Enterprise Linux 6.6
- CentOS 6.6
3. Security Updates
3.1. Restricting Access to GPU Performance Counters
The NVIDIA graphics driver contains a vulnerability (CVE-2018-6260) that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. To address this vulnerability, update the driver and restrict access to GPU performance counters to allow access only by administrator users and users who need to use CUDA profiling tools.
The GPU performance counters that are affected by this vulnerability are the hardware performance monitors used by the CUDA profiling tools such as CUPTI, Nsight Graphics, and Nsight Compute. These performance counters are exposed on the hypervisor host and in guest VMs only as follows:
- On the hypervisor host, they are always exposed. However, the Virtual GPU Manager does not access these performance counters and, therefore, is not affected.
- In Windows and Linux guest VMs, they are exposed only in VMs configured for GPU pass through. They are not exposed in VMs configured for NVIDIA vGPU.
3.1.1. Windows: Restricting Access to GPU Performance Counters for One User by Using NVIDIA Control Panel
Perform this task from the guest VM to which the GPU is passed through.
- Open NVIDIA Control Panel:
- Right-click on the Windows desktop and select NVIDIA Control Panel from the menu.
- Open Windows Control Panel and double-click the NVIDIA Control Panel icon.
- In NVIDIA Control Panel, select the Manage GPU Performance Counters task in the Developer section of the navigation pane.
- Complete the task by following the instructions in the topic in the NVIDIA Control Panel help.
3.1.2. Windows: Restricting Access to GPU Performance Counters Across an Enterprise by Using a Registry Key
You can use a registry key to restrict access to GPU Performance Counters for all users who log in to a Windows guest VM. By incorporating the registry key information into a script, you can automate the setting of this registry for all Windows guest VMs across your enterprise.
Perform this task from the guest VM to which the GPU is passed through.
- Set the RmProfilingAdminOnly Windows registry key to
1.
[HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation\Global\NVTweak] Value: "RmProfilingAdminOnly" Type: DWORD Data: 00000001
The data value 1 restricts access, and the data value 0 allows access, to application data processed on the GPU through a side channel exposed by the GPU performance counters.
- Restart the VM.
3.1.3. Linux Guest VMs and Hypervisor Host: Restricting Access to GPU Performance Counters
On systems where unprivileged users don't need to use GPU performance counters, restrict access to these counters to system administrators, namely users with the CAP_SYS_ADMIN capability set. By default, the GPU performance counters are not restricted to users with the CAP_SYS_ADMIN capability.
Perform this task from the guest VM to which the GPU is passed through or from your hypervisor host machine.
In Linux guest VMs, this task requires sudo privileges. On your hypervisor host machine, this task must be performed as the root user on the machine.
- Log in to the guest VM or open a command shell on your hypervisor host machine.
- Set the kernel module parameter
NVreg_RestrictProfilingToAdminUsers to 1 by adding this
parameter to the /etc/modprobe.d/nvidia.conf file.
-
If you are setting only this parameter, add an entry for it to the /etc/modprobe.d/nvidia.conf file as follows:
options nvidia NVreg_RegistryDwords="NVreg_RestrictProfilingToAdminUsers=1"
-
If you are setting multiple parameters, set them in a single entry as in the following example:
options nvidia NVreg_RegistryDwords="RmPVMRL=0x0" "NVreg_RestrictProfilingToAdminUsers=1"
If the /etc/modprobe.d/nvidia.conf file does not already exist, create it.
-
- Restart the VM or reboot your hypervisor host machine.
Notices
Notice
ALL NVIDIA DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, "MATERIALS") ARE BEING PROVIDED "AS IS." NVIDIA MAKES NO WARRANTIES, EXPRESSED, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.
Information furnished is believed to be accurate and reliable. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication of otherwise under any patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all other information previously supplied. NVIDIA Corporation products are not authorized as critical components in life support devices or systems without express written approval of NVIDIA Corporation.
HDMI
HDMI, the HDMI logo, and High-Definition Multimedia Interface are trademarks or registered trademarks of HDMI Licensing LLC.
Trademarks
NVIDIA, the NVIDIA logo, NVIDIA GRID, vGPU, and Tesla are trademarks or registered trademarks of NVIDIA Corporation in the U.S. and other countries. Other company and product names may be trademarks of the respective companies with which they are associated.