On Mon, 2019-04-15 at 10:12 -0700, Tony Su wrote:
Have a Q. Found the following artic which although is for a different CVS vulnerability more generally describes ways to read proc settings directly to verify mitigations installed
Was wondering whether there is an article similar to the one referenced by "@PGnet Dev" that's a good jumping off point for other virtualization, specifically KVM?
I'm not sure I have understood what you are after. Each one of these things being --although all somewhat related-- different vulnerabilities, came out at different times, each has its own piece of documentation (or, often, more than one!). L1TF is the one which, it can be stated, is the most related to virtualization, and SUSE docs for it is here (not sure this was liked already): https://www.suse.com/support/kb/doc/?id=7023077 The most authoritative source of info for KVM would be, IMO, the kernel documentation: https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html For Xen, I personally think the XSA is particularly well done: https://xenbits.xen.org/xsa/advisory-273.html But again, I'm not sure it was things like these you were actually looking for... Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <<This happens because _I_ choose it to happen!>> (Raistlin Majere)