Dario, Thank you very much for your comments, they're clear, clarifying and essential. Tony On Fri, Apr 19, 2019 at 10:26 AM Dario Faggioli <dfaggioli@suse.com> wrote:
On Mon, 2019-04-15 at 07:17 -0700, PGNet Dev wrote:
On 4/15/19 3:08 AM, Dario Faggioli wrote:
What's missing in my config to mitigate/remove the CVE-2018-3646 vulnerability?
There's nothing you're missing, as far as I can tell. What the problem seems to be, is that spectre-and-meltdown-checker.sh does not treat the case of this check being made within a Xen (PV) guest properly.
I'll check whether this is actually the case, and I'll to see about fixing that, as soon as I find a minute.
Thanks.
So, I finally gave a look at the spectre-meltdown-checker.sh source.
IMO, figuring out whether or not we're running on a system which we can call "an hypervisor", is kind of broken, for both Xen and KVM.
This affects the meaningfulness of what the tool reports about L1TF quite a bit.
I had a go at fixing a few things, mostly for KVM, though. I have a branch here: https://github.com/dfaggioli/spectre-meltdown-checker/tree/l1tf-host
(and I did send the pull request... let's see if the author likes my changes).
I started to look at the Xen side of things, but then found this: https://github.com/h0nIg/spectre-meltdown-checker/tree/xen
I still haven't tried, nor checked the patches thoroughly, but I'll give it a look and see if we they're fine (and, probably, base any future work on at least some of them).
But that won't happen before the end of next week.
Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <<This happens because _I_ choose it to happen!>> (Raistlin Majere)
-- To unsubscribe, e-mail: opensuse-virtual+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-virtual+owner@opensuse.org