Mailinglist Archive: opensuse-virtual (17 mails)

< Previous Next >
Re: [opensuse-virtual] How to correctly configure mitigation of CVE-2018-3646 'Foreshadow-NG (VMM)' on Xen Dom0 host?
On Mon, 2019-04-15 at 07:17 -0700, PGNet Dev wrote:
On 4/15/19 3:08 AM, Dario Faggioli wrote:

What's missing in my config to mitigate/remove the CVE-2018-3646
vulnerability?

There's nothing you're missing, as far as I can tell. What the
problem
seems to be, is that spectre-and-meltdown-checker.sh does not treat
the
case of this check being made within a Xen (PV) guest properly.

I'll check whether this is actually the case, and I'll to see about
fixing that, as soon as I find a minute.

Thanks.

So, I finally gave a look at the spectre-meltdown-checker.sh source.

IMO, figuring out whether or not we're running on a system which we can
call "an hypervisor", is kind of broken, for both Xen and KVM.

This affects the meaningfulness of what the tool reports about L1TF
quite a bit.

I had a go at fixing a few things, mostly for KVM, though. I have a
branch here:
https://github.com/dfaggioli/spectre-meltdown-checker/tree/l1tf-host

(and I did send the pull request... let's see if the author likes my
changes).

I started to look at the Xen side of things, but then found this:
https://github.com/h0nIg/spectre-meltdown-checker/tree/xen

I still haven't tried, nor checked the patches thoroughly, but I'll
give it a look and see if we they're fine (and, probably, base any
future work on at least some of them).

But that won't happen before the end of next week.

Regards
--
Dario Faggioli, Ph.D
http://about.me/dario.faggioli
Virtualization Software Engineer
SUSE Labs, SUSE https://www.suse.com/
-------------------------------------------------------------------
<<This happens because _I_ choose it to happen!>> (Raistlin Majere)

< Previous Next >
List Navigation
Follow Ups