Mailinglist Archive: opensuse-virtual (17 mails)

< Previous Next >
Re: [opensuse-virtual] How to correctly configure mitigation of CVE-2018-3646 'Foreshadow-NG (VMM)' on Xen Dom0 host?
Thank you very much for your comments, they're clear, clarifying and essential.


On Fri, Apr 19, 2019 at 10:26 AM Dario Faggioli <dfaggioli@xxxxxxxx> wrote:

On Mon, 2019-04-15 at 07:17 -0700, PGNet Dev wrote:
On 4/15/19 3:08 AM, Dario Faggioli wrote:

What's missing in my config to mitigate/remove the CVE-2018-3646

There's nothing you're missing, as far as I can tell. What the
seems to be, is that does not treat
case of this check being made within a Xen (PV) guest properly.

I'll check whether this is actually the case, and I'll to see about
fixing that, as soon as I find a minute.


So, I finally gave a look at the source.

IMO, figuring out whether or not we're running on a system which we can
call "an hypervisor", is kind of broken, for both Xen and KVM.

This affects the meaningfulness of what the tool reports about L1TF
quite a bit.

I had a go at fixing a few things, mostly for KVM, though. I have a
branch here:

(and I did send the pull request... let's see if the author likes my

I started to look at the Xen side of things, but then found this:

I still haven't tried, nor checked the patches thoroughly, but I'll
give it a look and see if we they're fine (and, probably, base any
future work on at least some of them).

But that won't happen before the end of next week.

Dario Faggioli, Ph.D
Virtualization Software Engineer
<<This happens because _I_ choose it to happen!>> (Raistlin Majere)

To unsubscribe, e-mail: opensuse-virtual+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-virtual+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation