[libvirt-users] Intel's latest L1TF vulnerability and libvirt
Paul O'Rorke
paul at tracker-software.com
Tue Sep 4 18:11:30 UTC 2018
Hi,
with regards Intels L1TF vulnerabilities, it seems they are somewhat
non-committal on whether turning off HyperThreading is required,
suggesting people
> Consult with your hypervisor vendor for more guidance.
https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html#faq-answers-10-0
What is the consensus in the Libvirt community about the risks (or not)
of leaving Hyperthreading enabled? After updates my hosts are showing
they have conditional cache flushing enabled yet still report as "SMT
vulnerable":
root at trk-kvm-03:~# cat /sys/devices/system/cpu/vulnerabilities/l1tf
Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
Thoughts?
--
*Paul O'Rorke*
*Tracker Software Products (Canada) Limited *
www.tracker-software.com <http://www.tracker-software.com/>
Tel: +1 (250) 324 1621
Fax: +1 (250) 324 1623
<http://www.tracker-software.com/>
Support:
http://www.tracker-software.com/support
Download latest Releases
http://www.tracker-software.com/downloads/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20180904/e8d6b30c/attachment.htm>
More information about the libvirt-users
mailing list