Intel's latest L1TF vulnerability and libvirt

"Paul O'Rorke" <paul@xxxxxxxxxxxxxxxxxxxx> · Tue, 4 Sep 2018 11:11:30 -0700



    Hi,
    with regards Intels L1TF vulnerabilities, it seems they are
      somewhat non-committal on whether turning off HyperThreading is
      required, suggesting people
      
Consult with your hypervisor vendor for
        more guidance.
      https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html#faq-answers-10-0
    What is the consensus in the Libvirt community about the risks
      (or not) of leaving Hyperthreading enabled?  After updates my
      hosts are showing they have conditional cache flushing enabled yet
      still report as "SMT vulnerable":
    root@trk-kvm-03:~# cat
      /sys/devices/system/cpu/vulnerabilities/l1tf

      Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT
      vulnerable

    
    Thoughts?

    
    -- 

      
      Paul O'Rorke

        Tracker Software Products (Canada) Limited 

        www.tracker-software.com

        Tel:
        +1 (250) 324 1621

        Fax: +1 (250) 324 1623

        
        Support:
        

        http://www.tracker-software.com/support
        

        Download latest Releases
        

        http://www.tracker-software.com/downloads/
      

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users