Re: CentOS-virt - Kernel Side-Channel Attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 01/05/2018 06:33 AM, George Dunlap wrote:
> On Thu, Jan 4, 2018 at 7:12 PM, Sarah Newman <srn@xxxxxxxxx> wrote:
>> On 01/04/2018 10:49 AM, Akemi Yagi wrote:
>>> On Thu, Jan 4, 2018 at 9:51 AM, <rikske@xxxxxxx> wrote:
>>>> Please patch the CentOS-virt Kernel to fix the
>>>> Kernel Side-Channel Attacks vulnerabilities.
>>>> The latest CentOS-virt kernel was released in November, as seen below.
>>>> kernel-4.9.63-29.el7.x86_64.rpm 2017-11-21 13:30
>>> As far as I can see, the patches for
>>> KAISER (Kernel Address
>>> Isolation to have Side-channels Efficiently Removed) will appear in
>>> kernel 4.9.75. Looks like it will be released soon upstream (
>> To my best knowledge KAISER doesn't matter for Xen Dom0's given they run in PV mode, and KAISER isn't enabled for PV guests.
> But it will be important if anyone is running the CentOS kernel in
> their HVM domUs (as guest kernels can be attacked using SP3 by guest
> user space without the KPTI patches).
> I'm sure Johnny will get to it as soon as he has the opportunity.

I have just pushed the 4.9.75-29.el7 and 4.9.75-30.el6 kernels to the
testing repositories.


xen, xen-44, xen-46, xen-48 repos should all get the rpms (not just xen)
.. el6 has yet to post there, but it is tagged and should show up in a
couple hours.  The kernel is already there in the el7 trees.

We need lots of testing .. the configuration name is now:


(instead of CONFIG_KAISER)

Please test these kernels so we can release them .. it boots for me as a
Dom0 kernel and I can start PVHVM and HVM CentOS DomU machines .. which
is how I test before I move the kernels to the testing repos.

Attachment: signature.asc
Description: OpenPGP digital signature

CentOS-virt mailing list

[Index of Archives]     [CentOS Users]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     []     [Xfree86]     [Linux USB]

  Powered by Linux