Dario, Thank you very much for your comments, they're clear, clarifying and essential.
Tony On Fri, Apr 19, 2019 at 10:26 AM Dario Faggioli <[email protected]> wrote: > > On Mon, 2019-04-15 at 07:17 -0700, PGNet Dev wrote: > > On 4/15/19 3:08 AM, Dario Faggioli wrote: > > > > > > > > What's missing in my config to mitigate/remove the CVE-2018-3646 > > > > vulnerability? > > > > > > > There's nothing you're missing, as far as I can tell. What the > > > problem > > > seems to be, is that spectre-and-meltdown-checker.sh does not treat > > > the > > > case of this check being made within a Xen (PV) guest properly. > > > > > > I'll check whether this is actually the case, and I'll to see about > > > fixing that, as soon as I find a minute. > > > > Thanks. > > > So, I finally gave a look at the spectre-meltdown-checker.sh source. > > IMO, figuring out whether or not we're running on a system which we can > call "an hypervisor", is kind of broken, for both Xen and KVM. > > This affects the meaningfulness of what the tool reports about L1TF > quite a bit. > > I had a go at fixing a few things, mostly for KVM, though. I have a > branch here: > https://github.com/dfaggioli/spectre-meltdown-checker/tree/l1tf-host > > (and I did send the pull request... let's see if the author likes my > changes). > > I started to look at the Xen side of things, but then found this: > https://github.com/h0nIg/spectre-meltdown-checker/tree/xen > > I still haven't tried, nor checked the patches thoroughly, but I'll > give it a look and see if we they're fine (and, probably, base any > future work on at least some of them). > > But that won't happen before the end of next week. > > Regards > -- > Dario Faggioli, Ph.D > http://about.me/dario.faggioli > Virtualization Software Engineer > SUSE Labs, SUSE https://www.suse.com/ > ------------------------------------------------------------------- > <<This happens because _I_ choose it to happen!>> (Raistlin Majere) > -- To unsubscribe, e-mail: [email protected] To contact the owner, e-mail: [email protected]
