By reading that advisory and information posted here ( https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/), it seems that there are 2 possible short-term mitigations against Meltdown for QubesOS 3.2 users. - Move PV VMs to HVM. - Move PV VMs to use 32-bit kernels. It should prevent to use Meltdown/SP3 against the hypervisor, but it won't prevent it against the kernel itself. Then update when newer 32-bit kernel with KPIT are available.
Qubes 4 users shouldn't be affected by SP3/Meltdown, but should be affected from SP1/SP2/Spectre. On 01/04/2018 10:53 PM, Chris Drake wrote: > It is very clear: https://xenbits.xen.org/xsa/advisory-254.html > > IMPACT > ====== > > Xen guests may be able to infer the contents of arbitrary host memory, > including memory assigned to other guests. > > VULNERABLE SYSTEMS > ================== > > Systems running all versions of Xen are affected. > > MITIGATION > ========== > > There is no mitigation for SP1 and SP2. > > RESOLUTION > ========== > > There is no available resolution for SP1 or SP3. > > > For those unaware - this is a hardware fault. CPUs make use of speculative > execution (Spectre) or Pipelines (Meltdown) - both of which can be used to > attempt to access illegal memory. The access fails, however, it's possible > to use the "stolen" memory before the access-fail is enforced in a way that > makes it available on a side-channel (cache in these exploits, but could be > anything else like ports/dma) to any non-privileged process. > -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ade43b3a-8050-df93-aa7c-d595cbb1a7cc%40gmail.com. For more options, visit https://groups.google.com/d/optout.
