Hi,
????? I've applied the latest kernel upticks of kernel and
microcode_ctl for L1TF.
Just rpm updates and rebooted, no further changes.
kernel-2.6.32-754.3.5.el6.x86_64.rpm
kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm
kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm
perf-2.6.32-754.3.5.el6.x86_64.rpm
microcode_ctl-1.17-33.3.el6_10.x86_64.rpm
L1TF has several mitigations.? So far I can see that only this one is
applied.
# cat /sys/devices/system/cpu/vulnerabilities/l1tf
Mitigation: PTE Inversion
Is this the definitive check?? I'm trying to confirm the L1Data Cache
flush isn't
enabled.??? It's ok if only this PTE Inversion is applied for me, I just
need
to be sure, because when I read this url from Redhat, it says 2 of the 3
mitigations are enabled by default, but I see only 1:
https://access.redhat.com/security/vulnerabilities/L1TF
"/All mitigations are enabled by default with the exception of disabling
Hyper-Threading, which customers must take explicit manual steps to turn
off./"
Also, I haven't been able to find clarity on what mitigations need to be
applied
to VMs, which ones to VM servers, which to kvm instances and kvm servers,
and if containers and container servers need any special treatment.
Thanks!
-->Pat
