search for: l1tf

Hi, with regards Intels L1TF vulnerabilities, it seems they are somewhat non-committal on whether turning off HyperThreading is required, suggesting people > Consult with your hypervisor vendor for more guidance. https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html#faq-answers-10-0 What is the c...

Hi, ????? I've applied the latest kernel upticks of kernel and microcode_ctl for L1TF. Just rpm updates and rebooted, no further changes. kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm microcode_ctl-1.17-33.3.el6_10.x86_64.rpm L1TF has several mitigations.? So far I...

Am 29.08.2018 um 23:46 schrieb Stephen John Smoogen <smooge at gmail.com>: > > On Wed, 29 Aug 2018 at 17:41, Leon Fauster via CentOS <centos at centos.org> wrote: >> Since the update from kernel-2.6.32-754.2.1.el6.x86_64 >> to kernel-2.6.32-754.3.5.el6.x86_64 I can not boot my >> KVM guests anymore!? The workstation panics immediately! >> >> I

...l nx lm constant_tsc arch_perfmon rep_good nopl nonstop_tsc pni pclmulqdq monitor est ssse3 cx16 sse4_1 sse4_2 popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm fsgsbase erms xsaveopt dtherm ida arat pln pts bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds You will note that there is a lack of flags for ssbd, spec_ctrl, intel_stibp, flush_l1d, ibrs, etc. # for i in /sys/devices/system/cpu/vulnerabilities/* ; do echo -n "$i : "; cat $i ; done /sys/devices/system/cpu/vulnerabilities/l1tf : Mitigation: PTE Inversion /sys/devices/system/c...

...+ phys_addr_t pa; > + pgd_t *pgd; > + pte_t *pte; > + > + pgd = pgd_offset(current->active_mm, va); > + pte = lookup_address_in_pgd(pgd, va, &level); > + if (!pte) > + return 0; '0' is a valid physical address. It happens to be reserved in the kernel thanks to L1TF, but using '0' as an error code is ugly. Not to mention none of the callers actually check the result. > + > + pa = (phys_addr_t)pte_pfn(*pte) << PAGE_SHIFT; > + pa |= va & ~page_level_mask(level); > + > + return pa; > +}

...pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm cpuid_fault epb pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt dtherm ida arat pln pts flush_l1d bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf This results on my cpu being detected, if I allow host copy, as AMD chip and the guest becomes unbearably slow. The model of the host cpu is correct. I'm using Debian testing/unstable. Compiled against library: libvirt 4.7.0 Using library: libvirt 4.7.0 Using API: QEMU 4.7.0 Running hyperviso...

...128 KiB > >> > L2 cache: 1 MiB > >> > L3 cache: 6 MiB > >> > NUMA node0 CPU(s): 0-3 > >> > Vulnerability Itlb multihit: KVM: Mitigation: Split huge pages > >> > Vulnerability L1tf: Mitigation; PTE Inversion; VMX conditional cache flushes, SMT disabled > >> > Vulnerability Mds: Mitigation; Clear CPU buffers; SMT disabled > >> > Vulnerability Meltdown: Mitigation; PTI > >> > Vulnerability Spec store bypass...

...500.0000 CPU min MHz: 600.0000 BogoMIPS: 108.00 L1d cache: 128 KiB L1i cache: 192 KiB L2 cache: 1 MiB Vulnerability Itlb multihit: Not affected Vulnerability L1tf: Not affected Vulnerability Mds: Not affected Vulnerability Meltdown: Not affected Vulnerability Mmio stale data: Not affected Vulnerability Retbleed: Not affected Vulnerability Spec store bypass: Vulnerable Vulnerability Spectr...

...oc=1*2097152 [ 0.246767] pcpu-alloc: [0] 0 1 2 3 [ 0.246794] Built 1 zonelists, mobility grouping on. Total pages: 1160733 [ 0.246795] Policy zone: Normal [ 0.246798] Kernel command line: BOOT_IMAGE=/vmlinuz-linux root=UUID=bab4cf30-4010-49d7-bab9-4cc491e77f94 rw pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier quiet [ 0.280191] Calgary: detecting Calgary via BIOS EBDA area [ 0.280194] Calgary: Unable to locate Rio Grande table in EBDA - bailing! [ 0.348371] Memory: 4533100K/4716724K available (12291K kernel code, 1319K rwdata, 3900K rodata, 1612K in...

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by

Hi, here is the next version of changes to enable Linux to run as an SEV-ES guest. The code was rebased to v5.7-rc3 and got a fair number of changes since the last version. What is SEV-ES ============== SEV-ES is an acronym for 'Secure Encrypted Virtualization - Encrypted State' and means a hardware feature of AMD processors which hides the register state of VCPUs to the hypervisor by