Issue Type: | Bug |
---|---|
Priority: | 4 - Normal |
Status: | Resolved |
Created at: | 2018-08-14T18:06:36.402Z |
Updated at: | 2019-09-04T12:09:24.911Z |
Created by: | Former user |
---|---|
Reported by: | Former user |
Assigned to: | Former user |
Fixed: A fix for this issue is checked into the tree and tested.
(Resolution Date: 2018-08-14T21:40:45.221Z)
2018-08-16 Yuffie's House (Release Date: 2018-08-16)
We need mitigation for the VMM variant of L1TF.
These bits have been tested with KVM and bhyve, on a two-socket system as well as sanity checked under VMWare.
A boot with HT disabled in the BIOS was done to confirm it falls back correctly.
Various different stress tests were done:
In addition a range of tests was done by Angela, Max and co, including cassandra-test runs, as covered in QA-285.
I forgot to mention the most important test: I ran my L1TF proof of concept (basically, force a host process to share a core with a malicious guest that is executing a modified meltdown code to peek at a given physical address) with HT exclusion enabled. In various different configurations, exclusion prevented the exploit from working.
illumos-joyent commit 4f3af6ac0e7bc423c116341136c1757ff948a506 (branch master, by John Levon)
OS-7125 Need mitigation of L1TF (CVE-2018-3646)
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Approved by: Robert Mustacchi <rm@joyent.com>
illumos-kvm commit e05dd9f674b33879dce5db3fe3187092b4a0e24e (branch master, by John Levon)
OS-7125 Need mitigation of L1TF (CVE-2018-3646)
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Approved by: Robert Mustacchi <rm@joyent.com>
illumos-kvm commit 2ceb2a6fd7934a9d62d0101939efc728e3c27528 (branch release-20180802, by John Levon)
OS-7125 Need mitigation of L1TF (CVE-2018-3646)
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Approved by: Robert Mustacchi <rm@joyent.com>
illumos-joyent commit 89d0fffcadbabb8694d3ce87b5be826e2b789c99 (branch release-20180802, by John Levon)
OS-7125 Need mitigation of L1TF (CVE-2018-3646)
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Approved by: Robert Mustacchi <rm@joyent.com>