Ubuntu
qemu package

Code review comment for ~rafaeldtinoco/ubuntu/+source/qemu:lp1828495-bionic-devel-qemu

  1. Git
  2. lp:~rafaeldtinoco/ubuntu/+source/qemu
  3. lp1828495-bionic-devel-qemu
  4. Merge into ubuntu/bionic-devel
Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

Christian,

https://bugs.launchpad.net/intel/+bug/1828495/comments/14

HOST MITIGATION FEATURES REPORT:
https://bugs.launchpad.net/intel/+bug/1828495/comments/15

OLD QEMU GUEST MIT FEATURES REPORT:
https://bugs.launchpad.net/intel/+bug/1828495/comments/16

NEW QEMU GUEST MIT FEATURES REPORT:
https://bugs.launchpad.net/intel/+bug/1828495/comments/17

MIT FEATURES REPORT DELTA FROM OLD TO NEW:
https://bugs.launchpad.net/intel/+bug/1828495/comments/18

Meaning we basically have enabled INSIDE the GUEST:

* Hardware support (CPU microcode) for mitigation techniques

* Enhanced IBRS (IBRS_ALL) -> ENABLED

  * CPU indicates ARCH_CAPABILITIES MSR availability: YES
  * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: YES

* CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES -> ENABLED

* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO -> ENABLED

and

* CPU vulnerability to the speculative execution attack variants

  * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO -> ENABLED
  * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO -> ENABLED
  * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO -> ENABLED

« Back to merge proposal