Christian,
https://bugs.launchpad.net/intel/+bug/1828495/comments/14
HOST MITIGATION FEATURES REPORT: https://bugs.launchpad.net/intel/+bug/1828495/comments/15
OLD QEMU GUEST MIT FEATURES REPORT: https://bugs.launchpad.net/intel/+bug/1828495/comments/16
NEW QEMU GUEST MIT FEATURES REPORT: https://bugs.launchpad.net/intel/+bug/1828495/comments/17
MIT FEATURES REPORT DELTA FROM OLD TO NEW: https://bugs.launchpad.net/intel/+bug/1828495/comments/18
Meaning we basically have enabled INSIDE the GUEST:
* Hardware support (CPU microcode) for mitigation techniques
* Enhanced IBRS (IBRS_ALL) -> ENABLED
* CPU indicates ARCH_CAPABILITIES MSR availability: YES * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: YES
* CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES -> ENABLED
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO -> ENABLED
and
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO -> ENABLED * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO -> ENABLED * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO -> ENABLED
« Back to merge proposal
Christian,
https:/ /bugs.launchpad .net/intel/ +bug/1828495/ comments/ 14
HOST MITIGATION FEATURES REPORT: /bugs.launchpad .net/intel/ +bug/1828495/ comments/ 15
https:/
OLD QEMU GUEST MIT FEATURES REPORT: /bugs.launchpad .net/intel/ +bug/1828495/ comments/ 16
https:/
NEW QEMU GUEST MIT FEATURES REPORT: /bugs.launchpad .net/intel/ +bug/1828495/ comments/ 17
https:/
MIT FEATURES REPORT DELTA FROM OLD TO NEW: /bugs.launchpad .net/intel/ +bug/1828495/ comments/ 18
https:/
Meaning we basically have enabled INSIDE the GUEST:
* Hardware support (CPU microcode) for mitigation techniques
* Enhanced IBRS (IBRS_ALL) -> ENABLED
* CPU indicates ARCH_CAPABILITIES MSR availability: YES
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: YES
* CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES -> ENABLED
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO -> ENABLED
and
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO -> ENABLED
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO -> ENABLED
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO -> ENABLED