|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?
Hi! > Still, xl dmesg shows me: > > (XEN) *************************************************** > (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading > (XEN) enabled. Please assess your configuration and choose an > (XEN) explicit 'smt=<bool>' setting. See XSA-273. > (XEN) *************************************************** > > What's wrong here? As stated in XSA-273[1] you need to decide whether you want to leave hyperthreading enabled or not. This decision should be based on the evaluation of the risk (quote of XSA-273): | RISK ASSESSMENT OF SMT/HYPER-THREADING | ====================================== | | 1) If hyper-threading is unavailable, or already disabled in the BIOS, no | further action is necessary. | | 2) If you are using exclusively PV or HVM Shadow guests, hyper-threading has | no impact on security, and is safe to remain enabled. | | 3) If an HVM guest kernel is trusted (i.e. under host admin control), and has | been updated to include the OS vendor mitigations, then it is probably safe | to be scheduled with hyper-threading active. | | 4) If an HVM guest kernel is untrusted (i.e. not under host admin control), it | is probably not safe to be scheduled with hyper-threading active. The hypervisor requires you to make an informed decision... :-) -- Adi [1] https://xenbits.xen.org/xsa/advisory-273.html _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |