Hi, I've applied the latest kernel upticks of kernel and microcode_ctl for L1TF. Just rpm updates and rebooted, no further changes.
kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm microcode_ctl-1.17-33.3.el6_10.x86_64.rpm
L1TF has several mitigations. So far I can see that only this one is applied.
# cat /sys/devices/system/cpu/vulnerabilities/l1tf Mitigation: PTE Inversion
Is this the definitive check? I'm trying to confirm the L1Data Cache flush isn't enabled. It's ok if only this PTE Inversion is applied for me, I just need to be sure, because when I read this url from Redhat, it says 2 of the 3 mitigations are enabled by default, but I see only 1:
https://access.redhat.com/security/vulnerabilities/L1TF "/All mitigations are enabled by default with the exception of disabling Hyper-Threading, which customers must take explicit manual steps to turn off./"
Also, I haven't been able to find clarity on what mitigations need to be applied to VMs, which ones to VM servers, which to kvm instances and kvm servers, and if containers and container servers need any special treatment.
Thanks! -->Pat