[CentOS] L1TF in CentOS
Patrick Rael
prael at lumeta.comTue Oct 2 14:36:47 UTC 2018
- Previous message: [CentOS] How to install Banshee on CentOS 7?
- Next message: [CentOS] 2038 year Problem
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, I've applied the latest kernel upticks of kernel and microcode_ctl for L1TF. Just rpm updates and rebooted, no further changes. kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm microcode_ctl-1.17-33.3.el6_10.x86_64.rpm L1TF has several mitigations. So far I can see that only this one is applied. # cat /sys/devices/system/cpu/vulnerabilities/l1tf Mitigation: PTE Inversion Is this the definitive check? I'm trying to confirm the L1Data Cache flush isn't enabled. It's ok if only this PTE Inversion is applied for me, I just need to be sure, because when I read this url from Redhat, it says 2 of the 3 mitigations are enabled by default, but I see only 1: https://access.redhat.com/security/vulnerabilities/L1TF "/All mitigations are enabled by default with the exception of disabling Hyper-Threading, which customers must take explicit manual steps to turn off./" Also, I haven't been able to find clarity on what mitigations need to be applied to VMs, which ones to VM servers, which to kvm instances and kvm servers, and if containers and container servers need any special treatment. Thanks! -->Pat
- Previous message: [CentOS] How to install Banshee on CentOS 7?
- Next message: [CentOS] 2038 year Problem
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list