L1TF CPU bug present ...
Checking my logs just know I noticed this in the boot.log
The article goes on to list several mitigation procedures. One is to make sure your guest OS is "trusted". An interesting one is running a virtual machine inside a virtual machine! I have 8 cores and 16GB of RAM. I give my VM's 4 core, 8GB or RAM and 60GB of SSD space. Inside that VM, were I to create another VM, I'd be limited to giving it 2 core and 4GB of RAM. The SSD space isn't relevant.
I've been playing with KDENeon for the last several months to see how it is going, which is nicely. KDENeon is a trusted. However, I have no intention of moving to KDENeon so my mitigation procedure will be to remove KDENeon's VM and then uninstall virt-manager, since I wouldn't need it any more.
Problem solved.
7.675749 L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/late...vuln/l1tf.html for details.
While this is a purely speculative mechanism and the instruction will raise a page fault when it is retired eventually, the pure act of loading the data and making it available to other speculative instructions opens up the opportunity for side channel attacks to unprivileged malicious code, similar to the Meltdown attack.
While Meltdown breaks the user space to kernel space protection, L1TF allows to attack any physical memory address in the system and the attack works across all protection domains. It allows an attack of SGX and also works from inside virtual machines because the speculation bypasses the extended page table (EPT) protection mechanism.
...
2. Malicious guest in a virtual machine
The fact that L1TF breaks all domain protections allows malicious guest OSes, which can control the PTEs directly, and malicious guest user space applications, which run on an unprotected guest kernel lacking the PTE inversion mitigation for L1TF, to attack physical host memory.
...
While solutions exist to mitigate these attack vectors fully, these mitigations are not enabled by default in the Linux kernel because they can affect performance significantly.
While Meltdown breaks the user space to kernel space protection, L1TF allows to attack any physical memory address in the system and the attack works across all protection domains. It allows an attack of SGX and also works from inside virtual machines because the speculation bypasses the extended page table (EPT) protection mechanism.
...
2. Malicious guest in a virtual machine
The fact that L1TF breaks all domain protections allows malicious guest OSes, which can control the PTEs directly, and malicious guest user space applications, which run on an unprotected guest kernel lacking the PTE inversion mitigation for L1TF, to attack physical host memory.
...
While solutions exist to mitigate these attack vectors fully, these mitigations are not enabled by default in the Linux kernel because they can affect performance significantly.
I've been playing with KDENeon for the last several months to see how it is going, which is nicely. KDENeon is a trusted. However, I have no intention of moving to KDENeon so my mitigation procedure will be to remove KDENeon's VM and then uninstall virt-manager, since I wouldn't need it any more.
Problem solved.