[libvirt] [Libvirt-Security] About CVE-2017-5715
Eric Blake
eblake at redhat.com
Fri Jan 5 13:42:26 UTC 2018
On 01/04/2018 10:46 AM, Eric Blake wrote:
> One thing that might happen: the papers describing the flaws mention
> that side effects of speculative execution in hardware is a root cause
> for all three related vulnerabilities (two under the name Spectre and
> one under the name Meltdown) just made public; so it is conceivable that
> hardware vendors may offer a microcode update that enables run-time
> enabling/disabling of speculative execution (a tradeoff of speed vs.
> security; disabling speculative execution would prevent leaks, but kill
> performance).
Indeed, that's part of what has already happened - Intel and AMD are
both providing new microcode that adds new processor capability bits for
controlling the use of speculative execution while executing kernel
code; and part of the updates you will need to protect against Spectre
include updating to that new microcode, updating the kernel to take
advantage of the new processor capabilities, updating qemu to migrate
the CPUID state of those new capabilities, and updating libvirt's CPU
models to include those new CPUID states. For maximum protection, you
have to update both host and guest kernels. The updates do come with
performance penalties, so you will also want to benchmark what the
updates will do to your deployments, and consider whether you have
sufficient security via other means to avoid having to use the slowdowns
entailed by generically disabling speculative execution in the kernel if
you have a high-performance situation that is sufficiently isolated, vs.
using the patches and taking the performance hit if you cannot ensure
that no other process on the machine will ever attempt to abuse the
effects of Spectre.
More details can be learned from this blog post:
https://www.qemu.org/2018/01/04/spectre/
And yes, there are still patches and updates coming down the pipeline
(the embargo was lifted at a point when not all patches were fully
baked), so if you are planning mass upgrades, be sure you factor in the
availability of patches into your timeline.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180105/6585a8be/attachment-0001.sig>
More information about the libvir-list
mailing list