Inscreva-se no feed

In the last several weeks, many of you have likely heard about the new security threat that involves the ability to exploit common features of modern CPUs. These attacks, known as “Meltdown” and “Spectre” can impact both bare metal and virtual servers. Red Hat Virtualization has added the “IBRS Family” of CPUs to the supported Cluster CPU type as a means to help protect against the IPRS and IBPM attacks that would result in guest attacks.

NOTE: The first step towards protecting your Red Hat Virtualization environment is to update all components to the latest version. RHV and/or RHEL hosts should be updated, Red Hat Virtualization Manager should be updated, and all guests should be updated.

The feature outlined below is available starting in Red Hat Virtualization 4.1.9 with the use of Intel Nehalem and newer CPUs, when the appropriate microcode is applied to the host(s). After updating the environment and then the Red Hat Virtualization Cluster CPU type to use a IBRS CPU Type (Spectre Variant 2 protection), all VMs in that cluster need to be stopped & started.

In the screenshots below we see the information displayed for a VM, with the guest CPU highlighted. The Intel Broadwell (IBRS) family is indicated,

VM information

In this next screenshot, the hypervisor host kernel sysfs settings are highlighted, specifically regarding PTI (Meltdown), IBPB and IBRS (Spectre):

Host (hypervisor) kernel sysfs settings

In this last screenshot, the host CPU type is highlighted - an IBRS family model capable of protecting guests using this type against in-guest attacks:

Host CPU type

For more information on Meltdown and Spectre, please see this tutorial. For additional information on how to update Red Hat Virtualization to protect against Meltdown and Spectre, please see this knowledge base article.

Hope this helps,

Captain KVM


Sobre o autor

UI_Icon-Red_Hat-Close-A-Black-RGB

Navegue por canal

automation icon

Automação

Últimas novidades em automação de TI para empresas de tecnologia, equipes e ambientes

AI icon

Inteligência artificial

Descubra as atualizações nas plataformas que proporcionam aos clientes executar suas cargas de trabalho de IA em qualquer ambiente

open hybrid cloud icon

Nuvem híbrida aberta

Veja como construímos um futuro mais flexível com a nuvem híbrida

security icon

Segurança

Veja as últimas novidades sobre como reduzimos riscos em ambientes e tecnologias

edge icon

Edge computing

Saiba quais são as atualizações nas plataformas que simplificam as operações na borda

Infrastructure icon

Infraestrutura

Saiba o que há de mais recente na plataforma Linux empresarial líder mundial

application development icon

Aplicações

Conheça nossas soluções desenvolvidas para ajudar você a superar os desafios mais complexos de aplicações

Original series icon

Programas originais

Veja as histórias divertidas de criadores e líderes em tecnologia empresarial