Ubuntu
qemu package

Comment 19 for bug 1828495

Revision history for this message

Rafael David Tinoco (rafaeldtinoco) wrote on 2019-06-21:

#19

TL;DR:

HOST MITIGATION FEATURES REPORT:
https://bugs.launchpad.net/intel/+bug/1828495/comments/15

OLD QEMU GUEST MIT FEATURES REPORT:
https://bugs.launchpad.net/intel/+bug/1828495/comments/16

NEW QEMU GUEST MIT FEATURES REPORT:
https://bugs.launchpad.net/intel/+bug/1828495/comments/17

MIT FEATURES REPORT DELTA FROM OLD TO NEW:
https://bugs.launchpad.net/intel/+bug/1828495/comments/18

Meaning we basically have enabled INSIDE the GUEST:

* Hardware support (CPU microcode) for mitigation techniques

  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability: YES
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: YES
  * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES
  * CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO

and

* CPU vulnerability to the speculative execution attack variants

  * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
  * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
  * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO

Ubuntuqemu package

Comment 19 for bug 1828495

Ubuntu
qemu package