Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

KVM Virtualization Adds Protections For Spectre-V1/L1TF Combination Attack

Written by Michael Larabel in Virtualization on 31 January 2020 at 07:05 AM EST. 4 Comments

VIRTUALIZATION

Following the Xen hypervisor in mitigating against a possible Spectre Variant One and L1 Terminal Fault combination attack, the Kernel-based Virtual Machine (KVM) has added its own protections with the Linux 5.6 kernel on top of all the other mitigations they've had to endure as a result of CPU vulnerabilities over the past two years.

The new concern for virtualization is that Spectre V1 and L1TF (Level One Terminal Fault) could be combined to more easily collect leaked information. Xen recently issued XSA-289 as "cache-load gadgets exploitable with L1TF." While now the KVM code has been updated to protect against this combination attack.

This attack isn't fully mitigated by the work around core scheduling so fresh work was needed to better protect the KVM x86/x86_64 code. Red Hat's Paolo Bonzini described this latest mitigation effort as "an even bigger whack-a-mole game than SpectreV1."

With the KVM updates for Linux 5.6 is now this Spectre V1 + L1TF combo protection as well as various clean-ups and continued reworking/rewriting of the KVM kernel code itself.

4 Comments

Related News

QEMU 9.2 Released With VirtIO GPU Vulkan Support, AVX10 & Experimental Rust Support

Rust Hypervisor Firmware v0.5 Supports For More CPUs & Improves EFI Support

Linux 6.13 KVM Eliminates An "Awful Idea", Many x86_64 Improvements

Virtual CPUFreq Driver Coming With Linux 6.13 For Better Power/Performance Within VMs

IBM Power11 CPUs Launching In 2025 - Linux 6.13 Preps KVM Nested Guests For Power11

DXVK 2.5 Brings Memory Management Rewrite & Other Improvements

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts

Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels

Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd

COSMIC Alpha 4 Released For System76's Rust-Based Desktop

Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal

How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs

GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd

KDE Starts December By Landing A Number Of New Features