KVM Virtualization Adds Protections For Spectre-V1/L1TF Combination Attack
![VIRTUALIZATION](/assets/categories/virtualization.webp)
The new concern for virtualization is that Spectre V1 and L1TF (Level One Terminal Fault) could be combined to more easily collect leaked information. Xen recently issued XSA-289 as "cache-load gadgets exploitable with L1TF." While now the KVM code has been updated to protect against this combination attack.
This attack isn't fully mitigated by the work around core scheduling so fresh work was needed to better protect the KVM x86/x86_64 code. Red Hat's Paolo Bonzini described this latest mitigation effort as "an even bigger whack-a-mole game than SpectreV1."
With the KVM updates for Linux 5.6 is now this Spectre V1 + L1TF combo protection as well as various clean-ups and continued reworking/rewriting of the KVM kernel code itself.
4 Comments