Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

KVM Virtualization Adds Protections For Spectre-V1/L1TF Combination Attack

Written by Michael Larabel in Virtualization on 31 January 2020 at 07:05 AM EST. 4 Comments

VIRTUALIZATION

Following the Xen hypervisor in mitigating against a possible Spectre Variant One and L1 Terminal Fault combination attack, the Kernel-based Virtual Machine (KVM) has added its own protections with the Linux 5.6 kernel on top of all the other mitigations they've had to endure as a result of CPU vulnerabilities over the past two years.

The new concern for virtualization is that Spectre V1 and L1TF (Level One Terminal Fault) could be combined to more easily collect leaked information. Xen recently issued XSA-289 as "cache-load gadgets exploitable with L1TF." While now the KVM code has been updated to protect against this combination attack.

This attack isn't fully mitigated by the work around core scheduling so fresh work was needed to better protect the KVM x86/x86_64 code. Red Hat's Paolo Bonzini described this latest mitigation effort as "an even bigger whack-a-mole game than SpectreV1."

With the KVM updates for Linux 5.6 is now this Spectre V1 + L1TF combo protection as well as various clean-ups and continued reworking/rewriting of the KVM kernel code itself.

4 Comments

Related News

CoCo VMs On Linux Will Now Panic If RdRand Is Broken To Avoid Catastrophic Conditions

More Efficient VirtIO DRM Driver To Import Scanout Buffers From Other Devices

KVM Virtualization With Linux 6.9 Brings More Optimizations For Intel & AMD

LXD 5.21 LTS Released With UI By Default, AMD SEV Memory Encryption For VMs

VirtualBox KVM Backend Adds Support For SR-IOV Graphics

PVM Virtualization Framework Proposed For Linux - Built Atop The KVM Hypervisor

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming

Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them

Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver

Fedora Linux 40 Cleared For Release Next Week

Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries

Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption

openSUSE Factory Achieves Bit-By-Bit Reproducible Builds

Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"