[libvirt-users] Intel's latest L1TF vulnerability and libvirt
by Paul O'Rorke
Hi,
with regards Intels L1TF vulnerabilities, it seems they are somewhat
non-committal on whether turning off HyperThreading is required,
suggesting people
> Consult with your hypervisor vendor for more guidance.
https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf....
What is the consensus in the Libvirt community about the risks (or not)
of leaving Hyperthreading enabled? After updates my hosts are showing
they have conditional cache flushing enabled yet still report as "SMT
vulnerable":
root@trk-kvm-03:~# cat /sys/devices/system/cpu/vulnerabilities/l1tf
Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
Thoughts?
--
*Paul O'Rorke*
*Tracker Software Products (Canada) Limited *
www.tracker-software.com <http://www.tracker-software.com/>
Tel: +1 (250) 324 1621
Fax: +1 (250) 324 1623
<http://www.tracker-software.com/>
Support:
http://www.tracker-software.com/support
Download latest Releases
http://www.tracker-software.com/downloads/
6 years
- 2
- 1
[libvirt-users] So Close - Port forwarding in user mode.
by Rhys Ferris
People of the interwebs please help me! I am so close, but can't quite get it. I think due to my limited understanding of iptables.
Here's what’s up: I'm trying to port forward from my host to a VM on usermode NAT with libvirt. Using the hook script provided on the wiki, it doesn't work (connection refused) but it if give the command "sudo iptables -t nat -D POSTROUTING -j MASQUERADE" the port forwarding works, but name resolution on my host breaks. I think maybe I need to be more specific in the Masquerade command, but I have no idea what to do.
Here’s my iptables (without the above command): https://pastebin.com/J2vdKkLU
The source interface is eno1 with an IP of 172.16.99.170 and the destination is virbr1 with a VM IP of 10.128.10.100
Thanks in advance!
Rhys
Sent from Mail for Windows 10
6 years
- 1
- 0