Impact of the Intel hyper-threading bug [Skylake & Kaby Lake]?
93 views
Skip to first unread message
private user82
Jul 25, 2017, 8:18:21 PM7/25/17
to qubes...@googlegroups.com
I am concerned about the recent bug affecting Skylake and Kaby Lake gen Intel processors - https://lists.debian.org/debian-devel/2017/06/msg00308.html
As BIOS updates aren't yet available from many mobo manufacturers, how can we Qubes users best defend ourselves against an exploit? In this post I am hoping to reach out to someone who may be able to comment on how we can best configure our platforms until a fix is available.
Following the advice in the linked Debian advisory, I have disabled hyper-threading in the BIOS settings. My questions are as follows:
1) When I check /proc/cpuinfo in dom0, 'ht' remains listed as a flag (capability). Running $ lscpu in dom0 indicates that 'Threads per core: 1' so I assume the BIOS has in fact disabled hyper-threading. Is this correct, or should the flag also disappear when functionality is disabled in BIOS settings?
2) Is it safe to run multiple VCPUs (up to the number of physical cores) for each Guest VM. Or, in light of this bug, should we only be using a single VCPU for each guest?
Many thanks in advance.
As BIOS updates aren't yet available from many mobo manufacturers, how can we Qubes users best defend ourselves against an exploit? In this post I am hoping to reach out to someone who may be able to comment on how we can best configure our platforms until a fix is available.
Following the advice in the linked Debian advisory, I have disabled hyper-threading in the BIOS settings. My questions are as follows:
1) When I check /proc/cpuinfo in dom0, 'ht' remains listed as a flag (capability). Running $ lscpu in dom0 indicates that 'Threads per core: 1' so I assume the BIOS has in fact disabled hyper-threading. Is this correct, or should the flag also disappear when functionality is disabled in BIOS settings?
2) Is it safe to run multiple VCPUs (up to the number of physical cores) for each Guest VM. Or, in light of this bug, should we only be using a single VCPU for each guest?
Many thanks in advance.
Unman
Jul 26, 2017, 10:21:40 AM7/26/17
to private user82, qubes...@googlegroups.com
VMWare counsel against its use when provisioning vcpus.
In general there's no advantage in assigning more than physical cores to any VM.
On the specifics, I *think* that cpuinfo reports capabilities even if
they have been diabled, so that isnt an issue.
I dont see any issue in assigning multiple vcpus up to the number of
physical cores. I dont think that bug is relevant to the decision.
donoban
Jul 26, 2017, 10:52:01 AM7/26/17
to qubes...@googlegroups.com
On 07/25/2017 04:14 PM, private user82 wrote:> I am concerned about the
https://packages.debian.org/search?keywords=intel-microcode
I don't how to upgrade it with Qubes/Xen. Probably it needs installing
some fedora package on dom0.
recent bug affecting Skylake and Kaby Lake gen Intel processors -
https://lists.debian.org/debian-devel/2017/06/msg00308.html
>
> As BIOS updates aren't yet available from many mobo manufacturers, how
can we Qubes users best defend ourselves against an exploit? In this
post I am hoping to reach out to someone who may be able to comment on
how we can best configure our platforms until a fix is available.
>
If I am not wrong this problem should be fixed upgrading intel-microcode:
https://lists.debian.org/debian-devel/2017/06/msg00308.html
>
> As BIOS updates aren't yet available from many mobo manufacturers, how
can we Qubes users best defend ourselves against an exploit? In this
post I am hoping to reach out to someone who may be able to comment on
how we can best configure our platforms until a fix is available.
>
https://packages.debian.org/search?keywords=intel-microcode
I don't how to upgrade it with Qubes/Xen. Probably it needs installing
some fedora package on dom0.
private user82
Jul 31, 2017, 7:54:32 AM7/31/17
to Unman, qubes...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages