http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table
It seems as if Linux countermeasures will involve a significant rewrite aka. FUCKWIT.
Is this perhaps why there is no final 4.0 release?
There is a Xen fix available here, at least to the Meltdown manifestation to the chip-makers SNAFU:
https://xenbits.xen.org/xsa/advisory-254.html
This I assume will be in the 4.0 release version of Qubes.
The best explanation of the field that I can find is here: https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
Oder?
Or at least the Meltdown (= SP3?) parts thereof. Against Spectre there is no known defence, which generally seems to break VM isolation against an attack.
I guess the good news is that this debacle is going to force hardware designers and OS developers (including Qubes) to work together on minimising the chances chip-level bugs like this.
Also Intel, AMD, ARM & Co. will be 'motivated' to pay attention to hardware virtualisation security issues.
My impression is that 3.2 isn't being patched pending 4.0, but I could be wrong there.
Redhat has now posted speculative execution mitigation patches. I've no idea to what extent they fix all possible Spectre-like side-channel attacks.
Some news from rootkovska via Twatter:
Re the #Meltdown/#Spectre attacks:
1. Practical impact on Qubes is unclear to us ATM,
2. No advanced info has been shared with us on Xen predisclosure list, so we've had no time to evaluate yet,
3. Xen published XSA 254 unexpectedly last night,
4. Xen offers no patches ATM...