Δημοσιεύτηκε: 06 Μάιος 2015, 18:26
Από εδώ:
Συζήτηση στην mailing list του kernel σχετικά με το μήνυμα και τη διατύπωση:
Από δω και πέρα, διαβάζεις και αποφασίζεις αν θες να το κάνεις ή να το αφήσεις όπως είναι.
έγραψε:There's some interesting discussion of it on the linux kernel list, referring to this paper. In short, a guest OS which has access to some hardware could raise interrupts on the host OS and cause the code that handles those interrupts to run. At best (from the defense's standpoint) this could cause strange behavior or crashes as the software tries to handle hardware events that aren't happening. At worst it might exercise a vulnerability and lead to a host compromise (people don't tend to write drivers assuming that the hardware lies to them). It's somewhat of a corner case and lots of things need to go wrong to make it a problem, but there's a warning for it anyway.
If you're not running VMs on the server, don't worry about it. If you are, well, you may want to look into hardware with a newer (smarter) BIOS
Συζήτηση στην mailing list του kernel σχετικά με το μήνυμα και τη διατύπωση:
έγραψε:With this patch applied, the output is:
Your BIOS is broken and requested that x2apic be disabled.
This will slightly decrease performance.
Use 'intremap=no_x2apic_optout' to override BIOS request.
Enabled IRQ remapping in xapic mode
x2apic not enabled, IRQ remapping is in xapic mode
This should make us as or more secure than we are now and replace
a rather scary warning with a much less scary warning on silly
but functional systems.
Από δω και πέρα, διαβάζεις και αποφασίζεις αν θες να το κάνεις ή να το αφήσεις όπως είναι.