From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-3105-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1PGVrD-00081G-9o
	for garchives@archives.gentoo.org; Thu, 11 Nov 2010 12:02:33 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 78DB6E085A
	for <garchives@archives.gentoo.org>; Thu, 11 Nov 2010 12:02:22 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id A1014E0683
	for <gentoo-hardened@lists.gentoo.org>; Thu, 11 Nov 2010 11:57:05 +0000 (UTC)
Received: from [192.168.3.7] (cpe-74-77-194-18.buffalo.res.rr.com [74.77.194.18])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 0EED61B4027
	for <gentoo-hardened@lists.gentoo.org>; Thu, 11 Nov 2010 11:57:04 +0000 (UTC)
Message-ID: <4CDBDA0E.5090402@gentoo.org>
Date: Thu, 11 Nov 2010 06:57:02 -0500
From: "Anthony G. Basile" <blueness@gentoo.org>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101110 Lightning/1.0b3pre Lanikai/3.1.6
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] kvm on hardened (findings)
References: <4CDAE9C6.2060306@mthode.org>
In-Reply-To: <4CDAE9C6.2060306@mthode.org>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: c8eb4c54-1561-4082-b5f0-88b0c3e71dff
X-Archives-Hash: b870428323d96018a269ca07488ea738

On 11/10/2010 01:51 PM, Matthew Thode wrote:
> Disable kernexec and uderef on host for both AMD and Intel.
> You can enable kernexec and uderef on AMD guests.
> You can enable kernexec but not uderef on Intel guests.
> 
> The intel processors tested were the core2duo, i3 and i7.
> 
> -- prometheanfire
> 

Thanks for that info, it should go into the documentation I'm writing on
hardened+virt.  I only tested the amd guests and assumed it was the same
for intel.

-- 
Anthony G. Basile, Ph.D.
Gentoo Developer