On Fri, 2020-05-15 at 17:34 +0530, Sreyan Chakravarty wrote:
> > On Thu, 14 May 2020 12:33:59 -0700
> > stan via users wrote:
> >
> > > These are meant to
> > > be silos, but this attack would allow someone on one virtual machine to
> > > capture data of another virtual machine running on the same core.
>
> This gives me a naive idea.
>
> Is there any way to force the VMs to run on an isolated core ? The VM
> and OS must not run on the same core, if this is enforced, then
> according to what you say there might be sufficient containment of the
> breach.
>
> Am I correct ? Or am I speaking nonsense ?
QEMU/KVM allows you to pin a VM to a specific set of cores by inserting
a block into the XML file. This is mine, using 4 threads (2 cores) on a
4-core, 8-thread, i7 (the numbers will vary according to your CPU
model):
<cputune>
<vcpupin vcpu='0' cpuset='2'/>
<vcpupin vcpu='1' cpuset='3'/>
<vcpupin vcpu='2' cpuset='6'/>
<vcpupin vcpu='3' cpuset='7'/>
</cputune>
I do this with my Windows VM for performance reasons. However I don't
think this is going to help with a speculative execution bug.
poc
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
