On 7/13/22 19:25, Daniel P. Berrangé wrote: > On Mon, Jun 27, 2022 at 12:44:40PM +0200, Michal Privoznik wrote: >> Despite all mitigations, side channel attacks when two processes >> run at two Hyper Threads of the same core are still possible. >> Fortunately, the Linux kernel came up with a solution: userspace >> can create so called trusted groups, which are sets of processes >> and only processes of the same group can run on sibling Hyper >> Threads. Of course, two processes of different groups can run on >> different cores, because there's no known side channel attack. >> It's only Hyper Threads that are affected. > > The next patch deals with helper processes too. I guess the > difference in this patch is that it deals with helper processes > spawned /after/ QEMU, so they can inherit scheduling group at > startup easily, while the next patch has to apply the group > later in startup ? Correct. Michal
