Re: [PATCH 0/2] KVM: arm/arm64: Add VCPU workarounds firmware register

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 07, 2019 at 12:05:35PM +0000, Andre Przywara wrote:
> Workarounds for Spectre variant 2 or 4 vulnerabilities require some help
> from the firmware, so KVM implements an interface to provide that for
> guests. When such a guest is migrated, we want to make sure we don't
> loose the protection the guest relies on.
> 
> This introduces two new firmware registers in KVM's GET/SET_ONE_REG
> interface, so userland can save the level of protection implemented by
> the hypervisor and used by the guest. Upon restoring these registers,
> we make sure we don't downgrade and reject any values that would mean
> weaker protection.

Just trolling here, but could we treat these as immutable, like the ID
registers?  

We don't support migration between nodes that are "too different" in any
case, so I wonder if adding complex logic to compare vulnerabilities and
workarounds is liable to create more problems than it solves...

Do we know of anyone who explicitly needs this flexibility yet?

[...]

Cheers
---Dave



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux