On 11/1/2022 12:20 pm, Like Xu wrote:
And is there any possibility of a malicious user/guest using features to cause
problems in the host? I.e. does KVM need to enforce that the guest can't enable
any unsupported features?
If a user space is set up with features not supported by KVM, it owns the risk
itself.
I seem to have misunderstood it. KVM should prevent and stop any malicious guest
from destroying other parts on the host, is this the right direction ?
AFAI, the guest Intel PT introduces a great attack interface for the host and
we only use the guest supported PT features in a highly trusted environment.
I agree that more uncertainty and fixes can be triggered in the security motive,
not expecting too much from this patch. :D
