Re: [PATCH v2] KVM: x86/pt: Ignore all unknown Intel PT capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/1/2022 12:20 pm, Like Xu wrote:
And is there any possibility of a malicious user/guest using features to cause
problems in the host?  I.e. does KVM need to enforce that the guest can't enable
any unsupported features?

If a user space is set up with features not supported by KVM, it owns the risk itself.

I seem to have misunderstood it. KVM should prevent and stop any malicious guest
from destroying other parts on the host, is this the right direction ?


AFAI, the guest Intel PT introduces a great attack interface for the host and
we only use the guest supported PT features in a highly trusted environment.

I agree that more uncertainty and fixes can be triggered in the security motive,
not expecting too much from this patch. :D



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux