Re: Guest IA32_SPEC_CTRL on AMD hosts without X86_FEATURE_V_SPEC_CTRL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Sep 3, 2022 at 8:30 PM Jim Mattson <jmattson@xxxxxxxxxx> wrote:
>
> On Sat, Sep 3, 2022 at 4:50 PM Josh Poimboeuf <jpoimboe@xxxxxxxxxx> wrote:
>
> > [*] Not 100% true - if STIBP gets disabled by the guest, there's a small
> >     window of opportunity where the SMT sibling can help force a
> >     retbleed attack on a RET between the MSR write and the vmrun.  But
> >     that's really unrealistic IMO.
>
> That was my concern. How big does that window have to be before a
> cross-thread attack becomes realistic, and how do we ensure that the
> window never gets that large?

Per https://developer.amd.com/wp-content/resources/111006-B_AMD64TechnologyIndirectBranchControlExtenstion_WP_7-18Update_FNL.pdf:

When this bit is set in processors that share branch prediction
information, indirect branch predictions from sibling threads cannot
influence the predictions of other sibling threads.

It does not say that upon clearing IA32_SPEC_CTRL.STIBP, that only
*future* branch prediction information will be shared.

If all existing branch prediction information is shared when
IA32_SPEC_CTRL.STIBP is clear, then there is no window.



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux