Re: [PATCH 1/1] kvm/speculation: Allow KVM guests to use SSBD even if host does not

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 26 Jun 2019, Paolo Bonzini wrote:
> On 25/06/19 20:22, Thomas Gleixner wrote:
> >> I think that even with that approach there is still an unsolved problem, as I
> >> believe guests are allowed to write directly to SPEC_CTRL MSR without causing
> >> a VMEXIT, which bypasses the host masking entirely.  e.g. a guest using IBRS
> >> writes frequently to SPEC_CTRL, and could turn off SSBD on the VPCU while is
> >> running after the first non-zero write to the MSR. Do you agree?
> > Indeed. Of course that was a decision we made _before_ all the other fancy
> > things came around. Looks like we have to reopen that discussion.
> 
> It's not just that, it's a decision that was made because otherwise
> performance is absolutely horrible (like 4-5x slower syscalls if the
> guest is using IBRS).
> 
> I think it's better to leave the guest in control of SSBD even if it's
> globally disabled.  The harm cannot escape the guest and in particular
> it cannot escape to the sibling hyperthread.

SSB allows guest to guest attacks IIRC

Thanks,

	tglx

[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux