On 26/06/19 14:41, Thomas Gleixner wrote: >> I think it's better to leave the guest in control of SSBD even if it's >> globally disabled. The harm cannot escape the guest and in particular >> it cannot escape to the sibling hyperthread. > > SSB allows guest to guest attacks IIRC SSB requires something like p = &foo; ... p = &bar; q = *p; where "p = &foo;" is executed from one privilege domain and the others are executed by another process or privilege domain. Unless two guests share memory, it is not possible to use it for guest-to-guest attacks. Paolo
