Re: [PATCH 1/1] kvm/speculation: Allow KVM guests to use SSBD even if host does not

26 Jun 2019


      On 26/06/19 14:41, Thomas Gleixner wrote:
...
...
I think it's better to leave the guest in control of SSBD even if it's
globally disabled.  The harm cannot escape the guest and in particular
it cannot escape to the sibling hyperthread.
SSB allows guest to guest attacks IIRC
SSB requires something like
p = &foo;
   ...
   p = &bar;
   q = *p;
where "p = &foo;" is executed from one privilege domain and the others
are executed by another process or privilege domain.  Unless two guests
share memory, it is not possible to use it for guest-to-guest attacks.
Paolo

2025

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH 1/1] kvm/speculation: Allow KVM guests to use SSBD even if host does not