Announcement

Collapse
No announcement yet.

Google Posts New ASI Patches For KVM To Help Fight Off Speculative Execution Attacks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Google Posts New ASI Patches For KVM To Help Fight Off Speculative Execution Attacks

    Phoronix: Google Posts New ASI Patches For KVM To Help Fight Off Speculative Execution Attacks

    Google engineers have posted a big patch series for Linux as they work on a new Address Space Isolation implementation for KVM to help mitigate various types of speculative execution attacks...

    https://www.phoronix.com/scan.php?pa...w-ASI-KVM-2022

  • #2
    for those wondering, stunning=forced idling

    in this case for sibling hyperthrreads after coming out of the VM (I think?)

    Comment


    • #3
      Originally posted by Developer12 View Post
      for those wondering, stunning=forced idling

      in this case for sibling hyperthrreads after coming out of the VM (I think?)
      Thanks... I was wondering. So then basically this has the same effect as disabling speculation for the sibling (by halting the sibling), during the vulnerable page table access window. That's a lot cheaper than flushing the cache.

      I searched pretty extensively and couldn't find any references. If you have any references, I'd like to read about it in more detail! :-)

      Comment


      • #4
        Originally posted by linuxgeex View Post

        Thanks... I was wondering. So then basically this has the same effect as disabling speculation for the sibling (by halting the sibling), during the vulnerable page table access window. That's a lot cheaper than flushing the cache.

        I searched pretty extensively and couldn't find any references. If you have any references, I'd like to read about it in more detail! :-)
        It popped up in communication about the patches themselves. I didn't make a note of the messages though.

        Comment

        Working...
        X