Announcement

Collapse
No announcement yet.

Google Posts New ASI Patches For KVM To Help Fight Off Speculative Execution Attacks

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Google Posts New ASI Patches For KVM To Help Fight Off Speculative Execution Attacks

    Phoronix: Google Posts New ASI Patches For KVM To Help Fight Off Speculative Execution Attacks

    Google engineers have posted a big patch series for Linux as they work on a new Address Space Isolation implementation for KVM to help mitigate various types of speculative execution attacks...

    Google Posts New ASI Patches For KVM To Help Fight Off Speculative Execution Attacks - Phoronix
    https://www.phoronix.com/scan.php?page=news_item&px=Google-New-ASI-KVM-2022
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    for those wondering, stunning=forced idling

    in this case for sibling hyperthrreads after coming out of the VM (I think?)

    Comment

    • #3
      Originally posted by Developer12 View Post
      for those wondering, stunning=forced idling

      in this case for sibling hyperthrreads after coming out of the VM (I think?)
      Thanks... I was wondering. So then basically this has the same effect as disabling speculation for the sibling (by halting the sibling), during the vulnerable page table access window. That's a lot cheaper than flushing the cache.

      I searched pretty extensively and couldn't find any references. If you have any references, I'd like to read about it in more detail! :-)

      Comment

      • #4
        Originally posted by linuxgeex View Post

        Thanks... I was wondering. So then basically this has the same effect as disabling speculation for the sibling (by halting the sibling), during the vulnerable page table access window. That's a lot cheaper than flushing the cache.

        I searched pretty extensively and couldn't find any references. If you have any references, I'd like to read about it in more detail! :-)
        It popped up in communication about the patches themselves. I didn't make a note of the messages though.
        • Likes 1

        Comment

        Previous template Next
        Working...
        X