| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <39F1D5C9-BD42-4E9F-BE56-2473B4713B82@oracle.com>
Date: Thu, 16 May 2019 10:54:43 +0300
From: Liran Alon <liran.alon@...cle.com>
To: "wencongyang (A)" <wencongyang2@...wei.com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
Huangzhichao <huangzhichao@...wei.com>,
guijianfeng <guijianfeng@...wei.com>,
gaowanlong <gaowanlong@...wei.com>,
"Chentao (Boby)" <boby.chen@...wei.com>,
"Liujinsong (Paul)" <liu.jinsong@...wei.com>
Subject: Re: Question about MDS mitigation
Indeed those CPU resources are shared between sibling hyperthreads on same CPU core.
There is currently no mechanism merged upstream to completely mitigate SMT-enabled scenarios.
Note that this is also true for L1TF.
There are several proposal to address this but they are still in early research mode.
For example, see this KVM address space isolation patch series developed by myself and Alexandre:
https://lkml.org/lkml/2019/5/13/515
(Which should be integrated with a mechanism which kick sibling hyperthreads when switching from KVM isolated address space to full kernel address space)
This partially mimics Microsoft work regarding HyperClear which you can read more about it here:
https://techcommunity.microsoft.com/t5/Virtualization/Hyper-V-HyperClear-Mitigation-for-L1-Terminal-Fault/ba-p/382429
-Liran
> On 16 May 2019, at 5:42, wencongyang (A) <wencongyang2@...wei.com> wrote:
>
> Hi all
>
> Fill buffers, load ports are shared between threads on the same physical core.
> We need to run more than one vm on the same physical core.
> Is there any complete mitigation for environments utilizing SMT?
>
Powered by blists - more mailing lists