[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 2/2] qemu-cpu-models.rst: Document -noTSX, mds-no, taa-no,
From: |
Paolo Bonzini |
Subject: |
Re: [PATCH v3 2/2] qemu-cpu-models.rst: Document -noTSX, mds-no, taa-no, and tsx-ctrl |
Date: |
Thu, 20 Feb 2020 15:52:48 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 |
Two small changes...
On 20/02/20 15:20, Kashyap Chamarthy wrote:
> + Recommended to inform the guest that it can disable the Intel TSX
> + (Transactional Synchronization Extensions) feature; or, if the
> + processor is vulnerable, use the Intel VERW instruction (a
> + processor-level instruction that performs checks on memory access) as
> + a mitigation for the TAA vulnerability. (For details, refer to this
> + `Intel's deep-dive into
> + MDS
> <https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling>`_.)
... refer to Intel's `deep dive into MDS <...>`_.
(I don't know what the trailing underscore is for. I reaffirm my
definition of rST as the Perl of markup formats).
> +
> + Expose this to the guest OS if and only if: (a) the host has TSX
> + enabled; *and* (b) the guest has ``rtm`` CPU flag enabled.
> +
> + By disabling TSX, KVM-based guests can avoid paying the price of
> + mitigting TSX-based attacks.
"mitigating"
Paolo
- [PATCH v3 2/2] qemu-cpu-models.rst: Document -noTSX, mds-no, taa-no, and tsx-ctrl, (continued)
[PATCH v3 2/2] qemu-cpu-models.rst: Document -noTSX, mds-no, taa-no, and tsx-ctrl, Kashyap Chamarthy, 2020/02/20