On Tue, Nov 17, 2020 at 07:12:07PM +0100, Alexandre Chartre wrote: > Yes. L1TF/MDS allow some inter cpu-thread attacks which are not mitigated at > the moment. In particular, this allows a guest VM to attack another guest VM > or the host kernel running on a sibling cpu-thread. Core Scheduling will > mitigate the guest-to-guest attack but not the guest-to-host attack.
I see in vmx_vcpu_enter_exit(): /* L1D Flush includes CPU buffer clear to mitigate MDS */ if (static_branch_unlikely(&vmx_l1d_should_flush)) vmx_l1d_flush(vcpu); else if (static_branch_unlikely(&mds_user_clear)) mds_clear_cpu_buffers(); Is that not enough? -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette