The "special register buffer data sampling" hardware vulnerability
The "special register buffer data sampling" hardware vulnerability
Posted Jun 10, 2020 20:12 UTC (Wed) by mjg59 (subscriber, #23239)In reply to: The "special register buffer data sampling" hardware vulnerability by mjg59
Parent article: The "special register buffer data sampling" hardware vulnerability
I spent a while wondering *why* there's a flag to do this on these specific instructions and the best answer I found was to allow the host to provide the same random numbers to multiple guests in order to allow "best out of three" type validation without having to rewrite code that uses rdrand. Which doesn't seem like a great answer tbf (why not just use a paravirt rng?), but it worked out fortunately for this case.
Posted Jun 10, 2020 20:32 UTC (Wed)
by pbonzini (subscriber, #60935)
[Link]
In this case it turned out to be a happy accident that the code to mitigate SRBDS from KVM was already implemented, which certainly was a relieve for me compared to ITLB multihit last fall...
The "special register buffer data sampling" hardware vulnerability
Yes, making the execution deterministic is a good reason to let the hypervisor block the TRNG.