
On 7/13/22 19:25, Daniel P. Berrangé wrote:
On Mon, Jun 27, 2022 at 12:44:40PM +0200, Michal Privoznik wrote:
Despite all mitigations, side channel attacks when two processes run at two Hyper Threads of the same core are still possible. Fortunately, the Linux kernel came up with a solution: userspace can create so called trusted groups, which are sets of processes and only processes of the same group can run on sibling Hyper Threads. Of course, two processes of different groups can run on different cores, because there's no known side channel attack. It's only Hyper Threads that are affected.
The next patch deals with helper processes too. I guess the difference in this patch is that it deals with helper processes spawned /after/ QEMU, so they can inherit scheduling group at startup easily, while the next patch has to apply the group later in startup ?
Correct. Michal