Two small changes... On 20/02/20 15:20, Kashyap Chamarthy wrote: > + Recommended to inform the guest that it can disable the Intel TSX > + (Transactional Synchronization Extensions) feature; or, if the > + processor is vulnerable, use the Intel VERW instruction (a > + processor-level instruction that performs checks on memory access) as > + a mitigation for the TAA vulnerability. (For details, refer to this > + `Intel's deep-dive into > + MDS > <https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling>`_.)
... refer to Intel's `deep dive into MDS <...>`_. (I don't know what the trailing underscore is for. I reaffirm my definition of rST as the Perl of markup formats). > + > + Expose this to the guest OS if and only if: (a) the host has TSX > + enabled; *and* (b) the guest has ``rtm`` CPU flag enabled. > + > + By disabling TSX, KVM-based guests can avoid paying the price of > + mitigting TSX-based attacks. "mitigating" Paolo
