On Sun, 29 Dec 2019, trueriver wrote: > > HT is turned off intentionally for security purposes. Some of the > Intel CPU vulnerabilities demonstrated within the recent years depend on > the side channels within the resources shared by the threads of the same > physical core. Thus it's advisable to not enable it > > Thanks for that explanation - yes that's sensible. > > With the option set to allow HT, I'm now wondering if there is a Xen > setting to force Xen to allocate both virtual cores in the same physical > core together?
I don't know but I wouldn't expect one to appear in an old xen. Given R4.0 is 4.8 so if such feature is there, most likely that's not available until some future Qubes version. > That would mean you'd always get an even number of virtual cores, they > would always be "core buddies", and this it's only that VMs own code > that can attempt those exploits. That would give almost the same level > of security but allow the extra performance. > > Or am I missing some nasty potential exploit? -- i. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.1912291947290.10565%40whs-18.cs.helsinki.fi.
