Explore the challenges and solutions surrounding cache coherency in confidential virtual machines during this Linux Plumbers Conference talk. Delve into the limitations of AMD's SME_COHERENT feature and its impact on cache coherence between CPUs and devices. Examine the security implications, including CVE-2022-0171, and the performance issues arising from current mitigation strategies. Investigate potential solutions, such as using VMPAGE_FLUSH MSR instead of wbinvd and leveraging mmu_notifiers to conditionally flush caches. Gain insights into the complexities of managing cache coherency in confidential computing environments and the ongoing efforts to balance security and performance in virtualized systems.
Overview
Syllabus
Taming the Incoherent Cache Issue in Confidential VMs - Mingwei Zhang
Taught by
Linux Plumbers Conference
Related Courses
-
Supporting Live Migration of Confidential VMs in KVM
-
Remote Attestation in AMD SEV-SNP Confidential VMs
-
OpenHCL: A Linux-Based Paravisor for Confidential VMs
-
Fast and Secure: DPDK Meets Confidential Computing
-
Hiding Attestation with Linux Keyring in Confidential Virtual Machines
-
Core Slicing - Closing the Gap Between Leaky Confidential VMs and Bare-Metal Cloud
