VirtualBox

Ticket #18477 (reopened defect)

Opened 2 years ago

Last modified 3 months ago

Request for VBox to pass through Speculative Store Bypass (SSB) mitigations to guest => duplicate of #17987

Reported by: LeeTS Owned by:
Component: other Version: VirtualBox 6.0.4
Keywords: Speculative Store Bypass Cc:
Guest type: Linux Host type: Linux

Description

Hi,

Using Host VirtualBox 6.0.4 on CentOS 7.6.

Guest also CentOS 7.6

On the Host

$ grep . /sys/devices/system/cpu/vulnerabilities/*

gives

/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp

but inside the Virtual Machine Guest

$ grep . /sys/devices/system/cpu/vulnerabilities/*

gives

/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable

Kindly check.

Change History

comment:1 Changed 2 years ago by LeeTS

Using Host VirtualBox 6.0.4 on Fedora 29.

Guest RHEL 8 Beta.

inside guest

$ grep . /sys/devices/system/cpu/vulnerabilities/*

gives

/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable

Kindly check.

comment:2 Changed 14 months ago by aeichner

  • Status changed from new to closed
  • Resolution set to fixed

Passing through CPU Spectre mitigations should be supported in recent VirtualBox releases, closing.

comment:3 Changed 4 months ago by Vasya Pupkin

This is not fixed. Most Spectre mitigations are indeed supported but not Speculative Store Bypass:

Host (executed before starting VM):

$ vboxmanage modifyvm Ubuntu --spec-ctrl on

Guest:

$ lscpu | grep 'Spec store bypass'
Vulnerability Spec store bypass: Vulnerable

Host:

$ lscpu | grep 'Spec store bypass'
Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp

For this vulnerability CPU flag ssbd must be exposed, but it's not the case with VirtualBox:

$ lscpu | grep -w -o -c ssbd
0

Host:

$ lscpu | grep -w -o -c ssbd
1

comment:4 Changed 4 months ago by Vasya Pupkin

  • Status changed from closed to reopened
  • Resolution fixed deleted

The above is tested on VirtualBox 6.1.10:

$ apt list --installed virtualbox
Listing... Done
virtualbox/focal-updates,now 6.1.10-dfsg-1~ubuntu1.20.04.1 amd64 [installed]

According to https://www.virtualbox.org/wiki/Changelog there were no related changes in later releases.

comment:5 Changed 4 months ago by paulson

  • Status changed from reopened to closed
  • Resolution set to duplicate
  • Summary changed from Virtual Machine Vulnerable while Host not Vulnerable to Request for VBox to pass through Speculative Store Bypass (SSB) mitigations to guest => duplicate of #17987

The mitigation for the Spectre/Meltdown issues documented in CVE-2017-5715 can be passed through to VirtualBox guests using:

VBoxManage modifyvm <VM name> --spec-ctrl on

This is documented in the VirtualBox manual:

https://www.virtualbox.org/manual/ch08.html

--spec-ctrl on|off: Enables and disables the exposure of speculation

control interfaces to the guest, provided they are available on the host. Depending on the host CPU and workload, enabling speculation control may significantly reduce performance.

and is available in VirtualBox 5.2.32 and later, 6.0.0 and later, and 6.1.0 and later.

The changes required for passing through the Speculative Store Bypass (SSB) (CVE-2018-3639) mitigations to VirtualBox guests have not been implemented yet. Closing this as a duplicate of ticket #17987 which was filed before this one.

comment:6 Changed 3 months ago by Vasya Pupkin

  • Status changed from closed to reopened
  • Resolution duplicate deleted

@paulson, please pay attention. I confirmed here that with latest VirtualBox release and --spec-ctrl on virtual machines are STILL VULNERABLE to Speculative Store Bypass vulnerability. Reopening until some sane review is received.

Last edited 3 months ago by Vasya Pupkin (previous) (diff)

comment:7 Changed 3 months ago by Vasya Pupkin

I apologize, didn't read the last part of your reply. Ticket #17987 is about Spectre vulnerability, which is now mitigated properly in VirtualBox, so #17987 should actually be closed. This ticket is a feature request to add Speculative Store Bypass mitigation support and should remain open until it is implemented. Thank you.

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use