VirtualBox

Opened 5 years ago

Last modified 3 years ago

#18477 reopened defect

Request for VBox to pass through Speculative Store Bypass (SSB) mitigations to guest => duplicate of #17987

Reported by: Thomas Stephen Lee Owned by:
Component: other Version: VirtualBox 6.0.4
Keywords: Speculative Store Bypass Cc:
Guest type: Linux Host type: Linux

Description

Hi,

Using Host VirtualBox 6.0.4 on CentOS 7.6.

Guest also CentOS 7.6

On the Host

$ grep . /sys/devices/system/cpu/vulnerabilities/*

gives

/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp

but inside the Virtual Machine Guest

$ grep . /sys/devices/system/cpu/vulnerabilities/*

gives

/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable

Kindly check.

Change History (7)

comment:1 by Thomas Stephen Lee, 5 years ago

Using Host VirtualBox 6.0.4 on Fedora 29.

Guest RHEL 8 Beta.

inside guest

$ grep . /sys/devices/system/cpu/vulnerabilities/*

gives

/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable

Kindly check.

comment:2 by aeichner, 4 years ago

Resolution: fixed
Status: newclosed

Passing through CPU Spectre mitigations should be supported in recent VirtualBox releases, closing.

comment:3 by Vasya Pupkin, 3 years ago

This is not fixed. Most Spectre mitigations are indeed supported but not Speculative Store Bypass:

Host (executed before starting VM):

$ vboxmanage modifyvm Ubuntu --spec-ctrl on

Guest:

$ lscpu | grep 'Spec store bypass'
Vulnerability Spec store bypass: Vulnerable

Host:

$ lscpu | grep 'Spec store bypass'
Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp

For this vulnerability CPU flag ssbd must be exposed, but it's not the case with VirtualBox:

$ lscpu | grep -w -o -c ssbd
0

Host:

$ lscpu | grep -w -o -c ssbd
1

comment:4 by Vasya Pupkin, 3 years ago

Resolution: fixed
Status: closedreopened

The above is tested on VirtualBox 6.1.10:

$ apt list --installed virtualbox
Listing... Done
virtualbox/focal-updates,now 6.1.10-dfsg-1~ubuntu1.20.04.1 amd64 [installed]

According to https://www.virtualbox.org/wiki/Changelog there were no related changes in later releases.

comment:5 by paulson, 3 years ago

Resolution: duplicate
Status: reopenedclosed
Summary: Virtual Machine Vulnerable while Host not VulnerableRequest for VBox to pass through Speculative Store Bypass (SSB) mitigations to guest => duplicate of #17987

The mitigation for the Spectre/Meltdown issues documented in CVE-2017-5715 can be passed through to VirtualBox guests using:

VBoxManage modifyvm <VM name> --spec-ctrl on

This is documented in the VirtualBox manual:

https://www.virtualbox.org/manual/ch08.html

--spec-ctrl on|off: Enables and disables the exposure of speculation

control interfaces to the guest, provided they are available on the host. Depending on the host CPU and workload, enabling speculation control may significantly reduce performance.

and is available in VirtualBox 5.2.32 and later, 6.0.0 and later, and 6.1.0 and later.

The changes required for passing through the Speculative Store Bypass (SSB) (CVE-2018-3639) mitigations to VirtualBox guests have not been implemented yet. Closing this as a duplicate of ticket #17987 which was filed before this one.

comment:6 by Vasya Pupkin, 3 years ago

Resolution: duplicate
Status: closedreopened

@paulson, please pay attention. I confirmed here that with latest VirtualBox release and --spec-ctrl on virtual machines are STILL VULNERABLE to Speculative Store Bypass vulnerability. Reopening until some sane review is received.

Last edited 3 years ago by Vasya Pupkin (previous) (diff)

comment:7 by Vasya Pupkin, 3 years ago

I apologize, didn't read the last part of your reply. Ticket #17987 is about Spectre vulnerability, which is now mitigated properly in VirtualBox, so #17987 should actually be closed. This ticket is a feature request to add Speculative Store Bypass mitigation support and should remain open until it is implemented. Thank you.

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use