1 comment

[ 2.2 ms ] story [ 14.0 ms ] thread
One interesting semi related news item, there's a submission for 6.11 kernel to turn Spectre branch-history-injection mitigation on only for VMs, leaving it off for the host. https://www.phoronix.com/news/Linux-Spectre-BHI-VMEXIT

I'm low key excited to see some new security postures evolve, beyond the fairly maximalist stance we've been running with. If there's no one else on the host - like if everyone's isolated to vm's - maybe don't keep all the costly mitigations going on it!