RETBleed attack warning

Discussions related to using VirtualBox on Linux hosts.
Post Reply
camvirt
Posts: 41
Joined: 25. Mar 2019, 01:14

RETBleed attack warning

Post by camvirt »

I am running Version 6.1.22_Debian r144080 on mx-linux and I am getting a warning on every start up guest, mx-linux, Debian. Can this warning be stopped ?
Attachments
virtualbox startup error.png
virtualbox startup error.png (11.02 KiB) Viewed 15163 times
AndyCot
Posts: 294
Joined: 29. Feb 2020, 03:04

Re: RETBleed attack warning

Post by AndyCot »

This is a mx-linux message, not a VirtualBox message. You need to check out the mx-linux forums to see if it can be stopped.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: RETBleed attack warning

Post by scottgus1 »

Try this command on the host terminal, while the VM is fully shut down, not save-stated:

VBoxManage modifyvm "VM name" --spec-ctrl on
--spec-ctrl on|off: Enables and disables the exposure of speculation control interfaces
to the guest, provided they are available on the host. Depending on the host CPU and
workload, enabling speculation control may significantly reduce performance
camvirt
Posts: 41
Joined: 25. Mar 2019, 01:14

Re: RETBleed attack warning

Post by camvirt »

Thanks, that corrected the message from appearing.

Why would that not be the default ?
fth0
Volunteer
Posts: 5635
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: RETBleed attack warning

Post by fth0 »

camvirt wrote:Why would that not be the default ?
The answer was already given in the quote from the VirtualBox User Manual by scottgus1.
camvirt
Posts: 41
Joined: 25. Mar 2019, 01:14

Re: RETBleed attack warning

Post by camvirt »

That does not answer my question.

Why is it not the default for security? If the system is slow then a pop up could notify the user. I find with it enabled that my guest run faster.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: RETBleed attack warning

Post by mpack »

camvirt wrote:Why is it not the default for security?
None of us here are devs, so we can't really answer dev policy questions. However I can think of several possible answers.

(1) Paranoia about malware is not universal, especially in VMs, part of whose purpose can be to provide an isolated environment that we don't really care about.

(2) It is common practice in software when introducing an onerous new feature is to make selectable, and default to previous behaviour.

(3) Perhaps they didn't want a permanent penalty for a temporary problem, i.e. an entirely theoretical risk that would be gone in the next generation of processors.
fth0
Volunteer
Posts: 5635
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: RETBleed attack warning

Post by fth0 »

camvirt wrote:Why is it not the default for security?
In addition to what mpack wrote, many users prefer performance over security. Unfortunately, that's especially true in the business world IMHO.
camvirt wrote:If the system is slow then a pop up could notify the user.
That's not possible, because there is no generally accepted definition of slowness.
camvirt wrote:I find with it enabled that my guest run faster.
Well, then you should let VirtualBox provide the speculation control interfaces to your VM. AFAIU, the performance penalty is high when using many transitions between user space and kernel space, and when using I/O-bound workloads.
Post Reply