Re: [PATCH] x86/pti: don't report XenPV as vulnerable

From: Jiri Kosina
Date: Fri Jun 15 2018 - 02:39:10 EST

Next message: Anders Roxell: "Re: [PATCH] selftests: bpf: config: add config fragments"
Previous message: Takashi Iwai: "[GIT PULL] sound fixes for 4.18-rc1"
In reply to: Juergen Gross: "Re: [PATCH] x86/pti: don't report XenPV as vulnerable"
Next in thread: Juergen Gross: "Re: [PATCH] x86/pti: don't report XenPV as vulnerable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 15 Jun 2018, Juergen Gross wrote:

> Why? PTI has to be disabled in PV guests as it can't work there due to
> missing paravirtualization of the PTI feature (mov to/from %cr3).
>
> The Xen meltdown mitigation ("XPTI") for 64-bit pv guests is primarily
> securing the hypervisor against meltdown attacks of the guest. The guest
> itself can't do anything in this regard in 64-bit mode, as user and
> kernel code are already using different %cr3 values even without PTI.

That I know. Then I am probably dense today, but could you please again
explain what you meant by this in your first reply:

"This is wrong for [ ... ] for 64-bit, too, in case the mitigation is
disabled at hypervisor level."

--
Jiri Kosina
SUSE Labs

Next message: Anders Roxell: "Re: [PATCH] selftests: bpf: config: add config fragments"
Previous message: Takashi Iwai: "[GIT PULL] sound fixes for 4.18-rc1"
In reply to: Juergen Gross: "Re: [PATCH] x86/pti: don't report XenPV as vulnerable"
Next in thread: Juergen Gross: "Re: [PATCH] x86/pti: don't report XenPV as vulnerable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]